File using up massive amounts of memory- Moved by MURF

kuzzz · #1 November 9th, 2018, 04:09 AM

I've noticed my machine running real slow and when I look in processes I find this file using up gobs of memory. dllhost.exe COM Surrogate. When I stop the process my machine is back to normal but it keeps coming back. Do you know anything about this file and how to get rid of it permanently?

Thanks
kuzzz

**smurfy** · #2 November 9th, 2018, 08:21 AM

This is (usually) a pretty important Windows process that allows other applications to run properly.
It is likely a 3rd party app is causing the excessive memory use, but in order to diagnose which one, Microsoft task manager alone isn't up to the job.
Resource monitor may help but ideally you should use Process Explorer which can be downloaded for free from Microsoft here.

It could also be a case of a malware infection, but let's consider the more benign first before referring you to malware removal.

kuzzz · #3 November 11th, 2018, 01:53 AM

I have downloaded Process Explorer I'm not sure how to use it. I found the file dllhost.exe but I don't know how to find out what app is using it.

kuzzz

**smurfy** · #4 November 12th, 2018, 01:25 AM

My PE view is somewhat customised but you should be able to find the dllhost.exe process(es) in the tree and hover your mouse over it as shown below.
Use View>Select columns to add more informative details on memory and commandline if you need to.
Make sure the lower pane is set to show DLL in the view menu.

In my case, I can see it is Windows Thumbnail Cache dll running (but obviously not causing any issues).

kuzzz · #5 November 13th, 2018, 03:04 AM

Mine show 2 instances of it
dllhost.exe dllhost.exe 2,788 K 7,692 K 3996 C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{30D49246-D217-465F-B00B-AC9DDD652EB7} COM Surrogate Microsoft Corporation

dllhost.exe dllhost.exe < 0.01 6,848 K 9,708 K 4056 C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{3EB3C877-1F16-487C-9050-104DBCD66683} COM Surrogate Microsoft Corporation

But it still doesn't tell me why it would be using up so much memory and slowing down my pc to almost a stand still.

kuzzz

**Murf** · #6 November 13th, 2018, 03:37 AM

May be related. Change the folder view from "medium icons" to list, or whatever icon view you have. The problem may be missing thumbnails and Windows is trying to recreate them (unsuccessfully), which can really slow a pc down.

But maybe a virus that has infected the dllhost.exe file. Let me move this over to our malware forum, not many folks left but maybe they can at least see if your system is clean.

I will PM them and let them know.

olgun52 · #7 November 13th, 2018, 04:56 PM

Hello kuzzz.

Could you please send Farbar scan logs. Let's check.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Have a nice day.

kuzzz · #8 November 20th, 2018, 03:29 AM

thank you Murf

kuzzz · #9 November 20th, 2018, 03:33 AM

ok I'll download now

thanks
kuzzz

kuzzz · #10 November 20th, 2018, 03:46 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by Dodi's (19-11-2018 18:39:17)
Running from C:\Users\Dodi's\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-11-26 08:36:00)
Boot Mode: Normal
================================================== ========

==================== Accounts: =============================

Administrator (S-1-5-21-1448708669-323945309-3416342945-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1448708669-323945309-3416342945-1004 - Limited - Enabled)
Dodi's (S-1-5-21-1448708669-323945309-3416342945-1000 - Administrator - Enabled) => C:\Users\Dodi's
Guest (S-1-5-21-1448708669-323945309-3416342945-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1448708669-323945309-3416342945-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Aloha TriPeaks (HKLM-x32\...\d9e0347a174c85c717eacebc782fcd1a) (Version: - GameHouse)
AMD Catalyst Install Manager (HKLM\...\{8DF1EF50-AEB6-902C-F68C-4683C45784E6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ancient Tri-Jong (HKLM-x32\...\caeb61a9ee8895f7876154ba86710000) (Version: - GameHouse)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.8.0 - SlySoft)
AOMEI Partition Assistant Standard Edition 7.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Aquascapes (HKLM-x32\...\b32ae1a3dbfdbaf5908a032db06a9928) (Version: - GameHouse)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bejeweled 2 (HKLM-x32\...\3ea28c6fb49f41721579cf714eb5b3e0) (Version: - GameHouse)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version: - PopCap Games)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Blackweb Gaming AP version 1.1 (1.0.5.5) (HKLM-x32\...\Blackweb Gaming AP_is1) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - *Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Chainz (HKLM-x32\...\831b17a8ead43ad7792be2d8d0f69bd2) (Version: - GameHouse)
Chuzzle Deluxe (HKLM-x32\...\58784f1223d67051104b998cf3727128) (Version: - GameHouse)
ConvertMovie 3.0 (HKLM-x32\...\ConvertMovie 3.0) (Version: 3.0 - MOVAVI)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.100.0000 - Corel Corporation)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel Painter Photo Essentials 4 (HKLM-x32\...\_{707EB912-C597-49D8-9460-46CC9AB03EBE}) (Version: - Corel Corporation)
Corel Painter Photo Essentials 4 (HKLM-x32\...\{707EB912-C597-49D8-9460-46CC9AB03EBE}) (Version: 4.0 - Corel Corporation) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Data Recovery Wizard 9.5 (HKLM\...\EaseUS Data Recovery Wizard 9.5_is1) (Version: - EaseUS)
Easy Photo Scan (HKLM-x32\...\{2D76CB3C-AC17-4143-891E-F4C3BCDC78B6}) (Version: 1.00.0001 - Seiko Epson Corporation)
EasySaver B9.0904.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
EditPad Lite 7.3.8 (HKLM\...\EditPad Lite) (Version: 7.3.8 - Just Great Software)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
EULAlyzer 2.2 (HKLM-x32\...\EULAlyzer_is1) (Version: 2.2.0 - BrightFort LLC)
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: - NCH Software)
Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software)
Firestorm SecondLife and OpenSim viewer (HKLM\...\{D033BB2F-B227-4577-848F-E9D82D9BFF8A}) (Version: 4.7.50527 - The Phoenix Firestorm Project, Inc.) Hidden
Firestorm-Releasex64 (HKLM\...\Firestorm-Releasex64) (Version: 5.0.11.53634 - The Phoenix Firestorm Project, Inc.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.2 - Ellora Assets Corporation)
Fresco Logic USB3.0 Host Controller (HKLM\...\{9F52965F-86A7-4019-AC19-020203808BC1}) (Version: 3.5.106.0 - Fresco Logic Inc.)
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 3.1 - Gadwin Systems, Inc.)
GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Glary Utilities 5.109 (HKLM-x32\...\Glary Utilities 5) (Version: 5.109.0.134 - Glarysoft Ltd)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Hoyle Board Games (HKLM-x32\...\Hoyle Board Games) (Version: - )
HWiNFO64 Version 5.88 (HKLM\...\HWiNFO64_is1) (Version: 5.88 - Martin Malík - REALiX)
Intel(R) Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel(R) Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
JongPuzzle (HKLM-x32\...\JongPuzzle) (Version: - )
LAV Filters 0.51.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.51.3 - Hendrik Leppkes)
Mah Jong Quest (HKLM-x32\...\9fb83c04070e0b7da7fc6379b8f9b7a8) (Version: - GameHouse)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Picture It! Express 7.0 (HKLM-x32\...\{369B36BE-3D64-4641-9AEA-808D436FE130}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version: - )
MiniTool Partition Wizard Free 10.2.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mirror Magic (HKLM-x32\...\99c826bd5d75b31bf97605e630e90c63) (Version: - GameHouse)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla)
Mozilla Thunderbird 60.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.3.0 (x86 en-US)) (Version: 60.3.0 - Mozilla)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
Norton Security (HKLM-x32\...\NGC) (Version: 22.16.2.22 - Symantec Corporation)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Online Games Manager v1.50 (HKLM-x32\...\Online Games Manager) (Version: 1.50.4 - Real Networks, Inc.)
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Poker Pop (HKLM-x32\...\f65a6c964f66337c992be2ad09ac0aa6) (Version: - GameHouse)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{E07D7C7B-F424-4EEF-BA17-B2C32BD1C107}) (Version: 4.3.0 - SEIKO EPSON CORPORATION)
Sothink Free Movie DVD Maker 1.0.0.0 (25/11/2015) (HKLM-x32\...\Sothink Free Movie DVD Maker_is1) (Version: - Zhang Qingming)
Sothink Video Converter (HKLM-x32\...\{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1) (Version: 3.6 - SourceTec Software Co., LTD)
Super GameHouse Solitaire Volume 2 (HKLM-x32\...\21a7f2af35682a3eac0e09d98a43aa87) (Version: - GameHouse)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 42.06.03 - En Masse Entertainment)
The Print Shop 23.1 (HKLM-x32\...\{0C8C6F56-41FA-44F6-8107-DCFAA7EFD601}) (Version: 23.1.11 - Broderbund Software)
TheSage (HKLM-x32\...\TheSage) (Version: 1.4.0 - Sequence Publishing)
Top Ten Solitaire (HKLM-x32\...\BFG-Top Ten Solitaire) (Version: - )
Tri-Peaks Solitaire To Go (HKLM-x32\...\67ad0e4bbdd119cf8eeca1ca7ead3fc1) (Version: - GameHouse)
Trivia Machine (HKLM-x32\...\c0dcc6fe1ff1e7ce21ee041ba17f4351) (Version: - GameHouse)
Tropix (HKLM-x32\...\74d77819a1ea8767ae8dd307637749a2) (Version: - GameHouse)
Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04.1-rev273 - Ubuntu)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.33 - NCH Software)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46 ) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2 ) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Zoom (HKU\S-1-5-21-1448708669-323945309-3416342945-1000\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-07-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\buShell.dll [2018-11-03] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\NavShExt.dll [2018-11-03] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime -> No File <==== ATTENTION
Task: {07A7D6A4-06B2-437E-AA89-578133117BCA} - \{6A63DF07-AD38-4C28-97E3-7F3CF70C383E} -> No File <==== ATTENTION
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {0AEF1FEE-C9A7-4D0E-82D1-4D3FC567AC06} - \Microfast_LogOn -> No File <==== ATTENTION
Task: {0F19A080-3492-4772-B2F3-292B6EFBC2C8} - \{FFD70A7F-ACCB-4719-A351-0349BA83F5F1} -> No File <==== ATTENTION
Task: {1069B48C-4980-4F0B-9048-F8AAB650CC16} - \{E943DD1B-8C0E-4271-8F0F-89FA2887C16D} -> No File <==== ATTENTION
Task: {1404670B-86F1-439B-A8FF-8460774C0A15} - \GarminUpdaterTask -> No File <==== ATTENTION
Task: {19D1D4DF-E129-4705-90C0-1BB502858969} - \GU5SkipUAC -> No File <==== ATTENTION
Task: {1E42170C-F264-401B-9A2E-89D274CC19BE} - \{0844D64B-2CAA-4F7B-AC2D-1D66AF769293} -> No File <==== ATTENTION
Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive -> No File <==== ATTENTION
Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService -> No File <==== ATTENTION
Task: {25115677-C08B-4509-9B0A-6C55A4E8C27E} - \Microfast_Daily -> No File <==== ATTENTION
Task: {25286D0C-D7DA-448F-AB13-FEB5CDC4CE93} - \{46337A3E-36D6-4191-B8FC-89B0B59E720C} -> No File <==== ATTENTION
Task: {256CA376-8E8D-4C95-9B45-148DBD715A8A} - \Microsoft\Windows\Wininet\CacheTask -> No File <==== ATTENTION
Task: {25CAD4AF-D7BF-400E-8249-2092EA19C81E} - \{18093C1E-FA09-4256-8FA6-BE0BBAC6028B} -> No File <==== ATTENTION
Task: {27C4EB88-2B2B-43BC-A288-B6795750BA2B} - \{0E16EE80-C450-461F-B2AC-2C21308145D7} -> No File <==== ATTENTION
Task: {28011108-68DF-4C73-B91B-57427D501BBA} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) -> No File <==== ATTENTION
Task: {290424EE-1EE1-4962-B42B-07642E4D5D84} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {2B719A43-E6BD-4754-88F0-FF8AB117136F} - \{DA43DC7E-6510-4279-9D59-68D0B48AF1FE} -> No File <==== ATTENTION
Task: {2CB288FE-2A30-4785-A30E-45CE1D05E3B1} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {2CF16334-3A51-4319-8570-50E395D00CB4} - \Remediation\AntimalwareMigrationTask -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotificatio n -> No File <==== ATTENTION
Task: {36104896-F4A6-41E0-A9B5-ED1BB8D11832} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
Task: {37074C8A-0A84-4879-89E5-CE9BE446AF89} - \{EE61E5FD-C6E3-4DED-9210-9DDAB2794039} -> No File <==== ATTENTION
Task: {39DDEE03-74DF-44B4-8AD0-74CA04A6D451} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {3E6CCC59-7466-418C-AE9D-89BCB23A7795} - \{C5E2AAA3-DF26-4687-ABA8-E83773E6F2A2} -> No File <==== ATTENTION
Task: {40701FC9-89E7-4515-BAE7-F1C862673338} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2018-11-11] (Glarysoft Ltd)
Task: {420C72F7-26C8-46F8-BD8C-D5C15AC551C8} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {43C5A97B-E2EE-48AC-A8C3-8B48B0C6EC8C} - System32\Tasks\Norton Security with Backup\Norton Security with Backup Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {4543A56A-960C-4903-8C66-F2B0F6A3BABC} - \NCH Swift Sound\expressburnShakeIcon -> No File <==== ATTENTION
Task: {464BC0A1-7880-4EB9-84D6-8A8ABDF54657} - \{81C1E6AD-D574-4BA9-AF18-829B00D13AAE} -> No File <==== ATTENTION
Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMi gration -> No File <==== ATTENTION
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMoni tor -> No File <==== ATTENTION
Task: {59E15675-B806-4ADB-9D56-7D8A6AD9D001} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {5BCE22D8-AE05-4922-AA51-EF16418C9818} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - \Microsoft\Windows\Defrag\ScheduledDefrag -> No File <==== ATTENTION
Task: {5C30A767-9CB7-48FA-B8BE-94228CC5706A} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - \Microsoft\Windows\CertificateServicesClient\Syste mTask -> No File <==== ATTENTION
Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) -> No File <==== ATTENTION
Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask -> No File <==== ATTENTION
Task: {6C553EDD-6666-49EA-81FD-F88505257E48} - \{FB8360C3-B6FA-43EB-ACBA-4E21D95908DD} -> No File <==== ATTENTION
Task: {715FC70E-8160-4CA0-B979-B5296E94B8FC} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver -> No File <==== ATTENTION
Task: {724DCF8A-DBBE-4E84-9651-CAE4DE0F5E3E} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - \Microsoft\Windows\AppID\VerifiedPublisherCertStor eCheck -> No File <==== ATTENTION
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> No File <==== ATTENTION
Task: {7630734D-7D2C-4BBB-96F9-84303F9F8694} - \{B91172FD-CA38-4380-8712-5F507910EF8A} -> No File <==== ATTENTION
Task: {775C3383-1395-4905-803F-0510EDF5BF41} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector -> No File <==== ATTENTION
Task: {794C0FEB-B41B-4C88-A07C-0B5ED184365D} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - \Microsoft\Windows\CertificateServicesClient\UserT ask -> No File <==== ATTENTION
Task: {7BE5A07E-1900-4615-805E-068D18F1688E} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo -> No File <==== ATTENTION
Task: {85E3CEFA-0789-46D6-BC2C-6AAF2EFC69C0} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {89B96F87-6427-412B-A1D8-6226F02CB8F4} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
Task: {8B71E293-842F-4442-BBAC-CA56DEFC559D} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {9137A693-E53E-4790-AC0E-BD2A1A905788} - \{901B6470-AB4A-4645-92B8-FCC438C39928} -> No File <==== ATTENTION
Task: {93E065C4-DE1E-4AE0-98C6-EEFE74516A3F} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost -> No File <==== ATTENTION
Task: {95017125-A862-47E8-B6CF-2EB0F5BE7AA4} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {978B0363-CB7D-46C3-971F-BCB99F62C5EA} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR -> No File <==== ATTENTION
Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - \Microsoft\Windows\CertificateServicesClient\UserT ask-Roam -> No File <==== ATTENTION
Task: {9A29CD70-763E-42E4-A376-61419D3CFC2E} - \{C8180D84-7F2E-4530-9F64-58CF6EA79A8A} -> No File <==== ATTENTION
Task: {9ED2D6C4-5DC1-4025-A8FC-3B72BCAC41F4} - \{8D1BC1C9-41A0-43B9-A906-3D5F5FADDB5C} -> No File <==== ATTENTION
Task: {A0130253-0F48-4B45-BB1A-482571892186} - System32\Tasks\Norton Security with Backup\Norton Security with Backup Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\SymErr.exe [2018-11-03] (Symantec Corporation)
Task: {A0C88055-34FF-4BA7-A431-50C2C41E926E} - \Microsoft\Windows\Offline Files\Logon Synchronization -> No File <==== ATTENTION
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader -> No File <==== ATTENTION
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - \Microsoft\Windows\AppID\PolicyConverter -> No File <==== ATTENTION
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - \Microsoft\Windows\Location\Notifications -> No File <==== ATTENTION
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {AA83DE6A-DEB7-4EB5-8C0E-B3E4A4F2146E} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager -> No File <==== ATTENTION
Task: {AD6C2096-768E-4C1E-92EE-9DB7D133B0D5} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurve yor -> No File <==== ATTENTION
Task: {B20E9254-39C4-46F7-9694-28B5A6E55DBA} - \{12DDAC5F-67F6-4F49-AA07-961BBFBED07C} -> No File <==== ATTENTION
Task: {B37E1428-1811-40E4-AB54-BF5AF8EAE01B} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
Task: {B76904BA-2B42-4F56-BFB2-8F2EA8B7CEFA} - \{5658B426-B035-4EAA-B7D8-1908942CF100} -> No File <==== ATTENTION
Task: {B7EAC58B-516E-4E9B-B7DE-11A939D66138} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - \Microsoft\Windows\Diagnosis\Scheduled -> No File <==== ATTENTION
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION
Task: {C44A232A-F234-4F26-B0A7-44CB94DBBA1D} - \{93AC9CFC-90AA-4F43-8308-7CE57FDC05D4} -> No File <==== ATTENTION
Task: {C64085A8-6C7E-40AD-8848-E8230B192104} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup -> No File <==== ATTENTION
Task: {CAF19895-BB0C-4968-B734-BF1152F0CB03} - \Adobe Flash Player NPAPI Notifier -> No File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistan ceTask -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDete ctor -> No File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting -> No File <==== ATTENTION
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - \Microsoft\Windows\Autochk\Proxy -> No File <==== ATTENTION
Task: {D9A3A411-C3E9-4152-B2D2-C9A5086A6E9F} - \Microsoft\Windows\Offline Files\Background Synchronization -> No File <==== ATTENTION
Task: {DA41DE71-8431-42FB-9DB0-EB64A961DEAD} - \Microsoft\Windows\Maintenance\WinSAT -> No File <==== ATTENTION
Task: {DDA58BFF-AB5E-4BDD-96C1-247AC9911471} - \Microsoft\Windows\Media Center\PeriodicScanRetry -> No File <==== ATTENTION
Task: {E0DF1605-B4BE-403E-AEC2-2BE082C64AAE} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange -> No File <==== ATTENTION
Task: {E25FDC01-57CE-4B67-BAFB-1CBBB2674D47} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask -> No File <==== ATTENTION
Task: {E65AA424-C97E-4D12-A6E2-86192DDF9115} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {E736E4C5-73F3-456D-AADD-0FF40F50AF96} - \{8AE2DEE4-5CB3-4066-9A49-65DEB998820F} -> No File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {EADF975F-0A68-41EA-B96B-8C8C27839A42} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {F1975A69-7E40-45B1-AE7B-1D7882A38A29} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
Task: {F1E838E0-A6B3-474E-B4AF-0BCDBC6D2F22} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
Task: {F3B30D71-2B39-4789-8AFF-1898BB47B978} - \Microsoft\Windows\Media Center\RecordingRestart -> No File <==== ATTENTION
Task: {F4AE92F8-25F1-40C6-900F-20F08AB375BC} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionF ailureDetector -> No File <==== ATTENTION
Task: {FAFE4E4A-0478-474B-977B-83A7392BA508} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\WSCStub.exe [2018-11-03] (Symantec Corporation)
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem -> No File <==== ATTENTION
Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

kuzzz · #11 November 20th, 2018, 03:47 AM

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-01-08 05:01 - 2009-08-24 14:38 - 000068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2007-06-05 12:20 - 2007-06-05 12:20 - 000177704 ____N () C:\Windows\SysWOW64\PSIService.exe
2018-01-11 01:22 - 2018-09-24 12:06 - 000204272 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2014-09-29 16:51 - 2014-09-29 16:51 - 000074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2015-01-08 05:01 - 2009-03-13 11:30 - 000109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2018-11-11 18:36 - 2018-11-11 18:36 - 000086992 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:036B81D9 [184]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:58515F92 [262]
AlternateDataStreams: C:\ProgramData\TEMP:72F57408 [129]
AlternateDataStreams: C:\ProgramData\TEMP:743A8968 [98]
AlternateDataStreams: C:\ProgramData\TEMP:84098FD3 [268]
AlternateDataStreams: C:\ProgramData\TEMP:98BBF151 [118]
AlternateDataStreams: C:\ProgramData\TEMP:EA75C0D4 [145]
AlternateDataStreams: C:\ProgramData\TEMP:EFE756E0 [117]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1448708669-323945309-3416342945-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dodi's\AppData\Roaming\Microsoft\Windows\ Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk => C:\Windows\pss\Event Reminder.lnk.CommonStartup
MSCONFIG\startupreg: AnyDVD => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: MalTray => C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe /autorun
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: SmileboxTray => "C:\Users\Dodi's\AppData\Roaming\Smilebox\Smilebox Tray.exe"
MSCONFIG\startupreg: STCAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{09397FAC-C4C4-4E23-B0B4-B4587D3D38F7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DCEC370D-36AA-4A8B-9232-4A7B3F66275B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{CA1D03EF-9F50-4F77-AD59-3D3A7FDB683C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FCC69B8A-6DF4-4A07-91A8-D5D658A381A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{13BF3F26-2FF9-4593-8415-2932AE657202}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{51255C1C-027E-45AE-821B-76D72A46E116}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{9F6CE4A7-E6F1-4EB7-B5B4-02AB1B217682}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{292F1075-36CB-4747-B277-BC70D9292C5E}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{D715E9E6-64E9-478D-91D0-6EEB0D536283}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binari es\TERA.exe
FirewallRules: [{8BD9ACF9-3F03-43B3-AE4E-D6C30F9C2D8C}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binari es\TERA.exe
FirewallRules: [{080FDC40-5D4A-4B2D-A620-03E066022480}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{584DA3A7-502D-4DA7-B9AF-7F7F11903181}] => (Allow) LPort=2869
FirewallRules: [{AFC6DDF7-F70A-4796-9C4D-3CD2072ABB32}] => (Allow) LPort=1900
FirewallRules: [{D6E2C2AB-0C72-44BD-B090-C622149CB17E}] => (Allow) C:\Users\Dodi's\AppData\Local\Chromium\Application \chrome.exe
FirewallRules: [{8641D56D-2703-48CC-9998-4430FC954007}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B40A9FFA-EC09-478A-B712-1D8811D2F364}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{77C9352B-2209-40B3-9A9A-A267F982DFBE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FAA52AB2-137C-4F93-B85F-02AF7092395A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{7CAEB7D9-A930-4D08-BCFE-8D0DFB7E84A0}] => (Allow) c:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{06FDBC74-E560-4915-96E7-D61659BB62BD}] => (Allow) c:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{33D326A7-E7A2-4E46-9DD8-37BF78E010A1}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{6F364F9C-DF55-438C-8134-3E5AF4141C6F}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [{4795E02A-7E96-4174-A785-8B72CA1716B1}] => (Allow) N:\TERA\TERA-Launcher.exe
FirewallRules: [{D4B55695-D4DB-49D6-AE0F-3E521CAC82DD}] => (Allow) N:\TERA\TERA-Launcher.exe
FirewallRules: [{5943D6DE-6D4F-4B8B-9124-0894D0C4C6A5}] => (Allow) N:\TERA\TERA-Launcher.exe
FirewallRules: [{CB4021CC-9EFA-4E0B-8DB4-465B3D43B3D9}] => (Allow) N:\TERA\TERA-Launcher.exe
FirewallRules: [{FE2C1D99-BF3D-4035-ABA2-E15A67B50C94}] => (Allow) N:\TERA\Client\TERA.exe
FirewallRules: [{E8FF00F2-AE8B-4AEC-A672-D3BFA65CA8F9}] => (Allow) N:\TERA\Client\TERA.exe
FirewallRules: [{2608B79A-BA31-48D1-9377-DD8E30F9CCBA}] => (Allow) N:\TERA\Client\TERA.exe
FirewallRules: [{2E4B8022-3A7F-4EA3-ACAD-426DFC0207E8}] => (Allow) N:\TERA\Client\TERA.exe
FirewallRules: [{0DCA415F-4486-474F-A0F6-3735DDCA197C}] => (Allow) N:\TERA\Client\TL.exe
FirewallRules: [{D213BDCB-6FF1-4BAE-8D7C-442A87A44752}] => (Allow) N:\TERA\Client\TL.exe
FirewallRules: [{712A6198-43E6-43CB-AFAD-CDF94CBE38CA}] => (Allow) N:\TERA\Client\TL.exe
FirewallRules: [{87E42367-BD92-48E8-B3E2-0D2AD3E62571}] => (Allow) N:\TERA\Client\TL.exe
FirewallRules: [{A06A55CF-2DEB-41B8-A96D-7CCC12EDE57F}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{17B2EE62-AFAC-4CD8-A4E3-7CFB18795594}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{259D7DD1-E2EC-4A3D-9FBB-8FE1A488174F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{76705AAF-EA7B-4008-8735-06A35EEC5662}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{3B518D2D-124D-40A2-B659-3798B8C85BB4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C2C6B55D-25BA-4356-8041-A284F785DEB2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{95E405D9-0061-4299-9A84-05FAFA8C2168}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{FC331801-27C7-4FAA-96A8-2760903B291E}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [{E9C54967-F26B-4FF3-B80A-AC7F3FF26B39}] => (Allow) C:\Users\Dodi's\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{AFA87440-2116-45E0-911C-9BD33D157520}] => (Allow) C:\Users\Dodi's\AppData\Roaming\Zoom\bin\airhost.e xe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2018 09:39:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2018 09:29:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2018 09:19:49 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x80070008)

Error: (11/18/2018 01:48:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Corel Painter Photo Essentials.exe version 4.0.0.100 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17a4

Start Time: 01d47f884f1dd26c

Termination Time: 10

Application Path: C:\Program Files (x86)\Corel\Corel Painter Photo Essentials 4\Corel Painter Photo Essentials.exe

Report Id: 9db7031a-eb7b-11e8-bad9-74d435fad756

Error: (11/16/2018 01:58:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/09/2018 03:07:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/05/2018 01:25:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/05/2018 01:14:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (11/18/2018 09:38:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Nero BackItUp Scheduler 4.0 service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/18/2018 09:28:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/18/2018 09:28:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/18/2018 09:28:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/18/2018 09:28:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/18/2018 09:28:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/18/2018 09:28:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/18/2018 09:28:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

CodeIntegrity:
===================================

Date: 2018-03-30 15:16:18.836
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\G UBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-30 15:16:18.820
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\G UBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-28 11:42:55.586
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\G UBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-28 11:42:55.571
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\G UBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-27 20:32:16.884
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\G UBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-27 20:32:16.869
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\G UBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-26 19:19:56.370
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\G UBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-26 19:19:56.338
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\G UBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q9650 @ 3.00GHz
Percentage of memory in use: 27%
Total physical RAM: 8190.49 MB
Available physical RAM: 5923.3 MB
Total Virtual: 16379.17 MB
Available Virtual: 13971.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:1712.09 GB) NTFS
Drive g: (STORAGE) (Fixed) (Total:507.09 GB) (Free:234.36 GB) NTFS
Drive h: (RESEARCH) (Fixed) (Total:501.72 GB) (Free:57.23 GB) NTFS
Drive i: (RESEARCH 3) (Fixed) (Total:500.12 GB) (Free:203.09 GB) NTFS
Drive j: (RESEARCH 2) (Fixed) (Total:354.08 GB) (Free:134.83 GB) NTFS
Drive k: (BELLY DANCE) (Fixed) (Total:501.75 GB) (Free:119.71 GB) NTFS
Drive l: (BELLY DANCE 2) (Fixed) (Total:364.39 GB) (Free:107.33 GB) NTFS
Drive m: (RESEARCH 4) (Fixed) (Total:231.76 GB) (Free:151.56 GB) NTFS
Drive n: (HEALTH) (Fixed) (Total:483.8 GB) (Free:104.84 GB) NTFS
Drive o: (STORAGE 2) (Fixed) (Total:281.32 GB) (Free:50.37 GB) NTFS

\\?\Volume{cfb0bf87-75c1-11e4-8335-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 2883B491)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

================================================== ======
Disk: 1 (Size: 1863 GB) (Disk ID: A0F3CF72)
Partition 1: (Active) - (Size=501.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1361.3 GB) - (Type=0F Extended)

================================================== ======
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 50914FB8)
Partition 1: (Active) - (Size=507.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1355.9 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================

kuzzz · #12 November 20th, 2018, 03:48 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.11.2018
Ran by Dodi's (administrator) on DODIS-PC (19-11-2018 18:38:31)
Running from C:\Users\Dodi's\Desktop
Loaded Profiles: Dodi's (Available Profiles: Dodi's)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(GameHouse) C:\Program Files (x86)\GameHouse Games\aminstantservice.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Gadwin Systems, Inc.) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Acrox) C:\Program Files (x86)\Blackweb Gaming AP\Blackweb Gaming AP.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\NortonSecurity.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\NortonSecurity.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11858536 2011-06-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Blackweb Gaming AP] => C:\Program Files (x86)\Blackweb Gaming AP\Blackweb Gaming AP.exe [4411904 2016-12-28] (Acrox)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [57000 2014-07-01] (Windows (R) Win 7 DDK provider)
HKU\S-1-5-21-1448708669-323945309-3416342945-1000\...\Run: [Gadwin PrintScreen 3.1] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1073152 2005-09-26] (Gadwin Systems, Inc.)
HKU\S-1-5-21-1448708669-323945309-3416342945-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1448708669-323945309-3416342945-1000\...\MountPoints2: P - P:\LaunchU3.exe -a
HKU\S-1-5-21-1448708669-323945309-3416342945-1000\...\MountPoints2: {2655fc3f-12fb-11e8-bdb9-74d435fad756} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1448708669-323945309-3416342945-1000\...\MountPoints2: {5a449b2c-9818-11e4-a2ef-74d435fad756} - O:\LaunchU3.exe
HKU\S-1-5-21-1448708669-323945309-3416342945-1000\...\MountPoints2: {60b81029-a526-11e8-bbc0-74d435fad756} - F:\INSTALL_ADB_RNDIS.exe
HKU\S-1-5-21-1448708669-323945309-3416342945-1000\...\MountPoints2: {6b4e4aa6-0d2c-11e8-b770-74d435fad756} - F:\TLBootstrap_WPP.exe
HKU\S-1-5-21-1448708669-323945309-3416342945-1000\...\MountPoints2: {cfb0bf8c-75c1-11e4-8335-806e6f6e6963} - E:\ASRSetup.exe
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin Ltd. or its subsidiaries)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{337C0C30-71FB-40F0-A278-B607A7025D9E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{825342CC-9218-4715-9895-9509D1C8C781}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1448708669-323945309-3416342945-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1448708669-323945309-3416342945-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-1448708669-323945309-3416342945-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=OTH&chn=1 000&geo=US&ver=22.16.0.247&locale=en_US&guid=17D0C CAD-B61B-496F-BFEB-0346D53466F7&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1448708669-323945309-3416342945-1000 -> {D031C66A-A96E-40a8-BAE9-D4F0FF1E019A} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3F cx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-22] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine32\22.16.2.22\coIEPlg.dll [2018-11-03] (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)

FireFox:
========
FF DefaultProfile: 9d6byt1y.default-1538116312109
FF ProfilePath: C:\Users\Dodi's\AppData\Roaming\Mozilla\Firefox\Pr ofiles\9d6byt1y.default-1538116312109 [2018-11-19]
FF Homepage: Mozilla\Firefox\Profiles\9d6byt1y.default-1538116312109 -> hxxps://www.startpage.com/eng/?hbp=1#hmb
FF Extension: (Norton Password Manager) - C:\Users\Dodi's\AppData\Roaming\Mozilla\Firefox\Pr ofiles\9d6byt1y.default-1538116312109\Extensions\idsafe@norton.com.xpi [2018-10-10]
FF Extension: (AdBlock) - C:\Users\Dodi's\AppData\Roaming\Mozilla\Firefox\Pr ofiles\9d6byt1y.default-1538116312109\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-10-10]
FF Extension: (clean-youtube) - C:\Users\Dodi's\AppData\Roaming\Mozilla\Firefox\Pr ofiles\9d6byt1y.default-1538116312109\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2018-09-27]
FF Extension: (Download Facebook Video or Photo) - C:\Users\Dodi's\AppData\Roaming\Mozilla\Firefox\Pr ofiles\9d6byt1y.default-1538116312109\Extensions\{059befdf-8453-432b-b308-13347f60e482}.xpi [2018-09-27]
FF Extension: (Adblock Plus) - C:\Users\Dodi's\AppData\Roaming\Mozilla\Firefox\Pr ofiles\9d6byt1y.default-1538116312109\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-15]
FF Extension: (Firefox Monitor) - C:\Users\Dodi's\AppData\Roaming\Mozilla\Firefox\Pr ofiles\9d6byt1y.default-1538116312109\features\{316793aa-618d-4849-a976-493cea35d527}\fxmonitor@mozilla.org.xpi [2018-11-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_ 122.dll [2018-10-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_ 122.dll [2018-10-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204 .dll [2018-06-06] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1 .dll [2018-07-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1448708669-323945309-3416342945-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Dodi's\AppData\Roaming\Zoom\bin\npzoomplu gin.dll [2018-11-08] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\Freem akeUtilsService.exe [73200 2018-09-24] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2018-09-24] (Ellora Assets Corp.) [File not signed]
R2 NortonSecurity; C:\Program Files (x86)\Norton Security with Backup\Engine\22.16.2.22\NortonSecurity.exe [328648 2018-11-03] (Symantec Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [582544 2016-07-13] (RealNetworks, Inc.)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\as pnet_state.exe [X]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]

kuzzz · #13 November 20th, 2018, 03:49 AM

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [35760 2017-02-28] ()
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\Definitions\BASHDefs\2 0181113.001\BHDrvx64.sys [1925104 2018-09-17] (Symantec Corporation)
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1610020.016\ccS etx64.sys [189120 2018-11-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515568 2018-10-02] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153280 2018-11-18] (Symantec Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77992 2014-07-01] (Fresco Logic)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [28936 2018-11-15] (Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [55960 2018-09-07] (REALiX(tm))
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\Definitions\IPSDefs\20 181119.061\IDSvia64.sys [1305072 2018-10-08] (Symantec Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1610020.016\SRT SP64.SYS [847344 2018-11-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1610020.016\SRT SPX64.SYS [49648 2018-11-03] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2012-06-27] (MCCI Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1610020.016\SYM EFASI64.SYS [1969328 2018-11-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99920 2018-06-24] (Symantec Corporation)
S4 SymEvnt; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\SymPlatform\SymEvnt.sy s [114352 2018-10-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1610020.016\Iro nx64.SYS [308416 2018-11-03] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1610020.016\sym nets.sys [567024 2018-11-03] (Symantec Corporation)
S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1610020.016\wpC trlDrv.sys [1011056 2018-11-03] (Symantec Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\Definitions\SDSDefs\20 161020.020\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.0.50\Definitions\SDSDefs\20 161020.020\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-19 18:38 - 2018-11-19 18:39 - 000017907 _____ C:\Users\Dodi's\Desktop\FRST.txt
2018-11-19 18:37 - 2018-11-19 18:38 - 000000000 ____D C:\FRST
2018-11-19 18:33 - 2018-11-19 18:33 - 002416128 _____ (Farbar) C:\Users\Dodi's\Desktop\FRST64.exe
2018-11-18 21:39 - 2018-11-18 21:39 - 000003242 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2018-11-18 21:38 - 2018-11-18 21:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-11-18 21:27 - 2018-11-18 21:27 - 000080274 _____ C:\Windows\ntbtlog.txt
2018-11-18 14:06 - 2018-11-18 14:06 - 000002350 _____ C:\Users\Dodi's\Desktop\Corel Paint Shop Pro Photo X2.lnk
2018-11-17 12:02 - 2018-11-17 12:09 - 000000000 ____D C:\Users\Dodi's\Desktop\PROCESS EXPLORER
2018-11-17 00:01 - 2018-11-17 00:01 - 000000000 ____D C:\Program Files\WinPcap
2018-11-16 21:22 - 2018-11-16 21:22 - 000293848 _____ C:\Users\Dodi's\Downloads\monthly-stats-oct-2018.pdf
2018-11-15 14:27 - 2018-11-15 14:27 - 000028936 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2018-11-15 14:27 - 2018-11-15 14:27 - 000003218 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2018-11-15 14:27 - 2018-11-15 14:27 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\DiskDefrag
2018-11-15 14:27 - 2018-11-15 14:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2018-11-15 14:26 - 2018-11-15 14:26 - 017435624 _____ (Glarysoft Ltd) C:\Users\Dodi's\Downloads\Glary_Utilities_v5.109.0 .134.exe
2018-11-15 14:25 - 2018-11-15 14:25 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\GlarySoft
2018-11-14 20:26 - 2018-11-19 13:02 - 000000000 ____D C:\Users\Dodi's\Desktop\smart phones
2018-11-14 16:14 - 2018-11-14 16:33 - 000001128 _____ C:\Users\Dodi's\Desktop\WAYS TO GET INTO SAFE MODE.txt
2018-11-12 17:25 - 2018-11-12 17:25 - 000012635 _____ C:\Users\Dodi's\Desktop\BENIFITS OF APPLE CIDER VINEGAR.odt
2018-11-10 16:45 - 2018-11-10 16:46 - 001931969 _____ C:\Users\Dodi's\Downloads\ProcessExplorer.zip
2018-11-09 20:43 - 2018-11-18 13:31 - 000000000 ____D C:\Users\Dodi's\Desktop\CAMP FIRE PARADISE
2018-11-08 22:48 - 2018-11-08 22:48 - 000605424 _____ (Reimage) C:\Users\Dodi's\Downloads\ReimageRepair(1).exe
2018-11-08 16:59 - 2018-11-08 16:59 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\Zoom
2018-11-08 16:59 - 2018-11-08 16:59 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Zoom
2018-11-07 11:20 - 2018-11-07 11:20 - 000481338 _____ C:\Users\Dodi's\Downloads\HHS-809-W.pdf
2018-11-06 23:49 - 2018-11-10 14:24 - 000000000 ____D C:\Users\Dodi's\Documents\PrintScreen Files
2018-11-04 01:20 - 2018-11-04 01:20 - 000006984 ____N C:\bootsqm.dat
2018-11-03 19:19 - 2018-11-03 19:19 - 000001285 _____ C:\Users\Public\Desktop\AOMEI Partition Assistant Standard Edition 7.5.lnk
2018-11-03 19:19 - 2018-11-03 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 7.5
2018-11-03 19:19 - 2018-11-03 19:19 - 000000000 ____D C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 7.5
2018-11-03 19:19 - 2018-10-10 10:23 - 002164080 _____ C:\Windows\ampa.exe
2018-11-03 19:19 - 2017-02-28 13:20 - 000038320 _____ C:\Windows\system32\ampa.sys
2018-11-03 19:19 - 2017-02-28 13:20 - 000035760 _____ C:\Windows\SysWOW64\ampa.sys
2018-11-02 22:30 - 2018-11-02 22:30 - 000000000 ____D C:\Users\Dodi's\Documents\Freemake
2018-11-02 19:23 - 2018-11-02 19:23 - 063833096 _____ (AOMEI Technology Co., Ltd. ) C:\Users\Dodi's\Downloads\PAssist_Std.exe
2018-11-02 19:21 - 2018-11-02 19:21 - 000018445 _____ C:\Users\Dodi's\Desktop\HARD DRIVE REPAIR.odt
2018-10-28 13:35 - 2018-10-28 13:35 - 002187304 _____ (LogMeIn, Inc.) C:\Users\Dodi's\Downloads\Support-LogMeInRescue(1).exe
2018-10-28 13:03 - 2018-10-28 13:03 - 002187304 _____ (LogMeIn, Inc.) C:\Users\Dodi's\Downloads\Support-LogMeInRescue.exe
2018-10-28 12:35 - 2018-11-18 21:46 - 000000000 ____D C:\Windows\System32\Tasks\Norton Security with Backup
2018-10-28 12:28 - 2018-10-28 12:28 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-10-28 11:53 - 2018-10-28 11:53 - 000000000 ____D C:\ProgramData\Norton NFT
2018-10-28 11:52 - 2018-10-28 11:53 - 005144240 _____ (Symantec Corporation) C:\Users\Dodi's\Downloads\NFT.exe
2018-10-28 08:58 - 2018-11-18 21:38 - 000002399 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-10-27 15:03 - 2018-10-27 15:03 - 000000000 ____D C:\Users\Dodi's\AppData\Local\Garmin
2018-10-26 02:12 - 2018-10-26 02:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2018-10-24 18:08 - 2018-10-24 18:08 - 000000910 _____ C:\Users\Dodi's\Desktop\Psp - Shortcut - Copy.lnk
2018-10-24 18:07 - 2018-11-18 13:59 - 000000000 ____D C:\Paint Shop Pro 5
2018-10-22 21:45 - 2018-10-22 21:45 - 017367192 _____ (Glarysoft Ltd) C:\Users\Dodi's\Downloads\Glary_Utilities_v5.107.0 .132.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-19 18:21 - 2015-01-07 21:37 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\Skype
2018-11-18 21:46 - 2009-07-13 20:45 - 000031872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-18 21:46 - 2009-07-13 20:45 - 000031872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-18 21:42 - 2015-07-15 13:15 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2018-11-18 21:42 - 2009-07-13 21:13 - 000795374 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-18 21:42 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-11-18 21:39 - 2018-02-25 07:35 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
2018-11-18 21:38 - 2015-01-08 05:10 - 000025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2018-11-18 21:38 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-18 21:06 - 2015-01-09 11:21 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\vlc
2018-11-18 16:03 - 2018-02-11 22:06 - 000000000 ____D C:\Users\Dodi's\AppData\Local\Firestorm_x64
2018-11-18 14:05 - 2016-06-04 10:13 - 000000000 ____D C:\Users\Dodi's\AppData\Local\Corel
2018-11-18 14:02 - 2016-06-04 10:12 - 000000848 ___SH C:\ProgramData\KGyGaAvL.sys
2018-11-18 14:02 - 2016-06-04 10:01 - 000000000 ____D C:\Users\Dodi's\Documents\My PSP Files
2018-11-18 14:01 - 2016-06-04 10:30 - 000000848 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys
2018-11-18 14:01 - 2016-06-04 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel MediaOne
2018-11-18 13:47 - 2016-06-04 10:01 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\Corel
2018-11-18 13:42 - 2017-10-21 22:41 - 000000000 ____D C:\Users\Dodi's\Desktop\RECEPTS
2018-11-17 12:09 - 2015-01-07 22:33 - 000000000 ___RD C:\Users\Dodi's\Desktop\MAINTENCE
2018-11-17 00:00 - 2018-01-11 01:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2018-11-16 13:57 - 2017-10-04 21:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-16 13:57 - 2015-01-07 14:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-16 13:57 - 2009-07-13 20:45 - 001228576 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-15 14:27 - 2015-07-15 13:16 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2018-11-14 17:09 - 2015-01-07 22:13 - 000445616 _____ C:\Users\Dodi's\AppData\Local\GDIPFONTCACHEV1.DAT
2018-11-12 20:55 - 2018-01-18 18:19 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-11-09 14:43 - 2018-02-02 07:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-11-08 23:24 - 2018-06-13 11:05 - 000000140 _____ C:\Windows\Reimage.ini
2018-11-08 18:41 - 2015-01-07 14:45 - 000000000 ____D C:\Users\Dodi's\AppData\Roaming\Thunderbird
2018-11-08 18:39 - 2016-11-18 21:11 - 000000000 ____D C:\Users\Dodi's\AppData\LocalLow\Mozilla
2018-11-06 12:44 - 2015-01-12 21:42 - 000000000 ____D C:\Users\Dodi's\Desktop\New folder
2018-11-06 12:43 - 2017-06-30 22:52 - 000000000 ____D C:\Users\Dodi's\Desktop\TERA
2018-11-05 20:22 - 2018-01-28 23:13 - 000000016 _____ C:\Windows\popcinfo.dat
2018-11-04 00:23 - 2015-01-11 22:57 - 000000000 ____D C:\Users\Dodi's\AppData\Local\ElevatedDiagnostics
2018-11-02 21:25 - 2017-05-23 13:58 - 000000000 ____D C:\Users\Dodi's\Documents\AIRFORCE 2025
2018-11-02 21:07 - 2015-09-19 23:33 - 000000000 ___RD C:\Users\Dodi's\Documents\Scanned Documents
2018-10-31 23:19 - 2015-01-11 23:06 - 000000000 ____D C:\ProgramData\Trymedia
2018-10-31 23:19 - 2015-01-11 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
2018-10-31 23:19 - 2015-01-11 23:06 - 000000000 ____D C:\GameHouse Games
2018-10-31 23:19 - 2015-01-11 23:05 - 000000000 ____D C:\Users\Dodi's\AppData\Local\com.gamehouse.acid
2018-10-30 22:50 - 2015-01-08 01:01 - 000000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2018-10-30 22:50 - 2015-01-07 14:11 - 000000000 ____D C:\ProgramData\Norton
2018-10-30 22:50 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\registration
2018-10-30 22:49 - 2017-03-05 23:26 - 000000000 ____D C:\ProgramData\activeMARK
2018-10-30 21:52 - 2014-11-26 00:36 - 000000000 ____D C:\Users\Dodi's
2018-10-28 13:58 - 2015-06-13 16:07 - 000000000 ____D C:\Users\Dodi's\AppData\Local\NPE
2018-10-28 12:28 - 2009-07-13 21:08 - 000032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-10-27 21:36 - 2018-07-17 11:30 - 000000000 ____D C:\Users\Dodi's\AppData\Local\ApplicationHistory
2018-10-27 21:27 - 2009-07-13 21:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-10-27 16:03 - 2015-01-09 13:57 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-10-26 02:12 - 2018-06-12 02:28 - 000001890 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2018-10-26 02:12 - 2017-08-16 13:30 - 000000000 ____D C:\ProgramData\Garmin
2018-10-26 02:12 - 2017-08-16 13:30 - 000000000 ____D C:\Program Files (x86)\Garmin
2018-10-26 02:12 - 2015-01-08 00:10 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-24 18:04 - 2015-01-14 21:43 - 000000000 ____D C:\Users\Dodi's\AppData\Local\CrashDumps
2018-10-23 08:17 - 2016-11-10 11:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-22 21:35 - 2015-12-03 21:24 - 000000000 ____D C:\Program Files\Common Files\AV
2018-10-21 19:35 - 2015-01-16 23:43 - 000007629 _____ C:\Users\Dodi's\AppData\Local\resmon.resmoncfg
2018-10-20 00:46 - 2018-01-11 01:22 - 000000000 ____D C:\ProgramData\Freemake

==================== Files in the root of some directories =======

2015-11-04 11:46 - 2015-11-04 11:46 - 000000288 _____ () C:\Users\Dodi's\AppData\Roaming\.backup.dm
2015-09-07 14:21 - 2015-11-14 18:34 - 000099384 _____ () C:\Users\Dodi's\AppData\Roaming\inst.exe
2016-12-03 17:34 - 2016-12-21 19:48 - 000001718 _____ () C:\Users\Dodi's\AppData\Roaming\MycoPref4.txt
2015-09-07 14:21 - 2015-11-14 18:34 - 000007859 _____ () C:\Users\Dodi's\AppData\Roaming\pcouffin.cat
2015-09-07 14:21 - 2015-11-14 18:34 - 000001167 _____ () C:\Users\Dodi's\AppData\Roaming\pcouffin.inf
2015-09-07 14:21 - 2015-11-14 18:34 - 000000033 _____ () C:\Users\Dodi's\AppData\Roaming\pcouffin.log
2015-09-07 14:21 - 2015-11-14 18:34 - 000082816 _____ (VSO Software) C:\Users\Dodi's\AppData\Roaming\pcouffin.sys
2015-05-15 13:37 - 2015-05-15 13:37 - 000001181 _____ () C:\Users\Dodi's\AppData\Roaming\trace_FilterInstal ler.1.txt
2015-05-15 13:37 - 2017-09-02 20:01 - 000000919 _____ () C:\Users\Dodi's\AppData\Roaming\trace_FilterInstal ler.txt
2015-05-15 13:37 - 2017-09-02 20:01 - 000000000 _____ () C:\Users\Dodi's\AppData\Roaming\trace_FilterInstal ler.txt-CRT.txt
2015-03-06 15:15 - 2015-03-06 15:16 - 000005120 _____ () C:\Users\Dodi's\AppData\Local\Databases.db
2016-06-04 10:13 - 2018-07-27 16:26 - 000054272 _____ () C:\Users\Dodi's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-16 23:43 - 2018-10-21 19:35 - 000007629 _____ () C:\Users\Dodi's\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-11-17 00:00 - 2018-11-17 00:00 - 018023464 _____ (Ellora Assets Corporation ) C:\Users\Dodi's\AppData\Local\Temp\FreemakeVideoDo wnloaderFull.exe
2018-11-17 00:00 - 2018-11-17 00:00 - 001011240 _____ (Ellora Assets Corporation ) C:\Users\Dodi's\AppData\Local\Temp\VideoDownloader .exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-15 00:49

==================== End of FRST.txt ============================

olgun52 · #14 November 20th, 2018, 10:14 PM

Hi kuzzz, thanks for the logs.

Are you using Norton Security as an antivirus ? Windows Firewall software also is also active.''Windows Firewall is enabled'' Windows Firewall will conflict with Norton Security software.

İmportant:

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause. Firewall programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two active security software running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

================================================== ======================================

Uninstall some programs:

Note: Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Garmin
Garmin Express
C:\Program Files (x86)\Garmin
C:\Program Files (x86)\Glarysoft
C:\Program Files (x86)\Glary Utilities
Express Burn Disc Burning Software

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish

================================================== ===============================

Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Scan, then Clean.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Regards.

kuzzz · #15 November 21st, 2018, 09:09 AM

I only use Norton Security Premium anti-virus. I thought Norton was in control of my firewall. Can I disable windows firewall? The programs you want me to remove are programs I use often. Is there a problem with them?

kuzzz

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
what's in this file slowing me down now please?(Moved by Murf)	rnsbg	Malware Removal	9	August 10th, 2017 09:10 PM
Possible Memory Page Filing Issue-Moved by MURF	BuzWeaver	Malware Removal	26	December 15th, 2013 10:42 PM
Upgrade Dell Dimension 3000 Memory - moved by Jintan-Murf	wblack	Malware Removal	76	October 4th, 2011 02:21 AM
HijackThis Log File (Moved from Hardware-Murf)	Siamese Dog	Malware Removal	1	November 11th, 2006 06:31 AM
Memory Upgrade???? (Moved by Murf)	pavgav	Hardware	7	April 6th, 2006 03:13 AM