My nephew Craig (a great guy) brought his computer to me because he was having problems with it. Turns out the hard drive was failing. I was able to image the drive and restore it on a new hard drive. While doing so, I ran a MBAM scan. MBAM found Rootkit.Fileless.MT Gen and quarantined it.
I then installed Emsisoft AntiMalware - it found only adware.
He was using AVG Free and Spybot S&D. Check out that host file.
Can you please check to see if there's anything that needs to be addressed.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by Craig DiPiano (administrator) on CRAIGDIPIANO-HP (14-11-2017 19:27:09)
Running from C:\Users\Craig DiPiano\Desktop
Loaded Profiles: Craig DiPiano (Available Profiles: Craig DiPiano & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1607 14393.693 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(SAC) C:\ProgramData\ClickFreeTformer\reminder\SacReminder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8849832 2017-11-13] (Emsisoft Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Microsoft Default Manager] => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM-x32\...\Run: [Philips Device Listener] => C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-03-19] ()
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [197928 2009-12-18] (Seagate LLC)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CarboniteSetupLite] => C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe [318096 2009-08-04] (Carbonite, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1562304 2017-07-21] (Seagate Technology LLC)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Craig DiPiano\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-07-10] (Gemalto N.V.)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [142568 2017-07-21] (Seagate Technology LLC)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [SacReminder] => C:\ProgramData\ClickfreeTformer\reminder\SacReminder.exe [825152 2009-09-04] (SAC)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\MountPoints2: {37773de6-c7c4-11e7-9dbd-78e7d1c8ebc7} - "F:\StartClickFreeBackup.exe"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\MountPoints2: {9e2ec690-8457-11e7-9db9-78e7d1c8ebc7} - "L:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-07-01]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk [2015-06-19]
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2010-05-09]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk [2013-02-02]
ShortcutTarget: Epson scanner Registration.lnk -> E:\Common\EpsonReg\v33\EpsonReg.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2e716942-8032-463e-baf2-25dd3e2304d1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{32f97b89-1668-40b9-8cc8-91ba1b275eb3}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
SearchScopes: HKLM -> {5F7433B8-9CB1-45E8-95A9-65BB044ACC20} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {ACF86F11-B2C2-421B-94B3-B7EAFAC8BB2A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5F7433B8-9CB1-45E8-95A9-65BB044ACC20} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {ACF86F11-B2C2-421B-94B3-B7EAFAC8BB2A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2794434498-725242176-3457425843-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2794434498-725242176-3457425843-1001 -> {5F7433B8-9CB1-45E8-95A9-65BB044ACC20} URL =
SearchScopes: HKU\S-1-5-21-2794434498-725242176-3457425843-1001 -> {ACF86F11-B2C2-421B-94B3-B7EAFAC8BB2A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKU\S-1-5-21-2794434498-725242176-3457425843-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FireFox:
========
FF ProfilePath: C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default [2014-12-11]
FF Extension: (Philips Branding) - C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\Extensions\philips-branding@philips.com [2011-08-27] [not signed]
FF Extension: (QuickTime Playback) - C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\Extensions\quicktime@songbirdnest.com [2011-02-07] [not signed]
FF Extension: (Windows Media Playback) - C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\Extensions\windowsmedia@songbirdnest.com [2011-02-07] [not signed]
FF Extension: (AAC Decoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (Artwork Extras) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (CD Rip Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (File association) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com [2014-07-28] [not signed]
FF Extension: (gonzo) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (Gracenote Metadata Lookup Provider) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (H.264 Video Decoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewh264dec@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (mashTape) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (MP3 Encoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (MPEG-4 Video Decoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmpeg4dec@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (MSC Device Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (MTP Device Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (Philips addon manager) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com [2014-07-28] [not signed]
FF Extension: (Philips auto msc-mtp switch) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com [2014-07-28] [not signed]
FF Extension: (Philips Branding) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com [2014-07-28] [not signed]
FF Extension: (Philips GoGear Device Manager) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (Philips Skin) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com [2014-07-28] [not signed]
FF Extension: (Philips UI) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com [2014-07-28] [not signed]
FF Extension: (Purple Rain) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (Concerts) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\concerts@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (LikeMusic) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com [2014-07-28] [not signed]
FF Extension: (MinimizeToTray Plus for Philips Songbird) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-minimizetotray@philips.com [2014-07-28] [not signed]
FF Extension: (Philips Promotions) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com [2014-07-28] [not signed]
FF Extension: (rhapsody) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\rhapsody@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (Media Sharing) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\sharing@songbirdnest.com [2014-07-28] [not signed]
FF SearchPlugin: C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\searchplugins\62fa0614-5d53-4857-a24a-46d24ee810a3.xml [2011-02-07]
FF SearchPlugin: C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\searchplugins\7c448e2e-7f1f-4329-965e-4fb614062ebf.xml [2014-07-28]
FF ProfilePath: C:\Users\Craig DiPiano\AppData\Roaming\Mozilla\Firefox\Profiles\5akk4lm7.default [2017-11-14]
FF user.js: detected! => C:\Users\Craig DiPiano\AppData\Roaming\Mozilla\Firefox\Profiles\5akk4lm7.default\user.js [2014-01-19]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\5akk4lm7.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\5akk4lm7.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\5akk4lm7.default -> hxxp://www.google.com/
FF Extension: (Add Google Search To New Tab Page) - C:\Users\Craig DiPiano\AppData\Roaming\Mozilla\Firefox\Profiles\5akk4lm7.default\Extensions\newtabgoogle@graememcc.co.uk.xpi [2016-10-02]
FF Extension: (Video Downloader) - C:\Users\Craig DiPiano\AppData\Roaming\Mozilla\Firefox\Profiles\5akk4lm7.default\Extensions\pbekeglhko@pbekeglhko.org.xpi [2013-03-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension => not found
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2014-08-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-07-23] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2794434498-725242176-3457425843-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> javascript:location.href=%27mailto:?SUBJECT=%27+document.title+%27&BODY=%27+escape(location.href);
CHR Profile: C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default [2017-11-14]
CHR Extension: (Slides) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-04]
CHR Extension: (YouTube) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-04]
CHR Extension: (Google Docs Offline) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-04]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2017-11-13]
CHR Extension: (Save to Facebook) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-08-13]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2017-05-06]
CHR Extension: (Gmail) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9173552 2017-11-13] (Emsisoft Ltd)
S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-03-24] (Hewlett-Packard) [File not signed]
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-03-17] (Alcatel-Lucent) [File not signed]
S3 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [157024 2010-11-19] (Sony Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16120 2017-07-21] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143560 2017-07-21] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [316120 2014-08-18] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\WINDOWS\System32\drivers\61883.sys [61952 2016-07-16] (Microsoft Corporation)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2012-04-04] (GEAR Software Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-11-14] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NPF; C:\WINDOWS\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [23536 2010-01-19] (PC-Doctor, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X]
S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-14 19:27 - 2017-11-14 19:27 - 000026894 _____ C:\Users\Craig DiPiano\Desktop\FRST.txt
2017-11-14 19:27 - 2017-11-14 19:27 - 000000000 ____D C:\FRST
2017-11-14 19:26 - 2017-11-14 19:26 - 002392576 _____ (Farbar) C:\Users\Craig DiPiano\Desktop\FRST64.exe
2017-11-14 19:07 - 2017-11-14 19:15 - 000000000 ____D C:\AdwCleaner
2017-11-14 18:52 - 2017-11-14 19:00 - 000000000 ____D C:\ProgramData\Emsisoft
2017-11-14 18:51 - 2017-11-14 18:51 - 000000939 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-11-14 18:51 - 2017-11-14 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-11-14 18:50 - 2017-11-14 19:22 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-11-14 18:39 - 2017-11-14 18:41 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\AvgSetupLog
2017-11-14 18:29 - 2017-11-14 18:49 - 291547704 _____ (Emsisoft Ltd. ) C:\Users\Craig DiPiano\Downloads\EmsisoftAntiMalwareSetup.exe
2017-11-14 18:26 - 2017-11-14 19:02 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-14 18:26 - 2017-11-14 18:26 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-14 18:18 - 2017-11-14 18:18 - 000001291 _____ C:\Users\Craig DiPiano\Desktop\MBAM scan.txt
2017-11-13 12:46 - 2017-11-13 13:22 - 000000000 _____ C:\Recovery.txt
2017-11-12 11:19 - 2017-11-12 14:50 - 000000000 ____D C:\ProgramData\ClickFreeTformer
2017-11-12 11:19 - 2017-11-12 11:19 - 000000000 ____D C:\ProgramData\ClickfreeIPTformer
2017-11-09 18:06 - 2017-11-09 18:06 - 005164530 _____ C:\Users\Craig DiPiano\Downloads\Painting Trees in Acrylic - Reference Images.pdf
2017-11-09 18:05 - 2017-11-09 18:06 - 000203037 _____ C:\Users\Craig DiPiano\Downloads\Painting Trees in Acrylic - Materials (1).pdf
2017-11-05 15:06 - 2017-11-05 15:06 - 000002200 _____ C:\Users\Craig DiPiano\AppData\Local\recently-used.xbel
2017-11-04 11:30 - 2017-10-24 17:53 - 000454674 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20171104-123031.backup
2017-10-29 12:42 - 2017-10-29 12:42 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\webkit
2017-10-29 12:33 - 2017-11-05 15:06 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\gtk-2.0
2017-10-29 12:32 - 2017-10-29 12:32 - 000000000 ____D C:\Users\Craig DiPiano\.thumbnails
2017-10-29 12:27 - 2017-11-05 15:13 - 000000000 ____D C:\Users\Craig DiPiano\.gimp-2.8
2017-10-29 12:27 - 2017-10-29 12:27 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\gegl-0.2
2017-10-29 12:27 - 2017-10-29 12:27 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\fontconfig
2017-10-29 12:26 - 2017-10-29 12:26 - 000000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-10-29 12:25 - 2017-10-29 12:26 - 000000000 ____D C:\Program Files\GIMP 2
2017-10-29 12:24 - 2017-10-29 12:25 - 089579672 _____ (The GIMP Team ) C:\Users\Craig DiPiano\Downloads\gimp-2.8.22-setup.exe
2017-10-24 17:53 - 2017-10-22 11:03 - 000454674 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20171024-185315.backup
2017-10-22 11:03 - 2017-10-13 17:09 - 000454674 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20171022-120320.backup
2017-10-21 11:38 - 2017-10-21 11:38 - 000000925 _____ C:\Users\Craig DiPiano\Downloads\events.ics
2017-10-20 16:53 - 2017-10-20 16:53 - 000003890 _____ C:\WINDOWS\System32\Tasks\Craig DiPiano1 Merge
2017-10-20 16:53 - 2017-10-20 16:53 - 000003862 _____ C:\WINDOWS\System32\Tasks\Craig DiPiano1
2017-10-17 18:16 - 2017-10-17 18:16 - 000003638 _____ C:\WINDOWS\System32\Tasks\Craig DiPiano DBAgent 2 0
2017-10-17 18:16 - 2017-10-17 18:16 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\Nero
2017-10-17 18:15 - 2017-10-17 18:15 - 000003644 _____ C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
2017-10-17 18:14 - 2017-10-17 18:14 - 000002180 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2017-10-17 18:14 - 2017-10-17 18:14 - 000000000 ____D C:\ProgramData\Nero
2017-10-17 18:14 - 2017-10-17 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2017-10-17 18:13 - 2017-10-17 18:13 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\Seagate
2017-10-17 18:08 - 2017-10-17 18:10 - 156799280 _____ (Seagate) C:\Users\Craig DiPiano\Downloads\Seagate_Dashboard_Installer.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-14 19:25 - 2016-11-24 05:43 - 001427924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-14 19:21 - 2016-12-31 04:40 - 000251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-14 19:19 - 2016-11-24 06:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-14 19:19 - 2016-07-16 01:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-11-14 19:15 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-14 19:15 - 2012-04-18 19:18 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\Yahoo!
2017-11-14 19:15 - 2012-04-18 19:18 - 000000000 ____D C:\Users\Craig DiPiano\AppData\LocalLow\Yahoo!
2017-11-14 19:15 - 2012-04-18 19:18 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-11-14 18:58 - 2010-06-20 17:45 - 000000000 ____D C:\ProgramData\Adobe
2017-11-14 18:43 - 2016-11-11 04:08 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\AVG
2017-11-14 18:43 - 2016-11-11 03:39 - 000000000 ____D C:\ProgramData\Avg
2017-11-14 18:43 - 2010-06-20 17:45 - 000000000 ____D C:\Program Files\Google
2017-11-14 18:43 - 2010-06-20 17:45 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-14 18:43 - 2010-06-20 13:19 - 000000000 ____D C:\Program Files (x86)\AVG
2017-11-14 18:27 - 2010-06-20 17:45 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\Adobe
2017-11-14 18:27 - 2010-06-20 13:09 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\Adobe
2017-11-14 18:26 - 2010-06-20 17:45 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-14 18:22 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2017-11-14 18:19 - 2010-06-20 17:57 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\Google
2017-11-14 18:19 - 2010-06-20 17:45 - 000000000 ____D C:\ProgramData\Google
2017-11-14 18:06 - 2016-11-24 05:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-14 17:50 - 2017-05-04 15:33 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-11-11 13:44 - 2016-11-24 05:44 - 000000000 ____D C:\Users\Craig DiPiano
2017-11-06 20:18 - 2017-07-27 16:07 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2794434498-725242176-3457425843-1001
2017-11-06 20:18 - 2016-05-20 17:23 - 000002436 _____ C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-06 20:18 - 2016-05-20 17:23 - 000000000 ___RD C:\Users\Craig DiPiano\OneDrive
2017-11-04 19:48 - 2013-02-02 10:01 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\ArcSoft
2017-10-25 16:35 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 16:35 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-22 14:52 - 2012-07-20 11:06 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\SanDisk
2017-10-22 14:50 - 2010-08-05 19:50 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\vlc
2017-10-22 12:34 - 2011-02-04 16:32 - 000000000 ____D C:\Users\Craig DiPiano\Documents\FINANCES
2017-10-22 12:32 - 2012-06-16 10:46 - 000000000 ____D C:\Users\Craig DiPiano\Documents\Auto
2017-10-17 18:14 - 2010-06-20 17:38 - 000000000 ____D C:\Program Files (x86)\Seagate
2017-10-17 17:24 - 2017-07-25 17:11 - 000000000 ____D C:\Users\Craig DiPiano\Documents\Sketches_Scanned
==================== Files in the root of some directories =======
2010-07-12 17:48 - 2010-10-17 10:11 - 000033134 _____ () C:\Users\Craig DiPiano\AppData\Roaming\UserTile.png
2010-06-27 19:18 - 2017-08-03 17:02 - 000002500 _____ () C:\Users\Craig DiPiano\AppData\Roaming\wklnhst.dat
2017-01-24 17:27 - 2017-09-24 12:35 - 000016960 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\1eaadjc.dll
2017-01-24 17:27 - 2017-09-24 12:35 - 000018724 ____T () C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\bass.dll
2017-01-24 17:27 - 2017-09-24 12:35 - 000014392 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\kfgresk.dll
2017-01-24 17:27 - 2017-09-24 12:35 - 000014456 ____T () C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\mjcriu.dll
2017-01-24 17:27 - 2017-09-24 12:35 - 000010816 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\peaadje.dll
2017-01-24 17:27 - 2017-09-24 12:35 - 000028760 ____T (
JOBnik! [Arthur Aminov, ISRAEL]) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\qwadjb.dll
2017-01-24 17:27 - 2017-09-24 12:35 - 000015424 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\rsaadjd.dll
2017-01-24 17:27 - 2017-09-24 12:35 - 000098872 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\~DFK51ab8d40.tmp
2010-07-20 18:35 - 2017-09-24 12:34 - 000082432 _____ () C:\Users\Craig DiPiano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-05 15:06 - 2017-11-05 15:06 - 000002200 _____ () C:\Users\Craig DiPiano\AppData\Local\recently-used.xbel
2012-05-24 17:11 - 2012-05-24 17:11 - 000000017 _____ () C:\Users\Craig DiPiano\AppData\Local\resmon.resmoncfg
2011-07-23 18:58 - 2011-07-23 18:58 - 000000000 _____ () C:\Users\Craig DiPiano\AppData\Local\{A5A7E4C1-9043-4FD1-8D28-C74B15880741}
2012-02-27 10:42 - 2013-02-24 12:24 - 000000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Files to move or delete:
====================
C:\Users\Craig DiPiano\lametritonus_en.dll
C:\Users\Craig DiPiano\lame_enc_en.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-06 16:49
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by Craig DiPiano (14-11-2017 19:28:40)
Running from C:\Users\Craig DiPiano\Desktop
Windows 10 Home Version 1607 14393.693 (X64) (2016-11-24 11:28:49)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2794434498-725242176-3457425843-500 - Administrator - Disabled)
Craig DiPiano (S-1-5-21-2794434498-725242176-3457425843-1001 - Administrator - Enabled) => C:\Users\Craig DiPiano
DefaultAccount (S-1-5-21-2794434498-725242176-3457425843-503 - Limited - Disabled)
Guest (S-1-5-21-2794434498-725242176-3457425843-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2794434498-725242176-3457425843-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Acrobat.com (HKLM-x32\...\{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}) (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
AMD USB Filter Driver (HKLM-x32\...\{5BDA2F58-1F21-4D10-9910-92B01EBCC958}) (Version: 1.0.14.91 - Advanced Micro Devices, Inc.)
Any Video Converter 3.4.0 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.27 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{E50A5077-1654-BEAE-986B-7B7133DA7C48}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)
Bejeweled 2 Deluxe (HKLM-x32\...\WT082192) (Version: 2.2.0.82 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT082122) (Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT082124) (Version: 2.2.0.82 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (HKLM-x32\...\WT082438) (Version: 2.2.0.82 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT083477) (Version: 2.2.0.82 - WildTangent) Hidden
CamStudio (HKLM-x32\...\CamStudio) (Version: - )
Carbonite Online Backup Setup (HKLM-x32\...\Carbonite Setup Lite) (Version: 3.8.0 - Carbonite Inc.)
ccc-core-static (HKLM-x32\...\{AF4A82A7-F453-CE12-A942-E55FAC234387}) (Version: 2010.0202.2335.42270 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WT082200) (Version: 2.2.0.82 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
ClickCharts Diagram Flowchart Software (HKLM-x32\...\ClickCharts) (Version: 1.55 - NCH Software)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2712 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT082396) (Version: 2.2.0.82 - WildTangent) Hidden
Dora's Carnival Adventure (HKLM-x32\...\WT082133) (Version: 2.2.0.82 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD Shrink Packages (HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\DVD Shrink Packages) (Version: - ) <==== ATTENTION
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.10 - Emsisoft Ltd.)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Perfection V33/V330 Photo Scanner Driver Update (HKLM-x32\...\{3B03E732-6150-4D0A-849F-C6F4141EA78C}) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Escape Rosecliff Island (HKLM-x32\...\WT083484) (Version: 2.2.0.82 - WildTangent) Hidden
Express Points Presentation Software (HKLM-x32\...\ExpressPoints) (Version: 1.13 - NCH Software)
EZ Vinyl/Tape Converter 10 by Ion Audio (HKLM-x32\...\EZ Vinyl/Tape Converter by Ion Audio_is1) (Version: - Ion Audio LLC)
Faerie Solitaire (HKLM-x32\...\WT082442) (Version: 2.2.0.82 - WildTangent) Hidden
FATE (HKLM-x32\...\WT082141) (Version: 2.2.0.82 - WildTangent) Hidden
ffdshow (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
Free Mp3 Wma Converter V 1.91 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 1.91.0.0 - Koyote Soft)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2015 (HKLM-x32\...\{E7BFC29A-9459-4534-9E35-BF1D66A18BAA}) (Version: 15.05.7401 - HRB Technology, LLC.)
H&R Block Pennsylvania 2013 (HKLM-x32\...\{7F62C83B-2474-498A-8F5C-E5C452DF2D15}) (Version: 1.13.4501 - HRB Technology, LLC.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5418.39 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3902 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3910 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3911 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3911 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5C7FD70-2C0A-401E-95E9-916363567DDA}) (Version: 1.2.4048.3310 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}) (Version: 4.4.6.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
IHA_MessageCenter (HKLM-x32\...\{80813829-BE27-4799-8BC7-2F75A7B6CB50}) (Version: 1.1.0 - Verizon)
InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Jewel Quest 3 (HKLM-x32\...\WT082443) (Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WT082468) (Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyword Strategy Studio Pro v2010.010311 (HKLM-x32\...\Keyword Strategy Studio Pro_is1) (Version: - Softnik Technologies)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2610 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2610 - CyberLink Corp.)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
LightScribe Applications (HKLM-x32\...\{16F5ADDD-6EFD-411A-9013-8DD2C629FE53}) (Version: 1.18.27.10 - LightScribe)
LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Media Go (HKLM-x32\...\{F66C4A41-C3A8-4523-AB6C-BAA1DB38305C}) (Version: 2.7.357 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.4.128.12060 (HKLM-x32\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.128.12060 - Sony)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM-x32\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
Mp3 My Mp3 3.1 (HKLM-x32\...\{F92A74E1-D56E-4B83-A8C3-5DB85759A3FA}) (Version: 3.1 - Digital Liquid Ltd) Hidden
Mp3 My Mp3 3.1 (HKLM-x32\...\Mp3 My Mp3 3.1) (Version: 3.1 - Digital Liquid Ltd)
MP3MyMP3 4.2 (HKLM-x32\...\MP3MyMP3_is1) (Version: - Bruce McArthur)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
muvee Reveal Seagate Edition (HKLM-x32\...\{78E9A751-5616-233F-1249-16AC5758C646}) (Version: 7.0.41.11017 - muvee Technologies Pte Ltd)
Mystery P.I. - The New York Fortune (HKLM-x32\...\WT082456) (Version: 2.2.0.82 - WildTangent) Hidden
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.4 - NETGEAR)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec)
NWZ-E380 WALKMAN Guide (HKLM-x32\...\{D98ED583-338D-4425-B2EF-A4C7FB93CE88}) (Version: 2.2.0.05230 - Sony Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
Penguins! (HKLM-x32\...\WT082168) (Version: 2.2.0.82 - WildTangent) Hidden
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 6.1.2265 (2265) - Koninklijke Philips Electronics N.V.)
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Plants vs. Zombies (HKLM-x32\...\WT082170) (Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WT082171) (Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT082172) (Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT082173) (Version: 2.2.0.82 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3810 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3810 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2704 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2704 - CyberLink Corp.)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.25 - NCH Software)
Python 2.7.1 (64-bit) (HKLM\...\{32939827-d8e5-470a-b126-870db3c69fd0}) (Version: 2.7.1150 - Python Software Foundation)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2719 - CyberLink Corp.) Hidden
Riva FLV Encoder 2.0 (HKLM-x32\...\Riva FLV Encoder 2.0_is1) (Version: 2.00.0005 - Rothenberger & Partner)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.8.5.0 - Seagate)
Seagate Manager Installer (HKLM-x32\...\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate) Hidden
Seagate Manager Installer (HKLM-x32\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate)
Sound Organizer (HKLM-x32\...\{95B9D945-C782-44F8-AD12-F9FE48EE7C94}) (Version: 1.1.0.12070 - Sony Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.12 - NCH Software)
TextTwist 2 (HKLM-x32\...\WT083491) (Version: 2.2.0.82 - WildTangent) Hidden
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.48 - NCH Software)
Virtual Families (HKLM-x32\...\WT082188) (Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (HKLM-x32\...\WT082241) (Version: 2.2.0.82 - WildTangent) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vz In Home Agent (HKLM-x32\...\{6916E491-8BBF-4E8A-AFAD-D01307C059E5}) (Version: 8.02.23 - Verizon)
Wav to Mp3 (HKLM-x32\...\{729E66B3-1B80-4F2F-8D19-342A89631E0A}_is1) (Version: - )
Wheel of Fortune 2 (HKLM-x32\...\WT082189) (Version: 2.2.0.82 - WildTangent) Hidden
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4038.0 - Microsoft Corporation)
Zuma's Revenge (HKLM-x32\...\WT082463) (Version: 2.2.0.82 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2794434498-725242176-3457425843-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00E7E66A-146A-4D91-AE0E-8E041E5EEEFC} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {128FDC75-746D-4480-869A-A87D6AEBB636} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {1294C8DE-F2BA-4269-871D-756095C3B09E} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-02-24] ()
Task: {198BA291-FB1B-4265-A118-6FE6B55EBBE7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {1BB38B11-01D4-4FC3-9105-370BB8C11A21} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe
Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {356D20A1-53E6-435D-A1F2-FDCAA78D276B} - System32\Tasks\Craig DiPiano1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-07-21] (Seagate Technology LLC)
Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3FDDFACE-600F-41C0-A521-C7119F1B6508} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Craig DiPiano\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4F146EF9-1584-4BF8-A020-3A9E37525BCE} - System32\Tasks\Craig DiPiano DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2017-07-21] (Seagate Technology LLC)
Task: {5A2CC048-721F-46A1-AC35-80DD405DFAEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {5DCCE427-23A6-4FC9-ACF2-657BA1A698C9} - System32\Tasks\Craig DiPiano1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-07-21] (Seagate Technology LLC)
Task: {5F522CEB-EAA3-4E97-96FF-BF8425DF56F6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {71415035-9F51-485A-BF58-AE3A62E8BB0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {77CDE8FA-743E-4BC5-8128-8886F7D50B1D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {7864E796-9F78-4F98-95A9-80E968BB9BEB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7B414C1E-650B-461C-A36D-14FB655627C0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {841465EF-77FE-40EF-8138-287423A1BD12} - System32\Tasks\{F030C5F5-3535-40C8-82A9-4FBBB3FA519D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Craig DiPiano\Videos\Riva_FLV_Encoder.exe" -d "C:\Users\Craig DiPiano\Videos"
Task: {8451AEC7-438A-47ED-AAF8-43DA021933CF} - System32\Tasks\iMeshNAG => C:\Users\CRAIGD~1\AppData\Local\Temp\iMesh_setup.exe <==== ATTENTION
Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88B0061E-71BD-4E62-B1BA-8AD9866A077C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8CEC57CE-9D89-4DAC-B4A6-7A110184F37A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A2637C3B-1E40-44BD-AB8C-4383AC6C1F7C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A4E1A579-D414-4C8E-AD66-03A0538F4503} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A7F13F2E-7E40-4342-A3EF-A78884CC1813} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AA665A59-A688-419E-B83D-465C6651FBB7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AC825DFB-BBC0-430E-9DBA-4A946ACA8B53} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B081616E-0B12-4425-9E08-A245118C7CCE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B0FAD8D3-529C-4402-94D7-4D44F8DB6D78} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B564AB98-F1CF-4EF4-B044-F7492A523700} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BA287D0E-8F40-4EF9-BAA0-1EACC7B4B577} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {BB119898-E216-4E4D-93DB-E693B6921D84} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C53DD36B-A1E7-4C6E-A433-B17773342A7E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01] (PC-Doctor, Inc.)
Task: {CE4316C6-3AE3-4120-ACFF-FB8A88428B1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D13884A6-4010-4AC9-99F8-7BA15C9287F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {D2766357-4D1A-4D75-A2FB-E426DC50D624} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {D34FC6E8-B440-4E73-A3B7-7D93D9CF0DC2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DC292CBE-591A-4837-B7BD-C5A523F33642} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2017-07-21] (Seagate Technology LLC)
Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EDC1CEBF-721A-43DF-97F4-6333C572872D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\iMeshNAG.job => C:\Users\CRAIGD~1\AppData\Local\Temp\iMesh_setup.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Craig DiPiano\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Account.lnk -> hxxp://www22.verizon.com/ForYourHome/MyAccount/Protected/Account/MyAccountProfile.asp
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Message Center.lnk -> hxxp://webmail.verizon.com
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\My Verizon.lnk -> hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.asp
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Shop Verizon.lnk -> hxxp://my.verizon.com/shop/portlets/shop/ShopVas.js
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Support.lnk -> hxxp://www22.verizon.com/residentialhelp
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\About Verizon.lnk -> hxxp://wapp.verizon.com/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_cor
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\Safety & Security.lnk -> hxxp://surround.verizon.com/Shop/Utilities/InternetSecuritySuite.asp
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\Search.lnk -> hxxp://my.verizon.com/central/bookmark?action=advancedwebsearc
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\Support.lnk -> hxxp://www22.verizon.com/residentialhelp
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\Welcome Page.lnk -> hxxp://wapp.verizon.com/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=wc_welcom
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 16:35 - 2016-12-09 05:29 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-06-09 20:20 - 2014-08-18 16:50 - 000316120 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2016-12-31 04:40 - 2017-04-20 02:42 - 002271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-11-24 08:07 - 2016-11-24 08:07 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 16:21 - 2016-12-21 02:09 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 16:21 - 2016-12-21 01:54 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 16:21 - 2016-12-21 01:48 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 16:21 - 2016-12-21 01:48 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 16:21 - 2016-12-21 01:48 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 16:21 - 2016-12-21 01:48 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 16:21 - 2016-12-21 01:53 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-14 15:50 - 2016-12-14 15:51 - 000072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 15:50 - 2016-12-14 15:51 - 000179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 15:50 - 2016-12-14 15:51 - 042130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 15:50 - 2016-12-14 15:51 - 002216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2010-01-18 12:21 - 2010-01-18 12:21 - 000568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-02-09 21:01 - 2010-02-09 21:01 - 001712184 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
2015-06-09 20:20 - 2014-08-18 16:49 - 008274648 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2017-09-26 15:40 - 2017-09-21 02:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 15:40 - 2017-09-21 02:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2015-06-09 20:20 - 2015-02-26 19:19 - 000380928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2015-06-09 20:20 - 2014-07-22 09:18 - 000278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2016-11-28 16:35 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-11-28 16:35 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-11-28 16:35 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE trusted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\google.com -> hxxps://www.google.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\123simsen.com -> www.123simsen.com
There are 7937 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2017-11-04 11:30 - 000454674 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15603 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Craig DiPiano\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{41c40453-4351-48d4-a54d-4ee28bcbd18e}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKLM\...\StartupApproved\Run32: => "CarboniteSetupLite"
HKLM\...\StartupApproved\Run32: => "Microsoft Default Manager"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "MaxMenuMgr"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Philips Device Listener"
HKLM\...\StartupApproved\Run32: => "VerizonServicepoint.exe"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\StartupFolder: => "Epson scanner Registration.lnk"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "LightScribe Control Panel"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "SanDiskSecureAccess_Manager.exe"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{84F0FFF7-3488-4ABC-9164-87540A4450AD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E21A872A-C4F0-414F-A48E-43B01FEA01D3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{F4DF446F-8109-42A7-8A3C-5CEA123C3B17}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{040FE419-F64E-4E34-9618-964CAC54E6A4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{F55682A5-BB17-4610-8261-3BA16FF2AE55}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{C6A48249-3893-4B45-8CA0-A2E6FEA1C7B5}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{C5933230-372D-40B1-BCF8-605DC672CD67}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{F4C1E844-CDF5-4F9D-9548-E5BF12D82D71}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{B9483F56-D54B-4EB7-BD5F-52813A76590A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{42412653-06AB-4834-9BA3-E41793587266}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{610413EF-3EE6-4079-AEE5-7208123F2080}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{C517426F-ED19-40EE-9BCB-517227F2B515}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{0851FF14-6F85-4097-A4CD-30DAB60DDE90}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{A758F163-F159-4EBD-9E94-CBD795225D78}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [TCP Query User{C7894759-182D-4A84-A0E7-AE37A01B828C}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{7818AB9B-32A9-4D78-BF6C-D11C5E1DB339}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{F1534492-FFC7-44FA-A3FD-3002899CDCE1}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{1ECD3752-A781-41B9-906B-2CEC23495D8B}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{44EA520B-6459-44DE-BB91-052225AFB5C8}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{61A8A447-6D0A-4A34-8F44-46F35231DC42}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{82F48685-F443-43F4-A62F-46F02843C857}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{4650292E-F11B-41AF-BAF0-928FA75891DD}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{D2AE60FD-EE99-475C-BC88-9818B4AE6F21}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{D6420937-ED58-486A-B363-7D432BF18108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [TCP Query User{12B30242-047A-4C84-BC53-664CFD9A1F49}J:\techwizard.exe] => (Allow) J:\techwizard.exe
FirewallRules: [UDP Query User{3EA45341-C127-4672-A71C-6D3692CCBEEE}J:\techwizard.exe] => (Allow) J:\techwizard.exe
FirewallRules: [{0CEDAE81-58B5-4D30-9708-43A709EA40E6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{79EDC441-6588-490A-9992-B539F12EFDEE}] => (Allow) LPort=2869
FirewallRules: [{7169B85C-CF6F-47CD-A940-2C9068FF12C4}] => (Allow) LPort=1900
FirewallRules: [{CD2009EE-4A3A-42C5-A467-38E94FA40718}] => (Allow) C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
FirewallRules: [{F952453A-F885-47C8-8385-7D9CE94B75D8}] => (Allow) C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
FirewallRules: [{424B25CA-A9BE-4111-9EC7-6B916BA059A6}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{1D41B792-B8C3-4BEC-AF53-618D22E102B9}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{B4AB2586-BAEF-4C9C-9772-A26C7533716F}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{DB969FDF-B805-4825-8380-132D25BEB736}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{BB4480CA-BB40-4E94-8CFE-36D8F181FB93}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25B86D4D-4AE6-4C0E-BA65-4CA8630BCC78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B60FED6B-8345-403D-9E6D-00848A6042E7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A453C1B3-7472-49C8-B09E-7DB7EF0DACE7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C5E07347-C24A-4F3B-818A-E7D4117417E9}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{4FE7B64C-9666-4CE9-A0B1-B845FB4227E1}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{8ABF4E99-0728-4DD7-9049-E35EC71CB8F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{6FDD09DF-2AA8-4C27-912D-F884522B89D2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{75BD3109-6053-4A0B-BDFD-E6D0AB05EEA5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{C8128898-BF1C-4574-A6E3-C37BF0AB1BA4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F44A61A3-387E-4081-AC7B-5888ADD5C6EA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D52E6CEA-CB0B-4FBD-877F-3FBDA503636E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1F42BD20-8EE8-4B19-B2D9-87898CA8E8A6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{095C1336-5773-43A5-A65D-357BF0B618B7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{FCEE68FC-A2DE-415D-8D57-F62A9E9991E7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5CF5B394-5F4A-4A96-9E62-05C1E63BE4E1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{BEB6D0F4-69C3-4A83-9AF0-54A1AEE83814}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{F8883C2F-171C-4FFD-9422-E58486D41221}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{3B25487C-EB7E-4C60-98FC-3324F9848BE1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{888E4841-F389-4EE7-9635-0716BC22B379}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF6B0E1F-6C90-457C-AAFC-1F36582990D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A3F78FA-F6C8-4D87-8BD8-BBD0BD8FADD4}] => (Allow) LPort=50001
FirewallRules: [{CCF8AC7A-0119-42D7-A67E-1A6CA0656801}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5F082340-5123-462D-869B-D518AB85D892}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [TCP Query User{481D3776-A41E-4B93-A4A7-31D3B769372C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{6A379BD4-5D5A-4799-890C-9CEC27931A5D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{CDB978FF-B6CA-47C4-AF0A-0E6CC45F1F8F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EE4A9AEE-8BDC-46FC-8558-DAB0420E6360}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{5955BE02-79FB-471D-A0F7-5A6763BAA940}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{FD258FF1-7BE7-484A-95DD-DB430030D361}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/14/2017 07:30:49 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551.
Error: (11/14/2017 07:30:49 PM) (Source: ESENT) (EventID: 517) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Error: (11/14/2017 07:28:48 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551.
Error: (11/14/2017 07:28:48 PM) (Source: ESENT) (EventID: 517) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Error: (11/14/2017 07:26:48 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551.
Error: (11/14/2017 07:26:48 PM) (Source: ESENT) (EventID: 517) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Error: (11/14/2017 07:24:48 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551.
Error: (11/14/2017 07:24:48 PM) (Source: ESENT) (EventID: 517) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Error: (11/14/2017 07:22:48 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551.
Error: (11/14/2017 07:22:48 PM) (Source: ESENT) (EventID: 517) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
System errors:
=============
Error: (11/14/2017 07:30:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443751
Error: (11/14/2017 07:30:48 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGDIPIANO-HP)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (11/14/2017 07:28:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443751
Error: (11/14/2017 07:28:48 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGDIPIANO-HP)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (11/14/2017 07:26:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443751
Error: (11/14/2017 07:26:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (11/14/2017 07:24:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443751
Error: (11/14/2017 07:24:48 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGDIPIANO-HP)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (11/14/2017 07:22:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443751
Error: (11/14/2017 07:22:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
CodeIntegrity:
===================================
Date: 2017-11-14 19:27:41.700
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-14 19:27:41.696
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-14 19:27:41.650
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-14 19:27:41.646
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-14 19:22:36.293
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-14 19:22:06.270
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-14 19:21:53.562
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-14 19:21:49.349
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-14 19:20:46.829
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-14 19:20:46.776
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X4 630 Processor
Percentage of memory in use: 42%
Total physical RAM: 5879.89 MB
Available physical RAM: 3383.18 MB
Total Virtual: 8695.89 MB
Available Virtual: 6107.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.32 GB) (Free:678.87 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.46 GB) (Free:1.38 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: C8002F2A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
I then installed Emsisoft AntiMalware - it found only adware.
He was using AVG Free and Spybot S&D. Check out that host file.
Can you please check to see if there's anything that needs to be addressed.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by Craig DiPiano (administrator) on CRAIGDIPIANO-HP (14-11-2017 19:27:09)
Running from C:\Users\Craig DiPiano\Desktop
Loaded Profiles: Craig DiPiano (Available Profiles: Craig DiPiano & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1607 14393.693 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(SAC) C:\ProgramData\ClickFreeTformer\reminder\SacReminder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8849832 2017-11-13] (Emsisoft Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Microsoft Default Manager] => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM-x32\...\Run: [Philips Device Listener] => C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-03-19] ()
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [197928 2009-12-18] (Seagate LLC)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CarboniteSetupLite] => C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe [318096 2009-08-04] (Carbonite, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1562304 2017-07-21] (Seagate Technology LLC)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Craig DiPiano\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-07-10] (Gemalto N.V.)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [142568 2017-07-21] (Seagate Technology LLC)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\Run: [SacReminder] => C:\ProgramData\ClickfreeTformer\reminder\SacReminder.exe [825152 2009-09-04] (SAC)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\MountPoints2: {37773de6-c7c4-11e7-9dbd-78e7d1c8ebc7} - "F:\StartClickFreeBackup.exe"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\MountPoints2: {9e2ec690-8457-11e7-9db9-78e7d1c8ebc7} - "L:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-07-01]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk [2015-06-19]
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2010-05-09]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk [2013-02-02]
ShortcutTarget: Epson scanner Registration.lnk -> E:\Common\EpsonReg\v33\EpsonReg.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2e716942-8032-463e-baf2-25dd3e2304d1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{32f97b89-1668-40b9-8cc8-91ba1b275eb3}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
SearchScopes: HKLM -> {5F7433B8-9CB1-45E8-95A9-65BB044ACC20} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {ACF86F11-B2C2-421B-94B3-B7EAFAC8BB2A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {5F7433B8-9CB1-45E8-95A9-65BB044ACC20} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {ACF86F11-B2C2-421B-94B3-B7EAFAC8BB2A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2794434498-725242176-3457425843-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2794434498-725242176-3457425843-1001 -> {5F7433B8-9CB1-45E8-95A9-65BB044ACC20} URL =
SearchScopes: HKU\S-1-5-21-2794434498-725242176-3457425843-1001 -> {ACF86F11-B2C2-421B-94B3-B7EAFAC8BB2A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKU\S-1-5-21-2794434498-725242176-3457425843-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FireFox:
========
FF ProfilePath: C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default [2014-12-11]
FF Extension: (Philips Branding) - C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\Extensions\philips-branding@philips.com [2011-08-27] [not signed]
FF Extension: (QuickTime Playback) - C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\Extensions\quicktime@songbirdnest.com [2011-02-07] [not signed]
FF Extension: (Windows Media Playback) - C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\Extensions\windowsmedia@songbirdnest.com [2011-02-07] [not signed]
FF Extension: (AAC Decoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (Artwork Extras) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (CD Rip Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (File association) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com [2014-07-28] [not signed]
FF Extension: (gonzo) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (Gracenote Metadata Lookup Provider) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (H.264 Video Decoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewh264dec@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (mashTape) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (MP3 Encoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (MPEG-4 Video Decoding Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmpeg4dec@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (MSC Device Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (MTP Device Support) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (Philips addon manager) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com [2014-07-28] [not signed]
FF Extension: (Philips auto msc-mtp switch) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com [2014-07-28] [not signed]
FF Extension: (Philips Branding) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com [2014-07-28] [not signed]
FF Extension: (Philips GoGear Device Manager) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (Philips Skin) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com [2014-07-28] [not signed]
FF Extension: (Philips UI) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com [2014-07-28] [not signed]
FF Extension: (Purple Rain) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (Concerts) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\concerts@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (LikeMusic) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com [2014-07-28] [not signed]
FF Extension: (MinimizeToTray Plus for Philips Songbird) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-minimizetotray@philips.com [2014-07-28] [not signed]
FF Extension: (Philips Promotions) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com [2014-07-28] [not signed]
FF Extension: (rhapsody) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\rhapsody@songbirdnest.com [2014-07-28] [not signed]
FF Extension: (Media Sharing) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\sharing@songbirdnest.com [2014-07-28] [not signed]
FF SearchPlugin: C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\searchplugins\62fa0614-5d53-4857-a24a-46d24ee810a3.xml [2011-02-07]
FF SearchPlugin: C:\Users\Craig DiPiano\AppData\Roaming\Philips-Songbird\Profiles\1zpoz04t.default\searchplugins\7c448e2e-7f1f-4329-965e-4fb614062ebf.xml [2014-07-28]
FF ProfilePath: C:\Users\Craig DiPiano\AppData\Roaming\Mozilla\Firefox\Profiles\5akk4lm7.default [2017-11-14]
FF user.js: detected! => C:\Users\Craig DiPiano\AppData\Roaming\Mozilla\Firefox\Profiles\5akk4lm7.default\user.js [2014-01-19]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\5akk4lm7.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\5akk4lm7.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\5akk4lm7.default -> hxxp://www.google.com/
FF Extension: (Add Google Search To New Tab Page) - C:\Users\Craig DiPiano\AppData\Roaming\Mozilla\Firefox\Profiles\5akk4lm7.default\Extensions\newtabgoogle@graememcc.co.uk.xpi [2016-10-02]
FF Extension: (Video Downloader) - C:\Users\Craig DiPiano\AppData\Roaming\Mozilla\Firefox\Profiles\5akk4lm7.default\Extensions\pbekeglhko@pbekeglhko.org.xpi [2013-03-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension => not found
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2014-08-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-07-23] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2794434498-725242176-3457425843-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> javascript:location.href=%27mailto:?SUBJECT=%27+document.title+%27&BODY=%27+escape(location.href);
CHR Profile: C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default [2017-11-14]
CHR Extension: (Slides) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-04]
CHR Extension: (YouTube) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-04]
CHR Extension: (Google Docs Offline) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-04]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2017-11-13]
CHR Extension: (Save to Facebook) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-08-13]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2017-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2017-05-06]
CHR Extension: (Gmail) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Craig DiPiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9173552 2017-11-13] (Emsisoft Ltd)
S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-03-24] (Hewlett-Packard) [File not signed]
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-03-17] (Alcatel-Lucent) [File not signed]
S3 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [157024 2010-11-19] (Sony Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16120 2017-07-21] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143560 2017-07-21] (Seagate Technology LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [316120 2014-08-18] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\WINDOWS\System32\drivers\61883.sys [61952 2016-07-16] (Microsoft Corporation)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2012-04-04] (GEAR Software Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-11-14] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NPF; C:\WINDOWS\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [23536 2010-01-19] (PC-Doctor, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X]
S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-14 19:27 - 2017-11-14 19:27 - 000026894 _____ C:\Users\Craig DiPiano\Desktop\FRST.txt
2017-11-14 19:27 - 2017-11-14 19:27 - 000000000 ____D C:\FRST
2017-11-14 19:26 - 2017-11-14 19:26 - 002392576 _____ (Farbar) C:\Users\Craig DiPiano\Desktop\FRST64.exe
2017-11-14 19:07 - 2017-11-14 19:15 - 000000000 ____D C:\AdwCleaner
2017-11-14 18:52 - 2017-11-14 19:00 - 000000000 ____D C:\ProgramData\Emsisoft
2017-11-14 18:51 - 2017-11-14 18:51 - 000000939 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-11-14 18:51 - 2017-11-14 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-11-14 18:50 - 2017-11-14 19:22 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-11-14 18:39 - 2017-11-14 18:41 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\AvgSetupLog
2017-11-14 18:29 - 2017-11-14 18:49 - 291547704 _____ (Emsisoft Ltd. ) C:\Users\Craig DiPiano\Downloads\EmsisoftAntiMalwareSetup.exe
2017-11-14 18:26 - 2017-11-14 19:02 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-14 18:26 - 2017-11-14 18:26 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-14 18:18 - 2017-11-14 18:18 - 000001291 _____ C:\Users\Craig DiPiano\Desktop\MBAM scan.txt
2017-11-13 12:46 - 2017-11-13 13:22 - 000000000 _____ C:\Recovery.txt
2017-11-12 11:19 - 2017-11-12 14:50 - 000000000 ____D C:\ProgramData\ClickFreeTformer
2017-11-12 11:19 - 2017-11-12 11:19 - 000000000 ____D C:\ProgramData\ClickfreeIPTformer
2017-11-09 18:06 - 2017-11-09 18:06 - 005164530 _____ C:\Users\Craig DiPiano\Downloads\Painting Trees in Acrylic - Reference Images.pdf
2017-11-09 18:05 - 2017-11-09 18:06 - 000203037 _____ C:\Users\Craig DiPiano\Downloads\Painting Trees in Acrylic - Materials (1).pdf
2017-11-05 15:06 - 2017-11-05 15:06 - 000002200 _____ C:\Users\Craig DiPiano\AppData\Local\recently-used.xbel
2017-11-04 11:30 - 2017-10-24 17:53 - 000454674 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20171104-123031.backup
2017-10-29 12:42 - 2017-10-29 12:42 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\webkit
2017-10-29 12:33 - 2017-11-05 15:06 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\gtk-2.0
2017-10-29 12:32 - 2017-10-29 12:32 - 000000000 ____D C:\Users\Craig DiPiano\.thumbnails
2017-10-29 12:27 - 2017-11-05 15:13 - 000000000 ____D C:\Users\Craig DiPiano\.gimp-2.8
2017-10-29 12:27 - 2017-10-29 12:27 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\gegl-0.2
2017-10-29 12:27 - 2017-10-29 12:27 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\fontconfig
2017-10-29 12:26 - 2017-10-29 12:26 - 000000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-10-29 12:25 - 2017-10-29 12:26 - 000000000 ____D C:\Program Files\GIMP 2
2017-10-29 12:24 - 2017-10-29 12:25 - 089579672 _____ (The GIMP Team ) C:\Users\Craig DiPiano\Downloads\gimp-2.8.22-setup.exe
2017-10-24 17:53 - 2017-10-22 11:03 - 000454674 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20171024-185315.backup
2017-10-22 11:03 - 2017-10-13 17:09 - 000454674 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20171022-120320.backup
2017-10-21 11:38 - 2017-10-21 11:38 - 000000925 _____ C:\Users\Craig DiPiano\Downloads\events.ics
2017-10-20 16:53 - 2017-10-20 16:53 - 000003890 _____ C:\WINDOWS\System32\Tasks\Craig DiPiano1 Merge
2017-10-20 16:53 - 2017-10-20 16:53 - 000003862 _____ C:\WINDOWS\System32\Tasks\Craig DiPiano1
2017-10-17 18:16 - 2017-10-17 18:16 - 000003638 _____ C:\WINDOWS\System32\Tasks\Craig DiPiano DBAgent 2 0
2017-10-17 18:16 - 2017-10-17 18:16 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\Nero
2017-10-17 18:15 - 2017-10-17 18:15 - 000003644 _____ C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
2017-10-17 18:14 - 2017-10-17 18:14 - 000002180 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2017-10-17 18:14 - 2017-10-17 18:14 - 000000000 ____D C:\ProgramData\Nero
2017-10-17 18:14 - 2017-10-17 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2017-10-17 18:13 - 2017-10-17 18:13 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\Seagate
2017-10-17 18:08 - 2017-10-17 18:10 - 156799280 _____ (Seagate) C:\Users\Craig DiPiano\Downloads\Seagate_Dashboard_Installer.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-14 19:25 - 2016-11-24 05:43 - 001427924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-14 19:21 - 2016-12-31 04:40 - 000251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-14 19:19 - 2016-11-24 06:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-14 19:19 - 2016-07-16 01:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-11-14 19:15 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-14 19:15 - 2012-04-18 19:18 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\Yahoo!
2017-11-14 19:15 - 2012-04-18 19:18 - 000000000 ____D C:\Users\Craig DiPiano\AppData\LocalLow\Yahoo!
2017-11-14 19:15 - 2012-04-18 19:18 - 000000000 ____D C:\Program Files (x86)\Yahoo!
2017-11-14 18:58 - 2010-06-20 17:45 - 000000000 ____D C:\ProgramData\Adobe
2017-11-14 18:43 - 2016-11-11 04:08 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\AVG
2017-11-14 18:43 - 2016-11-11 03:39 - 000000000 ____D C:\ProgramData\Avg
2017-11-14 18:43 - 2010-06-20 17:45 - 000000000 ____D C:\Program Files\Google
2017-11-14 18:43 - 2010-06-20 17:45 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-14 18:43 - 2010-06-20 13:19 - 000000000 ____D C:\Program Files (x86)\AVG
2017-11-14 18:27 - 2010-06-20 17:45 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\Adobe
2017-11-14 18:27 - 2010-06-20 13:09 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\Adobe
2017-11-14 18:26 - 2010-06-20 17:45 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-14 18:22 - 2016-07-16 06:45 - 000000000 ____D C:\WINDOWS\INF
2017-11-14 18:19 - 2010-06-20 17:57 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Local\Google
2017-11-14 18:19 - 2010-06-20 17:45 - 000000000 ____D C:\ProgramData\Google
2017-11-14 18:06 - 2016-11-24 05:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-14 17:50 - 2017-05-04 15:33 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-11-11 13:44 - 2016-11-24 05:44 - 000000000 ____D C:\Users\Craig DiPiano
2017-11-06 20:18 - 2017-07-27 16:07 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2794434498-725242176-3457425843-1001
2017-11-06 20:18 - 2016-05-20 17:23 - 000002436 _____ C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-06 20:18 - 2016-05-20 17:23 - 000000000 ___RD C:\Users\Craig DiPiano\OneDrive
2017-11-04 19:48 - 2013-02-02 10:01 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\ArcSoft
2017-10-25 16:35 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 16:35 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-22 14:52 - 2012-07-20 11:06 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\SanDisk
2017-10-22 14:50 - 2010-08-05 19:50 - 000000000 ____D C:\Users\Craig DiPiano\AppData\Roaming\vlc
2017-10-22 12:34 - 2011-02-04 16:32 - 000000000 ____D C:\Users\Craig DiPiano\Documents\FINANCES
2017-10-22 12:32 - 2012-06-16 10:46 - 000000000 ____D C:\Users\Craig DiPiano\Documents\Auto
2017-10-17 18:14 - 2010-06-20 17:38 - 000000000 ____D C:\Program Files (x86)\Seagate
2017-10-17 17:24 - 2017-07-25 17:11 - 000000000 ____D C:\Users\Craig DiPiano\Documents\Sketches_Scanned
==================== Files in the root of some directories =======
2010-07-12 17:48 - 2010-10-17 10:11 - 000033134 _____ () C:\Users\Craig DiPiano\AppData\Roaming\UserTile.png
2010-06-27 19:18 - 2017-08-03 17:02 - 000002500 _____ () C:\Users\Craig DiPiano\AppData\Roaming\wklnhst.dat
2017-01-24 17:27 - 2017-09-24 12:35 - 000016960 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\1eaadjc.dll
2017-01-24 17:27 - 2017-09-24 12:35 - 000018724 ____T () C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\bass.dll
2017-01-24 17:27 - 2017-09-24 12:35 - 000014392 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\kfgresk.dll
2017-01-24 17:27 - 2017-09-24 12:35 - 000014456 ____T () C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\mjcriu.dll
2017-01-24 17:27 - 2017-09-24 12:35 - 000010816 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\peaadje.dll
2017-01-24 17:27 - 2017-09-24 12:35 - 000028760 ____T (
JOBnik! [Arthur Aminov, ISRAEL]) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\qwadjb.dll2017-01-24 17:27 - 2017-09-24 12:35 - 000015424 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\rsaadjd.dll
2017-01-24 17:27 - 2017-09-24 12:35 - 000098872 ____T (Un4seen Developments) C:\Users\Craig DiPiano\AppData\Roaming\Microsoft\~DFK51ab8d40.tmp
2010-07-20 18:35 - 2017-09-24 12:34 - 000082432 _____ () C:\Users\Craig DiPiano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-05 15:06 - 2017-11-05 15:06 - 000002200 _____ () C:\Users\Craig DiPiano\AppData\Local\recently-used.xbel
2012-05-24 17:11 - 2012-05-24 17:11 - 000000017 _____ () C:\Users\Craig DiPiano\AppData\Local\resmon.resmoncfg
2011-07-23 18:58 - 2011-07-23 18:58 - 000000000 _____ () C:\Users\Craig DiPiano\AppData\Local\{A5A7E4C1-9043-4FD1-8D28-C74B15880741}
2012-02-27 10:42 - 2013-02-24 12:24 - 000000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Files to move or delete:
====================
C:\Users\Craig DiPiano\lametritonus_en.dll
C:\Users\Craig DiPiano\lame_enc_en.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-06 16:49
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by Craig DiPiano (14-11-2017 19:28:40)
Running from C:\Users\Craig DiPiano\Desktop
Windows 10 Home Version 1607 14393.693 (X64) (2016-11-24 11:28:49)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2794434498-725242176-3457425843-500 - Administrator - Disabled)
Craig DiPiano (S-1-5-21-2794434498-725242176-3457425843-1001 - Administrator - Enabled) => C:\Users\Craig DiPiano
DefaultAccount (S-1-5-21-2794434498-725242176-3457425843-503 - Limited - Disabled)
Guest (S-1-5-21-2794434498-725242176-3457425843-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2794434498-725242176-3457425843-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Spybot - Search and Destroy (Disabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Acrobat.com (HKLM-x32\...\{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}) (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
AMD USB Filter Driver (HKLM-x32\...\{5BDA2F58-1F21-4D10-9910-92B01EBCC958}) (Version: 1.0.14.91 - Advanced Micro Devices, Inc.)
Any Video Converter 3.4.0 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.27 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{E50A5077-1654-BEAE-986B-7B7133DA7C48}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)
Bejeweled 2 Deluxe (HKLM-x32\...\WT082192) (Version: 2.2.0.82 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT082122) (Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT082124) (Version: 2.2.0.82 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (HKLM-x32\...\WT082438) (Version: 2.2.0.82 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT083477) (Version: 2.2.0.82 - WildTangent) Hidden
CamStudio (HKLM-x32\...\CamStudio) (Version: - )
Carbonite Online Backup Setup (HKLM-x32\...\Carbonite Setup Lite) (Version: 3.8.0 - Carbonite Inc.)
ccc-core-static (HKLM-x32\...\{AF4A82A7-F453-CE12-A942-E55FAC234387}) (Version: 2010.0202.2335.42270 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WT082200) (Version: 2.2.0.82 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
ClickCharts Diagram Flowchart Software (HKLM-x32\...\ClickCharts) (Version: 1.55 - NCH Software)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2712 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT082396) (Version: 2.2.0.82 - WildTangent) Hidden
Dora's Carnival Adventure (HKLM-x32\...\WT082133) (Version: 2.2.0.82 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD Shrink Packages (HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\DVD Shrink Packages) (Version: - ) <==== ATTENTION
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.10 - Emsisoft Ltd.)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Perfection V33/V330 Photo Scanner Driver Update (HKLM-x32\...\{3B03E732-6150-4D0A-849F-C6F4141EA78C}) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Escape Rosecliff Island (HKLM-x32\...\WT083484) (Version: 2.2.0.82 - WildTangent) Hidden
Express Points Presentation Software (HKLM-x32\...\ExpressPoints) (Version: 1.13 - NCH Software)
EZ Vinyl/Tape Converter 10 by Ion Audio (HKLM-x32\...\EZ Vinyl/Tape Converter by Ion Audio_is1) (Version: - Ion Audio LLC)
Faerie Solitaire (HKLM-x32\...\WT082442) (Version: 2.2.0.82 - WildTangent) Hidden
FATE (HKLM-x32\...\WT082141) (Version: 2.2.0.82 - WildTangent) Hidden
ffdshow (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
Free Mp3 Wma Converter V 1.91 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 1.91.0.0 - Koyote Soft)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2015 (HKLM-x32\...\{E7BFC29A-9459-4534-9E35-BF1D66A18BAA}) (Version: 15.05.7401 - HRB Technology, LLC.)
H&R Block Pennsylvania 2013 (HKLM-x32\...\{7F62C83B-2474-498A-8F5C-E5C452DF2D15}) (Version: 1.13.4501 - HRB Technology, LLC.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5418.39 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3902 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3910 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3911 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3911 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5C7FD70-2C0A-401E-95E9-916363567DDA}) (Version: 1.2.4048.3310 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}) (Version: 4.4.6.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
IHA_MessageCenter (HKLM-x32\...\{80813829-BE27-4799-8BC7-2F75A7B6CB50}) (Version: 1.1.0 - Verizon)
InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Jewel Quest 3 (HKLM-x32\...\WT082443) (Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WT082468) (Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyword Strategy Studio Pro v2010.010311 (HKLM-x32\...\Keyword Strategy Studio Pro_is1) (Version: - Softnik Technologies)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2610 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2610 - CyberLink Corp.)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
LightScribe Applications (HKLM-x32\...\{16F5ADDD-6EFD-411A-9013-8DD2C629FE53}) (Version: 1.18.27.10 - LightScribe)
LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Media Go (HKLM-x32\...\{F66C4A41-C3A8-4523-AB6C-BAA1DB38305C}) (Version: 2.7.357 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.4.128.12060 (HKLM-x32\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.128.12060 - Sony)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM-x32\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
Mp3 My Mp3 3.1 (HKLM-x32\...\{F92A74E1-D56E-4B83-A8C3-5DB85759A3FA}) (Version: 3.1 - Digital Liquid Ltd) Hidden
Mp3 My Mp3 3.1 (HKLM-x32\...\Mp3 My Mp3 3.1) (Version: 3.1 - Digital Liquid Ltd)
MP3MyMP3 4.2 (HKLM-x32\...\MP3MyMP3_is1) (Version: - Bruce McArthur)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
muvee Reveal Seagate Edition (HKLM-x32\...\{78E9A751-5616-233F-1249-16AC5758C646}) (Version: 7.0.41.11017 - muvee Technologies Pte Ltd)
Mystery P.I. - The New York Fortune (HKLM-x32\...\WT082456) (Version: 2.2.0.82 - WildTangent) Hidden
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.4 - NETGEAR)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec)
NWZ-E380 WALKMAN Guide (HKLM-x32\...\{D98ED583-338D-4425-B2EF-A4C7FB93CE88}) (Version: 2.2.0.05230 - Sony Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
Penguins! (HKLM-x32\...\WT082168) (Version: 2.2.0.82 - WildTangent) Hidden
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 6.1.2265 (2265) - Koninklijke Philips Electronics N.V.)
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Plants vs. Zombies (HKLM-x32\...\WT082170) (Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WT082171) (Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT082172) (Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT082173) (Version: 2.2.0.82 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3810 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3810 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2704 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2704 - CyberLink Corp.)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.25 - NCH Software)
Python 2.7.1 (64-bit) (HKLM\...\{32939827-d8e5-470a-b126-870db3c69fd0}) (Version: 2.7.1150 - Python Software Foundation)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2719 - CyberLink Corp.) Hidden
Riva FLV Encoder 2.0 (HKLM-x32\...\Riva FLV Encoder 2.0_is1) (Version: 2.00.0005 - Rothenberger & Partner)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.8.5.0 - Seagate)
Seagate Manager Installer (HKLM-x32\...\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate) Hidden
Seagate Manager Installer (HKLM-x32\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate)
Sound Organizer (HKLM-x32\...\{95B9D945-C782-44F8-AD12-F9FE48EE7C94}) (Version: 1.1.0.12070 - Sony Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.12 - NCH Software)
TextTwist 2 (HKLM-x32\...\WT083491) (Version: 2.2.0.82 - WildTangent) Hidden
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.48 - NCH Software)
Virtual Families (HKLM-x32\...\WT082188) (Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (HKLM-x32\...\WT082241) (Version: 2.2.0.82 - WildTangent) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vz In Home Agent (HKLM-x32\...\{6916E491-8BBF-4E8A-AFAD-D01307C059E5}) (Version: 8.02.23 - Verizon)
Wav to Mp3 (HKLM-x32\...\{729E66B3-1B80-4F2F-8D19-342A89631E0A}_is1) (Version: - )
Wheel of Fortune 2 (HKLM-x32\...\WT082189) (Version: 2.2.0.82 - WildTangent) Hidden
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) (HKLM\...\B81055EA372C9E3EA5000B4BD9585D992D51F1DE) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4038.0 - Microsoft Corporation)
Zuma's Revenge (HKLM-x32\...\WT082463) (Version: 2.2.0.82 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2794434498-725242176-3457425843-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00E7E66A-146A-4D91-AE0E-8E041E5EEEFC} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {128FDC75-746D-4480-869A-A87D6AEBB636} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {1294C8DE-F2BA-4269-871D-756095C3B09E} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-02-24] ()
Task: {198BA291-FB1B-4265-A118-6FE6B55EBBE7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {1BB38B11-01D4-4FC3-9105-370BB8C11A21} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe
Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {356D20A1-53E6-435D-A1F2-FDCAA78D276B} - System32\Tasks\Craig DiPiano1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-07-21] (Seagate Technology LLC)
Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3FDDFACE-600F-41C0-A521-C7119F1B6508} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Craig DiPiano\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4F146EF9-1584-4BF8-A020-3A9E37525BCE} - System32\Tasks\Craig DiPiano DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2017-07-21] (Seagate Technology LLC)
Task: {5A2CC048-721F-46A1-AC35-80DD405DFAEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {5DCCE427-23A6-4FC9-ACF2-657BA1A698C9} - System32\Tasks\Craig DiPiano1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-07-21] (Seagate Technology LLC)
Task: {5F522CEB-EAA3-4E97-96FF-BF8425DF56F6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {71415035-9F51-485A-BF58-AE3A62E8BB0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {77CDE8FA-743E-4BC5-8128-8886F7D50B1D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {7864E796-9F78-4F98-95A9-80E968BB9BEB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7B414C1E-650B-461C-A36D-14FB655627C0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {841465EF-77FE-40EF-8138-287423A1BD12} - System32\Tasks\{F030C5F5-3535-40C8-82A9-4FBBB3FA519D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Craig DiPiano\Videos\Riva_FLV_Encoder.exe" -d "C:\Users\Craig DiPiano\Videos"
Task: {8451AEC7-438A-47ED-AAF8-43DA021933CF} - System32\Tasks\iMeshNAG => C:\Users\CRAIGD~1\AppData\Local\Temp\iMesh_setup.exe <==== ATTENTION
Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88B0061E-71BD-4E62-B1BA-8AD9866A077C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8CEC57CE-9D89-4DAC-B4A6-7A110184F37A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A2637C3B-1E40-44BD-AB8C-4383AC6C1F7C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A4E1A579-D414-4C8E-AD66-03A0538F4503} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A7F13F2E-7E40-4342-A3EF-A78884CC1813} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AA665A59-A688-419E-B83D-465C6651FBB7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AC825DFB-BBC0-430E-9DBA-4A946ACA8B53} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B081616E-0B12-4425-9E08-A245118C7CCE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B0FAD8D3-529C-4402-94D7-4D44F8DB6D78} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B564AB98-F1CF-4EF4-B044-F7492A523700} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BA287D0E-8F40-4EF9-BAA0-1EACC7B4B577} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {BB119898-E216-4E4D-93DB-E693B6921D84} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C53DD36B-A1E7-4C6E-A433-B17773342A7E} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01] (PC-Doctor, Inc.)
Task: {CE4316C6-3AE3-4120-ACFF-FB8A88428B1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D13884A6-4010-4AC9-99F8-7BA15C9287F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {D2766357-4D1A-4D75-A2FB-E426DC50D624} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {D34FC6E8-B440-4E73-A3B7-7D93D9CF0DC2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DC292CBE-591A-4837-B7BD-C5A523F33642} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2017-07-21] (Seagate Technology LLC)
Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EDC1CEBF-721A-43DF-97F4-6333C572872D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\iMeshNAG.job => C:\Users\CRAIGD~1\AppData\Local\Temp\iMesh_setup.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Craig DiPiano\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Account.lnk -> hxxp://www22.verizon.com/ForYourHome/MyAccount/Protected/Account/MyAccountProfile.asp
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Message Center.lnk -> hxxp://webmail.verizon.com
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\My Verizon.lnk -> hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.asp
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Shop Verizon.lnk -> hxxp://my.verizon.com/shop/portlets/shop/ShopVas.js
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Support.lnk -> hxxp://www22.verizon.com/residentialhelp
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\About Verizon.lnk -> hxxp://wapp.verizon.com/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_cor
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\Safety & Security.lnk -> hxxp://surround.verizon.com/Shop/Utilities/InternetSecuritySuite.asp
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\Search.lnk -> hxxp://my.verizon.com/central/bookmark?action=advancedwebsearc
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\Support.lnk -> hxxp://www22.verizon.com/residentialhelp
Shortcut: C:\Users\Craig DiPiano\Favorites\My Verizon\Verizon Links\Welcome Page.lnk -> hxxp://wapp.verizon.com/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=wc_welcom
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 06:42 - 2016-07-16 06:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 16:35 - 2016-12-09 05:29 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-06-09 20:20 - 2014-08-18 16:50 - 000316120 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2016-12-31 04:40 - 2017-04-20 02:42 - 002271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-11-24 08:07 - 2016-11-24 08:07 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 16:21 - 2016-12-21 02:09 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 16:21 - 2016-12-21 01:54 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 16:21 - 2016-12-21 01:48 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 16:21 - 2016-12-21 01:48 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 16:21 - 2016-12-21 01:48 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 16:21 - 2016-12-21 01:48 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 16:21 - 2016-12-21 01:53 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-14 15:50 - 2016-12-14 15:51 - 000072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 15:50 - 2016-12-14 15:51 - 000179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 15:50 - 2016-12-14 15:51 - 042130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 15:50 - 2016-12-14 15:51 - 002216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2010-01-18 12:21 - 2010-01-18 12:21 - 000568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-02-09 21:01 - 2010-02-09 21:01 - 001712184 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
2015-06-09 20:20 - 2014-08-18 16:49 - 008274648 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2017-09-26 15:40 - 2017-09-21 02:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 15:40 - 2017-09-21 02:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2015-06-09 20:20 - 2015-02-26 19:19 - 000380928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2015-06-09 20:20 - 2014-07-22 09:18 - 000278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2016-11-28 16:35 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-11-28 16:35 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-11-28 16:35 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE trusted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\google.com -> hxxps://www.google.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\123simsen.com -> www.123simsen.com
There are 7937 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2017-11-04 11:30 - 000454674 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15603 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Craig DiPiano\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{41c40453-4351-48d4-a54d-4ee28bcbd18e}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKLM\...\StartupApproved\Run32: => "CarboniteSetupLite"
HKLM\...\StartupApproved\Run32: => "Microsoft Default Manager"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "MaxMenuMgr"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Philips Device Listener"
HKLM\...\StartupApproved\Run32: => "VerizonServicepoint.exe"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\StartupFolder: => "Epson scanner Registration.lnk"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "LightScribe Control Panel"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "SanDiskSecureAccess_Manager.exe"
HKU\S-1-5-21-2794434498-725242176-3457425843-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{84F0FFF7-3488-4ABC-9164-87540A4450AD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E21A872A-C4F0-414F-A48E-43B01FEA01D3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{F4DF446F-8109-42A7-8A3C-5CEA123C3B17}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{040FE419-F64E-4E34-9618-964CAC54E6A4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{F55682A5-BB17-4610-8261-3BA16FF2AE55}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{C6A48249-3893-4B45-8CA0-A2E6FEA1C7B5}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{C5933230-372D-40B1-BCF8-605DC672CD67}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{F4C1E844-CDF5-4F9D-9548-E5BF12D82D71}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{B9483F56-D54B-4EB7-BD5F-52813A76590A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{42412653-06AB-4834-9BA3-E41793587266}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{610413EF-3EE6-4079-AEE5-7208123F2080}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{C517426F-ED19-40EE-9BCB-517227F2B515}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{0851FF14-6F85-4097-A4CD-30DAB60DDE90}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{A758F163-F159-4EBD-9E94-CBD795225D78}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [TCP Query User{C7894759-182D-4A84-A0E7-AE37A01B828C}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{7818AB9B-32A9-4D78-BF6C-D11C5E1DB339}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{F1534492-FFC7-44FA-A3FD-3002899CDCE1}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{1ECD3752-A781-41B9-906B-2CEC23495D8B}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{44EA520B-6459-44DE-BB91-052225AFB5C8}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{61A8A447-6D0A-4A34-8F44-46F35231DC42}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{82F48685-F443-43F4-A62F-46F02843C857}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{4650292E-F11B-41AF-BAF0-928FA75891DD}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{D2AE60FD-EE99-475C-BC88-9818B4AE6F21}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{D6420937-ED58-486A-B363-7D432BF18108}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [TCP Query User{12B30242-047A-4C84-BC53-664CFD9A1F49}J:\techwizard.exe] => (Allow) J:\techwizard.exe
FirewallRules: [UDP Query User{3EA45341-C127-4672-A71C-6D3692CCBEEE}J:\techwizard.exe] => (Allow) J:\techwizard.exe
FirewallRules: [{0CEDAE81-58B5-4D30-9708-43A709EA40E6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{79EDC441-6588-490A-9992-B539F12EFDEE}] => (Allow) LPort=2869
FirewallRules: [{7169B85C-CF6F-47CD-A940-2C9068FF12C4}] => (Allow) LPort=1900
FirewallRules: [{CD2009EE-4A3A-42C5-A467-38E94FA40718}] => (Allow) C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
FirewallRules: [{F952453A-F885-47C8-8385-7D9CE94B75D8}] => (Allow) C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
FirewallRules: [{424B25CA-A9BE-4111-9EC7-6B916BA059A6}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{1D41B792-B8C3-4BEC-AF53-618D22E102B9}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{B4AB2586-BAEF-4C9C-9772-A26C7533716F}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{DB969FDF-B805-4825-8380-132D25BEB736}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{BB4480CA-BB40-4E94-8CFE-36D8F181FB93}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25B86D4D-4AE6-4C0E-BA65-4CA8630BCC78}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B60FED6B-8345-403D-9E6D-00848A6042E7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A453C1B3-7472-49C8-B09E-7DB7EF0DACE7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C5E07347-C24A-4F3B-818A-E7D4117417E9}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{4FE7B64C-9666-4CE9-A0B1-B845FB4227E1}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{8ABF4E99-0728-4DD7-9049-E35EC71CB8F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{6FDD09DF-2AA8-4C27-912D-F884522B89D2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{75BD3109-6053-4A0B-BDFD-E6D0AB05EEA5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{C8128898-BF1C-4574-A6E3-C37BF0AB1BA4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F44A61A3-387E-4081-AC7B-5888ADD5C6EA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D52E6CEA-CB0B-4FBD-877F-3FBDA503636E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1F42BD20-8EE8-4B19-B2D9-87898CA8E8A6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{095C1336-5773-43A5-A65D-357BF0B618B7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{FCEE68FC-A2DE-415D-8D57-F62A9E9991E7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5CF5B394-5F4A-4A96-9E62-05C1E63BE4E1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{BEB6D0F4-69C3-4A83-9AF0-54A1AEE83814}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{F8883C2F-171C-4FFD-9422-E58486D41221}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{3B25487C-EB7E-4C60-98FC-3324F9848BE1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{888E4841-F389-4EE7-9635-0716BC22B379}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF6B0E1F-6C90-457C-AAFC-1F36582990D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A3F78FA-F6C8-4D87-8BD8-BBD0BD8FADD4}] => (Allow) LPort=50001
FirewallRules: [{CCF8AC7A-0119-42D7-A67E-1A6CA0656801}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5F082340-5123-462D-869B-D518AB85D892}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [TCP Query User{481D3776-A41E-4B93-A4A7-31D3B769372C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{6A379BD4-5D5A-4799-890C-9CEC27931A5D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{CDB978FF-B6CA-47C4-AF0A-0E6CC45F1F8F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EE4A9AEE-8BDC-46FC-8558-DAB0420E6360}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{5955BE02-79FB-471D-A0F7-5A6763BAA940}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{FD258FF1-7BE7-484A-95DD-DB430030D361}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/14/2017 07:30:49 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551.
Error: (11/14/2017 07:30:49 PM) (Source: ESENT) (EventID: 517) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Error: (11/14/2017 07:28:48 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551.
Error: (11/14/2017 07:28:48 PM) (Source: ESENT) (EventID: 517) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Error: (11/14/2017 07:26:48 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551.
Error: (11/14/2017 07:26:48 PM) (Source: ESENT) (EventID: 517) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Error: (11/14/2017 07:24:48 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551.
Error: (11/14/2017 07:24:48 PM) (Source: ESENT) (EventID: 517) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Error: (11/14/2017 07:22:48 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery/restore failed with unexpected error -551.
Error: (11/14/2017 07:22:48 PM) (Source: ESENT) (EventID: 517) (User: )
Description: wuaueng.dll (364) SUS20ClientDataStore: Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
System errors:
=============
Error: (11/14/2017 07:30:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443751
Error: (11/14/2017 07:30:48 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGDIPIANO-HP)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (11/14/2017 07:28:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443751
Error: (11/14/2017 07:28:48 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGDIPIANO-HP)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (11/14/2017 07:26:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443751
Error: (11/14/2017 07:26:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (11/14/2017 07:24:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443751
Error: (11/14/2017 07:24:48 PM) (Source: DCOM) (EventID: 10010) (User: CRAIGDIPIANO-HP)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (11/14/2017 07:22:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%3355443751
Error: (11/14/2017 07:22:05 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
CodeIntegrity:
===================================
Date: 2017-11-14 19:27:41.700
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-14 19:27:41.696
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-14 19:27:41.650
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-14 19:27:41.646
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-14 19:22:36.293
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-14 19:22:06.270
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-14 19:21:53.562
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-14 19:21:49.349
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-14 19:20:46.829
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-11-14 19:20:46.776
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X4 630 Processor
Percentage of memory in use: 42%
Total physical RAM: 5879.89 MB
Available physical RAM: 3383.18 MB
Total Virtual: 8695.89 MB
Available Virtual: 6107.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.32 GB) (Free:678.87 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.46 GB) (Free:1.38 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: C8002F2A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Last edited by a moderator:
