Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03 Ran by Craig DiPiano (14-11-2017 19:28:40) Running from C:\Users\Craig DiPiano\Desktop Windows 10 Home Version 1607 14393.693 (X64) (2016-11-24 11:28:49) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2794434498-725242176-3457425843-500 - Administrator - Disabled) Craig DiPiano (S-1-5-21-2794434498-725242176-3457425843-1001 - Administrator - Enabled) => C:\Users\Craig DiPiano DefaultAccount (S-1-5-21-2794434498-725242176-3457425843-503 - Limited - Disabled) Guest (S-1-5-21-2794434498-725242176-3457425843-501 - Limited - Disabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-2794434498-725242176-3457425843-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D} AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D} AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) Acrobat.com (HKLM-x32\...\{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}) (Version: 2.1.0 - Adobe Systems Incorporated) Hidden Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated) ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated) Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.) AMD USB Filter Driver (HKLM-x32\...\{5BDA2F58-1F21-4D10-9910-92B01EBCC958}) (Version: 1.0.14.91 - Advanced Micro Devices, Inc.) Any Video Converter 3.4.0 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft) ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.27 - ArcSoft) ATI Catalyst Install Manager (HKLM\...\{E50A5077-1654-BEAE-986B-7B7133DA7C48}) (Version: 3.0.762.0 - ATI Technologies, Inc.) Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team) Bejeweled 2 Deluxe (HKLM-x32\...\WT082192) (Version: 2.2.0.82 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation) Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden Blackhawk Striker 2 (HKLM-x32\...\WT082122) (Version: 2.2.0.82 - WildTangent) Hidden Blasterball 3 (HKLM-x32\...\WT082124) (Version: 2.2.0.82 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build-a-lot 2 (HKLM-x32\...\WT082438) (Version: 2.2.0.82 - WildTangent) Hidden Cake Mania (HKLM-x32\...\WT083477) (Version: 2.2.0.82 - WildTangent) Hidden CamStudio (HKLM-x32\...\CamStudio) (Version: - ) Carbonite Online Backup Setup (HKLM-x32\...\Carbonite Setup Lite) (Version: 3.8.0 - Carbonite Inc.) ccc-core-static (HKLM-x32\...\{AF4A82A7-F453-CE12-A942-E55FAC234387}) (Version: 2010.0202.2335.42270 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) Chuzzle Deluxe (HKLM-x32\...\WT082200) (Version: 2.2.0.82 - WildTangent) Hidden CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.) ClickCharts Diagram Flowchart Software (HKLM-x32\...\ClickCharts) (Version: 1.55 - NCH Software) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2712 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT082396) (Version: 2.2.0.82 - WildTangent) Hidden Dora's Carnival Adventure (HKLM-x32\...\WT082133) (Version: 2.2.0.82 - WildTangent) Hidden DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard) Hidden DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard) DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) DVD Shrink Packages (HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\DVD Shrink Packages) (Version: - ) <==== ATTENTION Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.10 - Emsisoft Ltd.) Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - ) Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION) EPSON Perfection V33/V330 Photo Scanner Driver Update (HKLM-x32\...\{3B03E732-6150-4D0A-849F-C6F4141EA78C}) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Escape Rosecliff Island (HKLM-x32\...\WT083484) (Version: 2.2.0.82 - WildTangent) Hidden Express Points Presentation Software (HKLM-x32\...\ExpressPoints) (Version: 1.13 - NCH Software) EZ Vinyl/Tape Converter 10 by Ion Audio (HKLM-x32\...\EZ Vinyl/Tape Converter by Ion Audio_is1) (Version: - Ion Audio LLC) Faerie Solitaire (HKLM-x32\...\WT082442) (Version: 2.2.0.82 - WildTangent) Hidden FATE (HKLM-x32\...\WT082141) (Version: 2.2.0.82 - WildTangent) Hidden ffdshow (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - ) FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - ) Free Mp3 Wma Converter V 1.91 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 1.91.0.0 - Koyote Soft) GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6401 - HRB Technology, LLC.) H&R Block Deluxe + Efile + State 2015 (HKLM-x32\...\{E7BFC29A-9459-4534-9E35-BF1D66A18BAA}) (Version: 15.05.7401 - HRB Technology, LLC.) H&R Block Pennsylvania 2013 (HKLM-x32\...\{7F62C83B-2474-498A-8F5C-E5C452DF2D15}) (Version: 1.13.4501 - HRB Technology, LLC.) HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - ) Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5418.39 - PC-Doctor, Inc.) HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent) HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3902 - Hewlett-Packard) HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3910 - Hewlett-Packard) HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3911 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3911 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5C7FD70-2C0A-401E-95E9-916363567DDA}) (Version: 1.2.4048.3310 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}) (Version: 4.4.6.3 - Hewlett-Packard) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden IHA_MessageCenter (HKLM-x32\...\{80813829-BE27-4799-8BC7-2F75A7B6CB50}) (Version: 1.1.0 - Verizon) InterActual Player (HKLM-x32\...\InterActual Player) (Version: - ) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.) Jewel Quest 3 (HKLM-x32\...\WT082443) (Version: 2.2.0.82 - WildTangent) Hidden Jewel Quest Solitaire 2 (HKLM-x32\...\WT082468) (Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Keyword Strategy Studio Pro v2010.010311 (HKLM-x32\...\Keyword Strategy Studio Pro_is1) (Version: - Softnik Technologies) LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2610 - CyberLink Corp.) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2610 - CyberLink Corp.) LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - ) LightScribe Applications (HKLM-x32\...\{16F5ADDD-6EFD-411A-9013-8DD2C629FE53}) (Version: 1.18.27.10 - LightScribe) LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe) Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) Media Go (HKLM-x32\...\{F66C4A41-C3A8-4523-AB6C-BAA1DB38305C}) (Version: 2.7.357 - Sony) Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony) Media Go Video Playback Engine 2.4.128.12060 (HKLM-x32\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.128.12060 - Sony) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 60 day trial (HKLM-x32\...\OfficeTrial) (Version: - ) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard) Hidden Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard) Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla) Mp3 My Mp3 3.1 (HKLM-x32\...\{F92A74E1-D56E-4B83-A8C3-5DB85759A3FA}) (Version: 3.1 - Digital Liquid Ltd) Hidden Mp3 My Mp3 3.1 (HKLM-x32\...\Mp3 My Mp3 3.1) (Version: 3.1 - Digital Liquid Ltd) MP3MyMP3 4.2 (HKLM-x32\...\MP3MyMP3_is1) (Version: - Bruce McArthur) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) muvee Reveal Seagate Edition (HKLM-x32\...\{78E9A751-5616-233F-1249-16AC5758C646}) (Version: 7.0.41.11017 - muvee Technologies Pte Ltd) Mystery P.I. - The New York Fortune (HKLM-x32\...\WT082456) (Version: 2.2.0.82 - WildTangent) Hidden NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.4 - NETGEAR) Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec) NWZ-E380 WALKMAN Guide (HKLM-x32\...\{D98ED583-338D-4425-B2EF-A4C7FB93CE88}) (Version: 2.2.0.05230 - Sony Corporation) OLYMPUS Digital Camera Updater (HKLM-x32\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.) Penguins! (HKLM-x32\...\WT082168) (Version: 2.2.0.82 - WildTangent) Hidden Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 6.1.2265 (2265) - Koninklijke Philips Electronics N.V.) PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) Hidden PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company) Plants vs. Zombies (HKLM-x32\...\WT082170) (Version: 2.2.0.82 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (HKLM-x32\...\WT082171) (Version: 2.2.0.82 - WildTangent) Hidden Polar Bowler (HKLM-x32\...\WT082172) (Version: 2.2.0.82 - WildTangent) Hidden Polar Golfer (HKLM-x32\...\WT082173) (Version: 2.2.0.82 - WildTangent) Hidden Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3810 - CyberLink Corp.) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3810 - CyberLink Corp.) PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2704 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2704 - CyberLink Corp.) Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.25 - NCH Software) Python 2.7.1 (64-bit) (HKLM\...\{32939827-d8e5-470a-b126-870db3c69fd0}) (Version: 2.7.1150 - Python Software Foundation) Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit) Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2719 - CyberLink Corp.) Hidden Riva FLV Encoder 2.0 (HKLM-x32\...\Riva FLV Encoder 2.0_is1) (Version: 2.00.0005 - Rothenberger & Partner) SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.) Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.8.5.0 - Seagate) Seagate Manager Installer (HKLM-x32\...\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate) Hidden Seagate Manager Installer (HKLM-x32\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate) Sound Organizer (HKLM-x32\...\{95B9D945-C782-44F8-AD12-F9FE48EE7C94}) (Version: 1.1.0.12070 - Sony Corporation) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.12 - NCH Software) TextTwist 2 (HKLM-x32\...\WT083491) (Version: 2.2.0.82 - WildTangent) Hidden TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc) TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.48 - NCH Software) Virtual Families (HKLM-x32\...\WT082188) (Version: 2.2.0.82 - WildTangent) Hidden Virtual Villagers - The Secret City (HKLM-x32\...\WT082241) (Version: 2.2.0.82 - WildTangent) Hidden Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vz In Home Agent (HKLM-x32\...\{6916E491-8BBF-4E8A-AFAD-D01307C059E5}) (Version: 8.02.23 - Verizon) Wav to Mp3 (HKLM-x32\...\{729E66B3-1B80-4F2F-8D19-342A89631E0A}_is1) (Version: - ) Wheel of Fortune 2 (HKLM-x32\...\WT082189) (Version: 2.2.0.82 - WildTangent) Hidden Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.) Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4038.0 - Microsoft Corporation) Zuma's Revenge (HKLM-x32\...\WT082463) (Version: 2.2.0.82 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2794434498-725242176-3457425843-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes) ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00E7E66A-146A-4D91-AE0E-8E041E5EEEFC} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {128FDC75-746D-4480-869A-A87D6AEBB636} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd) Task: {1294C8DE-F2BA-4269-871D-756095C3B09E} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-02-24] () Task: {198BA291-FB1B-4265-A118-6FE6B55EBBE7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {1BB38B11-01D4-4FC3-9105-370BB8C11A21} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {356D20A1-53E6-435D-A1F2-FDCAA78D276B} - System32\Tasks\Craig DiPiano1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-07-21] (Seagate Technology LLC) Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {3FDDFACE-600F-41C0-A521-C7119F1B6508} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Craig DiPiano\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {4F146EF9-1584-4BF8-A020-3A9E37525BCE} - System32\Tasks\Craig DiPiano DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2017-07-21] (Seagate Technology LLC) Task: {5A2CC048-721F-46A1-AC35-80DD405DFAEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated) Task: {5DCCE427-23A6-4FC9-ACF2-657BA1A698C9} - System32\Tasks\Craig DiPiano1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-07-21] (Seagate Technology LLC) Task: {5F522CEB-EAA3-4E97-96FF-BF8425DF56F6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {71415035-9F51-485A-BF58-AE3A62E8BB0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {77CDE8FA-743E-4BC5-8128-8886F7D50B1D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {7864E796-9F78-4F98-95A9-80E968BB9BEB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.) Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7B414C1E-650B-461C-A36D-14FB655627C0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {841465EF-77FE-40EF-8138-287423A1BD12} - System32\Tasks\{F030C5F5-3535-40C8-82A9-4FBBB3FA519D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Craig DiPiano\Videos\Riva_FLV_Encoder.exe" -d "C:\Users\Craig DiPiano\Videos" Task: {8451AEC7-438A-47ED-AAF8-43DA021933CF} - System32\Tasks\iMeshNAG => C:\Users\CRAIGD~1\AppData\Local\Temp\iMesh_setup.exe <==== ATTENTION Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {88B0061E-71BD-4E62-B1BA-8AD9866A077C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {8CEC57CE-9D89-4DAC-B4A6-7A110184F37A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A2637C3B-1E40-44BD-AB8C-4383AC6C1F7C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {A4E1A579-D414-4C8E-AD66-03A0538F4503} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {A7F13F2E-7E40-4342-A3EF-A78884CC1813} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {AA665A59-A688-419E-B83D-465C6651FBB7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {AC825DFB-BBC0-430E-9DBA-4A946ACA8B53} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {B081616E-0B12-4425-9E08-A245118C7CCE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {B0FAD8D3-529C-4402-94D7-4D44F8DB6D78} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B564AB98-F1CF-4EF4-B044-F7492A523700} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BA287D0E-8F40-4EF9-BAA0-1EACC7B4B577} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {BB119898-E216-4E4D-93DB-E693B6921D84} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C53DD36B-A1E7-4C6E-A433-B17773342A7E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01] (PC-Doctor, Inc.) Task: {CE4316C6-3AE3-4120-ACFF-FB8A88428B1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {D13884A6-4010-4AC9-99F8-7BA15C9287F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated) Task: {D2766357-4D1A-4D75-A2FB-E426DC50D624} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {D34FC6E8-B440-4E73-A3B7-7D93D9CF0DC2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {DC292CBE-591A-4837-B7BD-C5A523F33642} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2017-07-21] (Seagate Technology LLC) Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {EDC1CEBF-721A-43DF-97F4-6333C572872D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.) Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\iMeshNAG.job => C:\Users\CRAIGD~1\AppData\Local\Temp\iMesh_setup.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Craig DiPiano\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Account.lnk -> hxxp://www22.verizon.com/ForYourHome/MyAccount/Protected/Account/MyAccountProfile.asp Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Message Center.lnk -> hxxp://webmail.verizon.com Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\My Verizon.lnk -> hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.asp Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Shop Verizon.lnk -> hxxp://my.verizon.com/shop/portlets/shop/ShopVas.js Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Support.lnk -> hxxp://www22.verizon.com/residentialhelp Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\About Verizon.lnk -> hxxp://wapp.verizon.com/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_cor Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\Safety & Security.lnk -> hxxp://surround.verizon.com/Shop/Utilities/InternetSecuritySuite.asp Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\Search.lnk -> hxxp://my.verizon.com/central/bookmark?action=advancedwebsearc Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\Support.lnk -> hxxp://www22.verizon.com/residentialhelp Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\Welcome Page.lnk -> hxxp://wapp.verizon.com/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=wc_welcom ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 16:35 - 2016-12-09 05:29 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-06-09 20:20 - 2014-08-18 16:50 - 000316120 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe 2016-12-31 04:40 - 2017-04-20 02:42 - 002271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2016-11-24 08:07 - 2016-11-24 08:07 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-11 16:21 - 2016-12-21 02:09 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-11 16:21 - 2016-12-21 01:54 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-11 16:21 - 2016-12-21 01:48 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-11 16:21 - 2016-12-21 01:48 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-11 16:21 - 2016-12-21 01:48 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-11 16:21 - 2016-12-21 01:48 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-11 16:21 - 2016-12-21 01:53 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-12-14 15:50 - 2016-12-14 15:51 - 000072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-12-14 15:50 - 2016-12-14 15:51 - 000179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-12-14 15:50 - 2016-12-14 15:51 - 042130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-12-14 15:50 - 2016-12-14 15:51 - 002216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll 2010-01-18 12:21 - 2010-01-18 12:21 - 000568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 2010-02-09 21:01 - 2010-02-09 21:01 - 001712184 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe 2015-06-09 20:20 - 2014-08-18 16:49 - 008274648 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe 2017-09-26 15:40 - 2017-09-21 02:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll 2017-09-26 15:40 - 2017-09-21 02:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll 2015-06-09 20:20 - 2015-02-26 19:19 - 000380928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll 2015-06-09 20:20 - 2014-07-22 09:18 - 000278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll 2016-11-28 16:35 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2016-11-28 16:35 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2016-11-28 16:35 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7936 more sites. IE trusted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\google.com -> hxxps://www.google.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\123simsen.com -> www.123simsen.com There are 7937 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2017-11-04 11:30 - 000454674 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15603 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2794434498-725242176-3457425843-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Craig DiPiano\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{41c40453-4351-48d4-a54d-4ee28bcbd18e}.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service" HKLM\...\StartupApproved\Run32: => "CarboniteSetupLite" HKLM\...\StartupApproved\Run32: => "Microsoft Default Manager" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "MaxMenuMgr" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Philips Device Listener" HKLM\...\StartupApproved\Run32: => "VerizonServicepoint.exe" HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\StartupFolder: => "Epson scanner Registration.lnk" HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "Amazon Music" HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "LightScribe Control Panel" HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "SanDiskSecureAccess_Manager.exe" HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{84F0FFF7-3488-4ABC-9164-87540A4450AD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{E21A872A-C4F0-414F-A48E-43B01FEA01D3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F4DF446F-8109-42A7-8A3C-5CEA123C3B17}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe FirewallRules: [{040FE419-F64E-4E34-9618-964CAC54E6A4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe FirewallRules: [{F55682A5-BB17-4610-8261-3BA16FF2AE55}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe FirewallRules: [{C6A48249-3893-4B45-8CA0-A2E6FEA1C7B5}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe FirewallRules: [{C5933230-372D-40B1-BCF8-605DC672CD67}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe FirewallRules: [{F4C1E844-CDF5-4F9D-9548-E5BF12D82D71}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe FirewallRules: [{B9483F56-D54B-4EB7-BD5F-52813A76590A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE FirewallRules: [{42412653-06AB-4834-9BA3-E41793587266}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe FirewallRules: [{610413EF-3EE6-4079-AEE5-7208123F2080}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe FirewallRules: [{C517426F-ED19-40EE-9BCB-517227F2B515}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe FirewallRules: [{0851FF14-6F85-4097-A4CD-30DAB60DDE90}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe FirewallRules: [{A758F163-F159-4EBD-9E94-CBD795225D78}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe FirewallRules: [TCP Query User{C7894759-182D-4A84-A0E7-AE37A01B828C}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe FirewallRules: [UDP Query User{7818AB9B-32A9-4D78-BF6C-D11C5E1DB339}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe FirewallRules: [{F1534492-FFC7-44FA-A3FD-3002899CDCE1}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe FirewallRules: [{1ECD3752-A781-41B9-906B-2CEC23495D8B}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe FirewallRules: [{44EA520B-6459-44DE-BB91-052225AFB5C8}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe FirewallRules: [{61A8A447-6D0A-4A34-8F44-46F35231DC42}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe FirewallRules: [{82F48685-F443-43F4-A62F-46F02843C857}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe FirewallRules: [{4650292E-F11B-41AF-BAF0-928FA75891DD}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe FirewallRules: [{D2AE60FD-EE99-475C-BC88-9818B4AE6F21}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [{D6420937-ED58-486A-B363-7D432BF18108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe FirewallRules: [TCP Query User{12B30242-047A-4C84-BC53-664CFD9A1F49}J:\techwizard.exe] => (Allow) J:\techwizard.exe FirewallRules: [UDP Query User{3EA45341-C127-4672-A71C-6D3692CCBEEE}J:\techwizard.exe] => (Allow) J:\techwizard.exe FirewallRules: [{0CEDAE81-58B5-4D30-9708-43A709EA40E6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{79EDC441-6588-490A-9992-B539F12EFDEE}] => (Allow) LPort=2869 FirewallRules: [{7169B85C-CF6F-47CD-A940-2C9068FF12C4}] => (Allow) LPort=1900 FirewallRules: [{CD2009EE-4A3A-42C5-A467-38E94FA40718}] => (Allow) C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe FirewallRules: [{F952453A-F885-47C8-8385-7D9CE94B75D8}] => (Allow) C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe FirewallRules: [{424B25CA-A9BE-4111-9EC7-6B916BA059A6}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe FirewallRules: [{1D41B792-B8C3-4BEC-AF53-618D22E102B9}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe FirewallRules: [{B4AB2586-BAEF-4C9C-9772-A26C7533716F}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe FirewallRules: [{DB969FDF-B805-4825-8380-132D25BEB736}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe FirewallRules: [{BB4480CA-BB40-4E94-8CFE-36D8F181FB93}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{25B86D4D-4AE6-4C0E-BA65-4CA8630BCC78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B60FED6B-8345-403D-9E6D-00848A6042E7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A453C1B3-7472-49C8-B09E-7DB7EF0DACE7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{C5E07347-C24A-4F3B-818A-E7D4117417E9}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{4FE7B64C-9666-4CE9-A0B1-B845FB4227E1}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{8ABF4E99-0728-4DD7-9049-E35EC71CB8F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{6FDD09DF-2AA8-4C27-912D-F884522B89D2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{75BD3109-6053-4A0B-BDFD-E6D0AB05EEA5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{C8128898-BF1C-4574-A6E3-C37BF0AB1BA4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{F44A61A3-387E-4081-AC7B-5888ADD5C6EA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{D52E6CEA-CB0B-4FBD-877F-3FBDA503636E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{1F42BD20-8EE8-4B19-B2D9-87898CA8E8A6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{095C1336-5773-43A5-A65D-357BF0B618B7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{FCEE68FC-A2DE-415D-8D57-F62A9E9991E7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{5CF5B394-5F4A-4A96-9E62-05C1E63BE4E1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{BEB6D0F4-69C3-4A83-9AF0-54A1AEE83814}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{F8883C2F-171C-4FFD-9422-E58486D41221}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{3B25487C-EB7E-4C60-98FC-3324F9848BE1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{888E4841-F389-4EE7-9635-0716BC22B379}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BF6B0E1F-6C90-457C-AAFC-1F36582990D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2A3F78FA-F6C8-4D87-8BD8-BBD0BD8FADD4}] => (Allow) LPort=50001 FirewallRules: [{CCF8AC7A-0119-42D7-A67E-1A6CA0656801}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{5F082340-5123-462D-869B-D518AB85D892}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [TCP Query User{481D3776-A41E-4B93-A4A7-31D3B769372C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{6A379BD4-5D5A-4799-890C-9CEC27931A5D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{CDB978FF-B6CA-47C4-AF0A-0E6CC45F1F8F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{EE4A9AEE-8BDC-46FC-8558-DAB0420E6360}] => (Allow) LPort=8888 FirewallRules: [TCP Query User{5955BE02-79FB-471D-A0F7-5A6763BAA940}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe FirewallRules: [UDP Query User{FD258FF1-7BE7-484A-95DD-DB430030D361}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/14/2017 07:30:49 PM) (Source: ESENT) (EventID: 454) (User: ) Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551. Error: (11/14/2017 07:30:49 PM) (Source: ESENT) (EventID: 517) (User: ) Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. Error: (11/14/2017 07:28:48 PM) (Source: ESENT) (EventID: 454) (User: ) Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551. Error: (11/14/2017 07:28:48 PM) (Source: ESENT) (EventID: 517) (User: ) Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. Error: (11/14/2017 07:26:48 PM) (Source: ESENT) (EventID: 454) (User: ) Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551. Error: (11/14/2017 07:26:48 PM) (Source: ESENT) (EventID: 517) (User: ) Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. Error: (11/14/2017 07:24:48 PM) (Source: ESENT) (EventID: 454) (User: ) Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551. Error: (11/14/2017 07:24:48 PM) (Source: ESENT) (EventID: 517) (User: ) Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. Error: (11/14/2017 07:22:48 PM) (Source: ESENT) (EventID: 454) (User: ) Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551. Error: (11/14/2017 07:22:48 PM) (Source: ESENT) (EventID: 517) (User: ) Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. System errors: ============= Error: (11/14/2017 07:30:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Update service terminated with the following error: %%3355443751 Error: (11/14/2017 07:30:48 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGDIPIANO-HP) Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error: (11/14/2017 07:28:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Update service terminated with the following error: %%3355443751 Error: (11/14/2017 07:28:48 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGDIPIANO-HP) Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error: (11/14/2017 07:26:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Update service terminated with the following error: %%3355443751 Error: (11/14/2017 07:26:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error: (11/14/2017 07:24:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Update service terminated with the following error: %%3355443751 Error: (11/14/2017 07:24:48 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGDIPIANO-HP) Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error: (11/14/2017 07:22:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Update service terminated with the following error: %%3355443751 Error: (11/14/2017 07:22:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. CodeIntegrity: =================================== Date: 2017-11-14 19:27:41.700 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-14 19:27:41.696 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-14 19:27:41.650 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-14 19:27:41.646 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-14 19:22:36.293 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-14 19:22:06.270 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-14 19:21:53.562 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-14 19:21:49.349 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-14 19:20:46.829 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-14 19:20:46.776 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X4 630 Processor Percentage of memory in use: 42% Total physical RAM: 5879.89 MB Available physical RAM: 3383.18 MB Total Virtual: 8695.89 MB Available Virtual: 6107.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:919.32 GB) (Free:678.87 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:11.46 GB) (Free:1.38 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.3 GB) (Disk ID: C8002F2A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=919.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================