Very slow, CPU maxxed, and mouse locks up

kevinf80 · March 29, 2017

You`ve not posted the logs from an FRST scan, that is what I want to see....

Quote

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

arnolfini · March 29, 2017

LastRegBack: 2017-03-20 22:23

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Roland (29-03-2017 17:47:53)
Running from C:\Users\Roland\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-11-14 00:13:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3236689562-672039265-411895171-500 - Administrator - Disabled)
Guest (S-1-5-21-3236689562-672039265-411895171-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3236689562-672039265-411895171-1002 - Limited - Enabled)
Roland (S-1-5-21-3236689562-672039265-411895171-1000 - Administrator - Enabled) => C:\Users\Roland
SophosSAUROLAND-PC0 (S-1-5-21-3236689562-672039265-411895171-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

470_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
470_Readme (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.12 (HKLM-x32\...\{23170F69-40C1-2701-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
BPDSoftware (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brother HL-5040 (HKLM-x32\...\Brother HL-5040) (Version: - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.3.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
EPSON Artisan 810 Series Printer Uninstall (HKLM\...\EPSON Artisan 810 Series) (Version: - SEIKO EPSON Corporation)
EPSON Artisan 830 Series Printer Uninstall (HKLM\...\EPSON Artisan 830 Series) (Version: - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
FINPACK (HKLM-x32\...\FINPACK) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
H470 (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP OfficeJet H470 (HKLM\...\{2B71BB94-F52C-4EF2-85E8-45E63296EDF2}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 2.3.11.8936 - LeapFrog)
LeapFrog Connect (x32 Version: 2.3.11.8936 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 2.3.11.8936 - LeapFrog) Hidden
Lexmark 840 Series (HKLM\...\Lexmark 840 Series) (Version: - Lexmark International, Inc.)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Accounting 2008 (HKLM-x32\...\Microsoft Office Accounting 2008) (Version: 3.0.8627.1 - Microsoft Corporation)
Microsoft Office Accounting 2008 Equifax Addin (HKLM-x32\...\{0C2AF762-0565-4C91-9F55-B8B53BB82A38}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting 2008 Fixed Asset Manager (HKLM-x32\...\{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting 2008 PayPal Addin (HKLM-x32\...\{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting ADP Payroll Addin (HKLM-x32\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MPM (HKLM-x32\...\{00772F8B-37FF-4704-A47D-72B30BFAF126}) (Version: 1.00.0000 - Hewlett-Packard)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
ProductContext (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
Reliable IT repair tool (HKLM\...\UVK - Ultra virus killer) (Version: 5.9.0.1 - Reliable IT)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
TomTom HOME 2.8.3.2499 (HKLM-x32\...\TomTom HOME) (Version: 2.8.3.2499 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 2.3.11.8936 - LeapFrog)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.6.0 - Nikon)
WebEx (HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.324 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000E6622-8E66-4CB8-BB22-0F4F4C9CAD71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0726F637-A340-47AC-8B8F-6087BA8A0E2C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-20] (Adobe Systems Incorporated)
Task: {15832EAB-161B-4C8A-96A7-11300F4C614B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {20F7C2B2-27FE-45D5-9359-9EA921ECC318} - System32\Tasks\{B2F436F5-BB82-4B49-AA0E-CF73AB8ED396} => pcalua.exe -a C:\Users\Roland\Desktop\install_flash_player_9.exe -d C:\Users\Roland\Desktop
Task: {2C4E3533-1253-41DD-A189-F2AE3C1BD123} - System32\Tasks\{0340C534-D0C2-4710-BD77-C5035BF28B2D} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe
Task: {57946441-35E3-4F03-BB0D-B5F132F26294} - System32\Tasks\{911256C9-F921-4261-91B8-2BD6F6AD8D8C} => pcalua.exe -a D:\setup.exe -d D:\
Task: {5F38FEEE-8C02-46AF-A131-3495F00C96DC} - System32\Tasks\{CE6D138D-5A2A-4319-8091-2DF841919D35} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe
Task: {8796A92C-9213-47B3-838D-44229A147DA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A6CEFA61-91CB-4C24-B433-ADFFFE59AC68} - System32\Tasks\{F1F36E3E-E697-479D-8DCD-598E6B1EAD20} => pcalua.exe -a "C:\Program Files (x86)\FINPACK\FINPACK.exe" -d "C:\Program Files (x86)\FINPACK"
Task: {C067F5CD-BD7C-4EC2-86A8-B44B1938E709} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {C56D37B2-D883-47CE-BC6F-D066233631ED} - System32\Tasks\{47FBF903-CA97-4C8A-9129-AA1B50D7A5AB} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe
Task: {DD3422B8-7429-47EF-99E6-189B5A044880} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {E49F9117-EAD7-49CF-888D-268FFDA38A82} - System32\Tasks\{F3743546-E375-4083-AA1F-907F3B6A7548} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-24 18:28 - 2017-03-24 18:28 - 00154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2009-09-23 17:34 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2017-03-24 17:13 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-24 17:13 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-19 21:46 - 2017-03-16 00:11 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\libglesv2.dll
2017-03-19 21:46 - 2017-03-16 00:11 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7933 more sites.

IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\123simsen.com -> www.123simsen.com

There are 7933 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-27 18:21 - 2017-03-27 18:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3236689562-672039265-411895171-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: ZAM => "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{038284C9-21D7-4C57-B2CA-3129CA4F6DCB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F0D53FFF-117C-4CFC-B466-6444D4129286}] => (Allow) svchost.exe
FirewallRules: [{690CD6B3-A821-4EE2-8E8B-7E19FB36832E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{32867B3C-68D8-430C-8CE8-C97BDE04BD36}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{181BC4D1-CF38-4CD8-8098-41602D3B2F18}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [TCP Query User{D28938A5-4200-4414-A6EB-7BA4AC3FCD04}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{8E202954-8352-4CD4-894F-1BA42C4764C8}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{F307F74A-05EB-40FC-8E92-93EB3ECF0991}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{59B3E3EE-53C5-4CF5-8606-E5F1128C9806}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{F0C51941-73EC-45D2-8A6F-90026BBF867D}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{260AA70C-A480-4AF7-871F-99F2B749BC5A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{5339CD95-FB28-4685-9D54-9988E3F183CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{CFF3455C-2156-4845-A327-B93D17C0C93F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D896FF1F-17E7-4BAC-9BFC-0D508F7AAC0B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{A8FBF3FF-A95E-4024-A43A-32CB44CB1CA0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{17D9F753-3D9E-40D8-9FBD-2545F6A72B9E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{E6D2905E-809F-4396-8C77-B0658DFA32C4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3276CC50-06F1-4193-80BC-BAED1CE4B134}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{5F485083-100A-4E25-ADE9-1C64E5182FB6}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{83EDD164-EED3-49EF-BA0D-D9E6669D3072}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{D4EAAD28-FC03-412C-A0CF-563335C18C16}] => (Allow) C:\Windows\SysWOW64\lxdbcoms.exe
FirewallRules: [{10E19EEF-EDA0-47D5-B24C-158A6E2E3888}] => (Allow) C:\Windows\SysWOW64\lxdbcoms.exe
FirewallRules: [{51E24C8D-B58A-409F-901F-98610A557676}] => (Allow) C:\Windows\System32\lxdbcoms.exe
FirewallRules: [{D2B83F41-1755-4309-8E66-76D1B3716E99}] => (Allow) C:\Windows\System32\lxdbcoms.exe
FirewallRules: [{8D1C7B49-C381-4550-B2BE-E4EE22167B34}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdbpswx.exe
FirewallRules: [{2916B473-DF6B-458C-B41E-F85CC6FC8323}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdbpswx.exe
FirewallRules: [{36F4ED32-684C-4802-8D96-D100011FEC0B}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{CEBC5D2A-8BA9-4887-8345-78A37B9317E1}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{04571419-0A36-4653-A059-CA1DC1381894}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{24018CCD-8012-4613-9263-158C940FF7EE}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [TCP Query User{308B603B-5966-44A6-9264-C690374408C7}D:\common\driver update\edupdate.exe] => (Allow) D:\common\driver update\edupdate.exe
FirewallRules: [UDP Query User{D1E302F4-6D01-492F-BF27-A47A7973E015}D:\common\driver update\edupdate.exe] => (Allow) D:\common\driver update\edupdate.exe
FirewallRules: [TCP Query User{6F5C2C91-CCE1-49A5-995D-EFE441B0D738}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{4BAED64E-A588-4C7F-B491-BF0F3DB128B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{9F434B64-5201-479E-8F3C-B40F759C2E71}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe
FirewallRules: [UDP Query User{6AE359A2-D450-4E3C-9AF1-55D995355106}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe
FirewallRules: [{2727304C-2BD1-45AF-A226-F6A8D9C22580}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{BA134C11-FA2A-4CE3-9CE2-494F0B1CCA50}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BC05E73F-B080-452C-B93B-A769D25C1DCF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{ACFE8DF7-A332-485F-A453-F061445889BD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DB4D48C7-A8D4-4052-8501-96F6DBD0562C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{570E300A-8EB8-4318-BB81-19FDCF191021}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{807140A2-9538-407D-ADD0-AA344E9A618E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-03-2017 15:33:04 Installed TurboTax 2016 wrapper
09-03-2017 15:42:48 Installed TurboTax 2016 wpaiper
19-03-2017 21:15:38 Restore Operation
27-03-2017 18:17:39 Restore Point Created by FRST
28-03-2017 14:23:14 Restore Point Created by FRST
28-03-2017 14:43:06 JRT Pre-Junkware Removal
29-03-2017 14:49:57 Installed Microsoft Fix it 50692
29-03-2017 14:53:29 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: HP OfficeJet Pro 8710
Description: HP OfficeJet Pro 8710
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: hp LaserJet 4200
Description: hp LaserJet 4200
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/27/2017 06:18:08 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/27/2017 06:18:07 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (03/27/2017 06:18:07 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3904) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00117.log.

System errors:
=============
Error: (03/29/2017 02:56:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Sophos Endpoint Defense

Error: (03/29/2017 02:55:36 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (03/29/2017 02:55:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sophos Web Intelligence Update service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/29/2017 02:54:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (03/29/2017 02:54:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/29/2017 02:54:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server Browser service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (03/29/2017 02:54:28 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The SQLBrowser service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
The request is not supported.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/29/2017 02:53:59 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (03/29/2017 02:53:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/29/2017 02:53:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 69%
Total physical RAM: 4056.36 MB
Available physical RAM: 1232.37 MB
Total Virtual: 8110.91 MB
Available Virtual: 5501.28 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.59 GB) (Free:330.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2B391CB6)
Partition 1: (Not Active) - (Size=298 MB) - (Type=DE)
Partition 2: (Active) - (Size=18.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

kevinf80 · March 29, 2017

You have not posted the primary log, FRST.txt..........?

arnolfini · March 29, 2017

I don't understand what I'm doing wrong

kevinf80 · March 29, 2017

FRST will have produced two logs, Primary log - FRST.txt Secondary log - Additional,txt

You`ve posted the full secondary log, but only the following from the Primary log

Quote

LastRegBack: 2017-03-20 22:23

==================== End of FRST.txt ============================

arnolfini · March 29, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Roland (administrator) on ROLAND-PC (29-03-2017 18:34:41)
Running from C:\Users\Roland\Desktop
Loaded Profiles: Roland (Available Profiles: Roland)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\GoToAssist:
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Run: [EPSON Artisan 830 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D106EC69-996A-405C-BFA0-2F6611237F58}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FEC7D3F0-8222-44DB-A6F2-AA3C2578E80A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3236689562-672039265-411895171-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3236689562-672039265-411895171-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab

FireFox:
========
FF ProfilePath: C:\Users\Roland\AppData\Roaming\TomTom\HOME\Profiles\phu6xfhq.default [2014-06-23]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2012-03-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-03] [not signed]
FF HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-20] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3236689562-672039265-411895171-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Roland\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-21] (Citrix Online)

Chrome:
=======
CHR HomePage: Default -> bing.com/?pc=__PARAM__
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default [2017-03-29]
CHR Extension: (Bing) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho [2017-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-19]
CHR HKU\S-1-5-21-3236689562-672039265-411895171-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S4 lxdb_device; C:\Windows\system32\lxdbcoms.exe [566192 2007-02-02] ( )
S4 lxdb_device; C:\Windows\SysWOW64\lxdbcoms.exe [537520 2007-02-02] ( )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14509296 2017-03-22] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BrPar; C:\Windows\SysWOW64\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2009-11-10] (LeapFrog)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-29] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-29] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-29] (Malwarebytes)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2016-04-17] (Sophos Limited)
R2 sntp; C:\Windows\System32\DRIVERS\sntp.sys [116144 2016-04-16] (Sophos Limited)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-15] (support.com, Inc)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-28] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-24] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-24] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-29 17:50 - 2017-03-29 18:35 - 00015888 _____ C:\Users\Roland\Desktop\FRST.txt
2017-03-29 14:51 - 2017-03-29 14:51 - 00002046 _____ C:\FixitRegBackup.reg
2017-03-29 14:49 - 2017-03-29 14:49 - 00806400 _____ C:\Users\Roland\Desktop\MicrosoftFixit50692.msi
2017-03-29 05:35 - 2017-03-29 18:34 - 00066927 _____ C:\Windows\ZAM.krnl.trace
2017-03-29 05:35 - 2017-03-29 18:34 - 00030960 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-29 05:28 - 2017-03-29 05:29 - 08545968 _____ (AVAST Software) C:\Users\Roland\Desktop\avastclear.exe
2017-03-28 15:23 - 2017-03-28 15:23 - 00000408 _____ C:\Scan_170328-152228.txt
2017-03-28 15:09 - 2017-03-28 15:09 - 00000000 ____D C:\ProgramData\Emsisoft
2017-03-28 14:58 - 2017-03-28 15:23 - 00000000 ____D C:\EEK
2017-03-28 14:50 - 2017-03-28 14:55 - 288977232 _____ C:\Users\Roland\Desktop\EmsisoftEmergencyKit.exe
2017-03-28 14:34 - 2017-03-28 14:34 - 01663904 _____ (Malwarebytes) C:\Users\Roland\Desktop\JRT.exe
2017-03-28 14:33 - 2017-03-28 14:33 - 04089296 _____ C:\Users\Roland\Desktop\adwcleaner_6.045.exe
2017-03-27 16:16 - 2017-03-27 16:16 - 00000000 ____D C:\Users\Roland\Desktop\geek
2017-03-27 16:00 - 2017-03-27 16:27 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Geek Uninstaller
2017-03-27 14:29 - 2017-03-29 18:34 - 00000000 ____D C:\FRST
2017-03-27 14:29 - 2017-03-27 14:29 - 02424832 _____ (Farbar) C:\Users\Roland\Desktop\FRST64.exe
2017-03-25 07:14 - 2017-03-25 07:14 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-24 20:20 - 2017-03-24 20:20 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Roland\Downloads\rkill.exe
2017-03-24 18:28 - 2017-03-24 18:28 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-03-24 18:28 - 2017-03-24 18:28 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-03-24 18:28 - 2017-03-24 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-24 18:28 - 2017-03-24 18:28 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-24 18:07 - 2017-03-24 18:07 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-03-24 17:37 - 2017-03-24 17:37 - 00079086 _____ C:\Windows\system32\.crusader
2017-03-24 17:20 - 2017-03-24 17:20 - 00000000 ____D C:\Users\Roland\AppData\Local\Zemana
2017-03-24 17:19 - 2017-03-24 17:20 - 05763056 _____ (Zemana Ltd. ) C:\Users\Roland\Downloads\Zemana.AntiMalware.Setup.exe
2017-03-24 17:19 - 2017-03-24 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-03-24 17:19 - 2017-03-24 17:19 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-24 17:18 - 2017-03-24 17:37 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-24 17:17 - 2017-03-24 17:18 - 11581544 _____ (SurfRight B.V.) C:\Users\Roland\Downloads\HitmanPro_x64.exe
2017-03-24 17:14 - 2017-03-29 17:39 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-24 17:14 - 2017-03-29 14:56 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-24 17:14 - 2017-03-29 14:56 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-24 17:14 - 2017-03-29 14:56 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-24 17:14 - 2017-03-28 14:42 - 00000000 ____D C:\AdwCleaner
2017-03-24 17:14 - 2017-03-27 14:19 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-24 17:14 - 2017-03-24 17:14 - 04031440 _____ C:\Users\Roland\Downloads\adwcleaner_6.044.exe
2017-03-24 17:13 - 2017-03-24 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-24 17:13 - 2017-03-24 17:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-24 17:13 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-24 17:12 - 2017-03-24 17:13 - 57131432 _____ (Malwarebytes ) C:\Users\Roland\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-24 11:38 - 2017-03-24 11:38 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Eusing
2017-03-24 11:26 - 2017-03-25 07:10 - 00007605 _____ C:\Users\Roland\AppData\Local\resmon.resmoncfg
2017-03-24 11:06 - 2017-03-24 11:06 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-24 11:06 - 2017-03-24 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-24 11:06 - 2017-03-24 11:06 - 00000000 ____D C:\Program Files\CCleaner
2017-03-20 20:54 - 2017-02-22 22:59 - 00453720 _____ C:\Windows\system32\Drivers\etc\hosts.20170320-205400.backup
2017-03-19 21:40 - 2017-03-19 21:40 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys
2017-03-09 19:44 - 2017-03-10 16:46 - 00000000 ____D C:\Users\Roland\AppData\Local\Glance
2017-03-09 15:35 - 2017-03-19 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-29 18:23 - 2009-11-13 20:13 - 00000000 ____D C:\Users\Roland
2017-03-29 18:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-29 17:42 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-29 17:42 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-29 14:56 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Roland\AppData\Local\SoftThinks
2017-03-29 14:56 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-03-29 14:56 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-03-29 14:56 - 2009-09-23 17:33 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-03-29 14:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-29 14:54 - 2015-12-10 17:04 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-03-29 05:35 - 2015-12-10 17:00 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-28 15:26 - 2009-12-02 20:43 - 00000000 ____D C:\Windows\Minidump
2017-03-28 14:44 - 2009-11-20 22:26 - 00000000 ____D C:\Program Files (x86)\PC Drivers HeadQuarters
2017-03-27 17:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-27 17:21 - 2009-11-17 11:02 - 00000000 ____D C:\ProgramData\FINPACK
2017-03-27 17:21 - 2009-11-17 11:02 - 00000000 ____D C:\Program Files (x86)\FINPACK
2017-03-27 16:09 - 2014-11-02 04:44 - 00000000 ____D C:\Users\Roland\Desktop\cyber sec
2017-03-27 15:49 - 2009-11-13 22:29 - 00000000 ___SD C:\Users\Roland\AppData\LocalLow\Temp
2017-03-26 19:48 - 2016-11-16 16:43 - 00000000 ____D C:\Users\Roland\Desktop\Web Stuff
2017-03-26 19:43 - 2009-11-15 18:45 - 00000000 ____D C:\Users\Roland\Documents\2 Fm Decions Current
2017-03-26 19:36 - 2009-07-14 01:13 - 00803678 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-24 20:14 - 2012-12-25 21:16 - 00000000 ____D C:\Users\Roland\AppData\Local\CrashDumps
2017-03-24 17:38 - 2013-04-25 09:04 - 00000000 ____D C:\Program Files (x86)\iolo
2017-03-24 17:37 - 2011-01-03 21:35 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-03-24 17:31 - 2013-04-25 09:05 - 00000000 ____D C:\ProgramData\iolo
2017-03-24 17:13 - 2010-10-02 08:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-21 14:31 - 2012-10-12 14:38 - 00000000 ____D C:\Users\Roland\AppData\Local\ElevatedDiagnostics
2017-03-21 12:25 - 2014-12-27 23:08 - 00000000 ____D C:\Users\Roland\Desktop\Pics 12 14
2017-03-21 12:22 - 2017-02-09 21:01 - 00000000 ____D C:\Users\Roland\Desktop\217 AGO
2017-03-21 11:59 - 2012-02-12 20:15 - 00000000 ____D C:\Users\Roland\Desktop\Unused Ikons
2017-03-20 21:04 - 2013-09-14 09:46 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-20 21:04 - 2012-03-28 21:26 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-20 21:04 - 2011-11-11 14:59 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-20 21:04 - 2011-06-03 20:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-20 21:04 - 2009-09-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-20 20:54 - 2009-07-13 22:34 - 00454268 ____R C:\Windows\system32\Drivers\etc\hosts.20170324-134951.backup
2017-03-20 19:31 - 2016-01-22 13:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-03-19 21:46 - 2010-12-16 22:40 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-19 21:46 - 2010-12-16 22:40 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-19 21:38 - 2015-12-10 17:04 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.148997402374507
2017-03-19 21:38 - 2015-12-10 17:04 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148997402494610
2017-03-19 21:38 - 2015-12-10 17:04 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148997402578812
2017-03-19 21:36 - 2009-11-13 20:13 - 00112616 _____ C:\Users\Roland\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-19 21:31 - 2017-01-26 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-03-19 21:31 - 2014-01-06 15:40 - 00000000 ____D C:\Program Files\UVK - Ultra Virus Killer
2017-03-19 21:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2017-03-19 21:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-03-19 21:26 - 2016-01-05 12:35 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Intuit
2017-03-18 19:25 - 2012-10-12 15:05 - 00000000 ____D C:\temp
2017-03-15 20:46 - 2016-10-27 20:52 - 00000000 ____D C:\Users\Roland\Desktop\Email Stuff
2017-03-14 17:24 - 2013-12-13 21:13 - 00000000 ____D C:\Users\Roland\Desktop\Ishler feed prices
2017-03-10 22:27 - 2016-01-05 12:41 - 00000000 ____D C:\Users\Roland\Documents\TurboTax
2017-03-09 15:46 - 2014-11-02 04:40 - 00000000 ____D C:\Users\Roland\Desktop\friends
2017-03-09 15:37 - 2016-01-05 12:33 - 00000629 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Files in the root of some directories =======

2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Smooth Strings
2014-05-21 15:59 - 2014-05-21 15:59 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Solid Colors
2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Sound Effects
2014-05-21 15:57 - 2014-05-21 15:57 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Static Library
2017-03-24 11:26 - 2017-03-25 07:10 - 0007605 _____ () C:\Users\Roland\AppData\Local\resmon.resmoncfg
2013-04-23 21:48 - 2013-04-23 21:48 - 2250054 _____ () C:\ProgramData\1.bmp
2013-04-23 21:47 - 2013-04-23 21:47 - 0302806 _____ () C:\ProgramData\1.jpg
2011-01-03 21:26 - 2011-01-03 21:38 - 0000802 _____ () C:\ProgramData\hpzinstall.log
2016-01-05 12:33 - 2017-03-09 15:37 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-05-21 15:57 - 2014-05-21 15:57 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-05-21 15:59 - 2014-05-21 15:59 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-05-21 15:58 - 2014-05-23 11:55 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-05-21 15:58 - 2014-05-21 15:58 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\ProgramData\Soundtrack
2014-05-21 15:59 - 2014-05-21 15:59 - 0000268 ___RH () C:\ProgramData\Space Choir
2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\ProgramData\Spacious
2014-05-21 15:57 - 2014-05-21 15:57 - 0000268 ___RH () C:\ProgramData\String Ensemble
2012-10-12 17:31 - 2012-10-12 19:46 - 0028232 _____ () C:\ProgramData\xportnchk.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-20 22:23

==================== End of FRST.txt ============================

kevinf80 · March 29, 2017

Thanks for those logs, continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Post that log, also tell me if there are any remaining issues or concerns..

Thank you,

Kevin...

fixlist.txt

arnolfini · March 29, 2017

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Roland (29-03-2017 19:18:31) Run:5
Running from C:\Users\Roland\Desktop
Loaded Profiles: Roland (Available Profiles: Roland)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
C:\ProgramData\AVAST Software
C:\Windows\system32\Drivers\aswsnx.sys.148997402374507
C:\Windows\system32\Drivers\aswsp.sys.148997402494610
C:\Windows\system32\Drivers\aswvmm.sys.148997402578812
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
end
*****************

Processes closed successfully.
Restore point was successfully created.
C:\ProgramData\AVAST Software => moved successfully
C:\Windows\system32\Drivers\aswsnx.sys.148997402374507 => moved successfully
C:\Windows\system32\Drivers\aswsp.sys.148997402494610 => moved successfully
C:\Windows\system32\Drivers\aswvmm.sys.148997402578812 => moved successfully
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508} => removed successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2596828 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 16497636 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Roland => 46188 B

RecycleBin => 41738 B
EmptyTemp: => 26.3 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:19:13 ====

arnolfini · March 30, 2017

Not sure why ms security essentials and avast are still showing up.

kevinf80 · March 30, 2017

Do they still show...? How is your PC responding now, any issues or concerns..?

arnolfini · March 30, 2017

It's definitely better. Do the logs look clean? I don't think avast and MS security essentials are still showing. Do I need all the things in the startup starting up with the computer?

kevinf80 · March 30, 2017

Lets have one final scan with FRST, if those logs are clean and all conflicting security software gone we can start cleaning up tools we have used etc...

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Thank you,

Kevin...

arnolfini · March 30, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Roland (administrator) on ROLAND-PC (30-03-2017 14:21:53)
Running from C:\Users\Roland\Desktop
Loaded Profiles: Roland (Available Profiles: Roland)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
Winlogon\Notify\GoToAssist:
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Run: [EPSON Artisan 830 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-09-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D106EC69-996A-405C-BFA0-2F6611237F58}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FEC7D3F0-8222-44DB-A6F2-AA3C2578E80A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3236689562-672039265-411895171-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-3236689562-672039265-411895171-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab

FireFox:
========
FF ProfilePath: C:\Users\Roland\AppData\Roaming\TomTom\HOME\Profiles\phu6xfhq.default [2014-06-23]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2012-03-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-03] [not signed]
FF HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-20] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3236689562-672039265-411895171-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Roland\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-21] (Citrix Online)

Chrome:
=======
CHR HomePage: Default -> bing.com/?pc=__PARAM__
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default [2017-03-30]
CHR Extension: (Bing) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho [2017-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-19]
CHR HKU\S-1-5-21-3236689562-672039265-411895171-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S4 lxdb_device; C:\Windows\system32\lxdbcoms.exe [566192 2007-02-02] ( )
S4 lxdb_device; C:\Windows\SysWOW64\lxdbcoms.exe [537520 2007-02-02] ( )
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BrPar; C:\Windows\SysWOW64\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2009-11-10] (LeapFrog)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2016-04-17] (Sophos Limited)
R2 sntp; C:\Windows\System32\DRIVERS\sntp.sys [116144 2016-04-16] (Sophos Limited)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-15] (support.com, Inc)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-28] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
R1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 14:21 - 2017-03-30 14:22 - 00014630 _____ C:\Users\Roland\Desktop\FRST.txt
2017-03-30 05:34 - 2017-03-30 05:34 - 00985054 _____ C:\Users\Roland\Desktop\EFRCSetup.exe
2017-03-30 05:34 - 2017-03-30 05:34 - 00001055 _____ C:\Users\Roland\Desktop\Eusing Free Registry Cleaner.lnk
2017-03-30 05:34 - 2017-03-30 05:34 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
2017-03-30 05:34 - 2017-03-30 05:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
2017-03-30 05:34 - 2017-03-30 05:34 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner
2017-03-29 14:51 - 2017-03-29 14:51 - 00002046 _____ C:\FixitRegBackup.reg
2017-03-29 05:35 - 2017-03-30 14:21 - 00035161 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-29 05:35 - 2017-03-30 05:37 - 00046041 _____ C:\Windows\ZAM.krnl.trace
2017-03-29 05:28 - 2017-03-29 05:29 - 08545968 _____ (AVAST Software) C:\Users\Roland\Desktop\avastclear.exe
2017-03-28 15:23 - 2017-03-28 15:23 - 00000408 _____ C:\Scan_170328-152228.txt
2017-03-28 15:09 - 2017-03-28 15:09 - 00000000 ____D C:\ProgramData\Emsisoft
2017-03-28 14:58 - 2017-03-28 15:23 - 00000000 ____D C:\EEK
2017-03-28 14:50 - 2017-03-28 14:55 - 288977232 _____ C:\Users\Roland\Desktop\EmsisoftEmergencyKit.exe
2017-03-28 14:34 - 2017-03-28 14:34 - 01663904 _____ (Malwarebytes) C:\Users\Roland\Desktop\JRT.exe
2017-03-28 14:33 - 2017-03-28 14:33 - 04089296 _____ C:\Users\Roland\Desktop\adwcleaner_6.045.exe
2017-03-27 16:16 - 2017-03-27 16:16 - 00000000 ____D C:\Users\Roland\Desktop\geek
2017-03-27 16:00 - 2017-03-27 16:27 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Geek Uninstaller
2017-03-27 14:29 - 2017-03-30 14:21 - 00000000 ____D C:\FRST
2017-03-27 14:29 - 2017-03-27 14:29 - 02424832 _____ (Farbar) C:\Users\Roland\Desktop\FRST64.exe
2017-03-25 07:14 - 2017-03-25 07:14 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-24 20:20 - 2017-03-24 20:20 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Roland\Downloads\rkill.exe
2017-03-24 18:07 - 2017-03-24 18:07 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-03-24 17:37 - 2017-03-24 17:37 - 00079086 _____ C:\Windows\system32\.crusader
2017-03-24 17:20 - 2017-03-30 05:37 - 00000000 ____D C:\Users\Roland\AppData\Local\Zemana
2017-03-24 17:19 - 2017-03-24 17:20 - 05763056 _____ (Zemana Ltd. ) C:\Users\Roland\Downloads\Zemana.AntiMalware.Setup.exe
2017-03-24 17:17 - 2017-03-24 17:18 - 11581544 _____ (SurfRight B.V.) C:\Users\Roland\Downloads\HitmanPro_x64.exe
2017-03-24 17:14 - 2017-03-28 14:42 - 00000000 ____D C:\AdwCleaner
2017-03-24 17:14 - 2017-03-24 17:14 - 04031440 _____ C:\Users\Roland\Downloads\adwcleaner_6.044.exe
2017-03-24 17:13 - 2017-03-24 17:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-24 17:12 - 2017-03-24 17:13 - 57131432 _____ (Malwarebytes ) C:\Users\Roland\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-24 11:38 - 2017-03-24 11:38 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Eusing
2017-03-24 11:26 - 2017-03-25 07:10 - 00007605 _____ C:\Users\Roland\AppData\Local\resmon.resmoncfg
2017-03-24 11:06 - 2017-03-24 11:06 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-24 11:06 - 2017-03-24 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-24 11:06 - 2017-03-24 11:06 - 00000000 ____D C:\Program Files\CCleaner
2017-03-20 20:54 - 2017-02-22 22:59 - 00453720 _____ C:\Windows\system32\Drivers\etc\hosts.20170320-205400.backup
2017-03-19 21:40 - 2017-03-19 21:40 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys
2017-03-09 19:44 - 2017-03-10 16:46 - 00000000 ____D C:\Users\Roland\AppData\Local\Glance
2017-03-09 15:35 - 2017-03-19 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 07:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-30 05:37 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-30 05:37 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-30 05:35 - 2010-10-02 08:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-30 05:28 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Roland\AppData\Local\SoftThinks
2017-03-30 05:28 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-03-30 05:28 - 2009-11-13 22:18 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-03-30 05:28 - 2009-09-23 17:33 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-03-30 05:28 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-29 18:23 - 2009-11-13 20:13 - 00000000 ____D C:\Users\Roland
2017-03-29 14:54 - 2015-12-10 17:04 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-03-28 15:26 - 2009-12-02 20:43 - 00000000 ____D C:\Windows\Minidump
2017-03-28 14:44 - 2009-11-20 22:26 - 00000000 ____D C:\Program Files (x86)\PC Drivers HeadQuarters
2017-03-27 17:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-27 17:21 - 2009-11-17 11:02 - 00000000 ____D C:\ProgramData\FINPACK
2017-03-27 17:21 - 2009-11-17 11:02 - 00000000 ____D C:\Program Files (x86)\FINPACK
2017-03-27 16:09 - 2014-11-02 04:44 - 00000000 ____D C:\Users\Roland\Desktop\cyber sec
2017-03-27 15:49 - 2009-11-13 22:29 - 00000000 ___SD C:\Users\Roland\AppData\LocalLow\Temp
2017-03-26 19:48 - 2016-11-16 16:43 - 00000000 ____D C:\Users\Roland\Desktop\Web Stuff
2017-03-26 19:43 - 2009-11-15 18:45 - 00000000 ____D C:\Users\Roland\Documents\2 Fm Decions Current
2017-03-26 19:36 - 2009-07-14 01:13 - 00803678 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-24 20:14 - 2012-12-25 21:16 - 00000000 ____D C:\Users\Roland\AppData\Local\CrashDumps
2017-03-24 17:38 - 2013-04-25 09:04 - 00000000 ____D C:\Program Files (x86)\iolo
2017-03-24 17:37 - 2011-01-03 21:35 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-03-24 17:31 - 2013-04-25 09:05 - 00000000 ____D C:\ProgramData\iolo
2017-03-21 14:31 - 2012-10-12 14:38 - 00000000 ____D C:\Users\Roland\AppData\Local\ElevatedDiagnostics
2017-03-21 12:25 - 2014-12-27 23:08 - 00000000 ____D C:\Users\Roland\Desktop\Pics 12 14
2017-03-21 12:22 - 2017-02-09 21:01 - 00000000 ____D C:\Users\Roland\Desktop\217 AGO
2017-03-21 11:59 - 2012-02-12 20:15 - 00000000 ____D C:\Users\Roland\Desktop\Unused Ikons
2017-03-20 21:04 - 2013-09-14 09:46 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-20 21:04 - 2012-03-28 21:26 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-20 21:04 - 2011-11-11 14:59 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-20 21:04 - 2011-06-03 20:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-20 21:04 - 2009-09-23 17:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-20 20:54 - 2009-07-13 22:34 - 00454268 ____R C:\Windows\system32\Drivers\etc\hosts.20170324-134951.backup
2017-03-20 19:31 - 2016-01-22 13:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-03-19 21:46 - 2010-12-16 22:40 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-19 21:46 - 2010-12-16 22:40 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-19 21:36 - 2009-11-13 20:13 - 00112616 _____ C:\Users\Roland\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-19 21:31 - 2017-01-26 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-03-19 21:31 - 2014-01-06 15:40 - 00000000 ____D C:\Program Files\UVK - Ultra Virus Killer
2017-03-19 21:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2017-03-19 21:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2017-03-19 21:26 - 2016-01-05 12:35 - 00000000 ____D C:\Users\Roland\AppData\Roaming\Intuit
2017-03-18 19:25 - 2012-10-12 15:05 - 00000000 ____D C:\temp
2017-03-15 20:46 - 2016-10-27 20:52 - 00000000 ____D C:\Users\Roland\Desktop\Email Stuff
2017-03-14 17:24 - 2013-12-13 21:13 - 00000000 ____D C:\Users\Roland\Desktop\Ishler feed prices
2017-03-10 22:27 - 2016-01-05 12:41 - 00000000 ____D C:\Users\Roland\Documents\TurboTax
2017-03-09 15:46 - 2014-11-02 04:40 - 00000000 ____D C:\Users\Roland\Desktop\friends
2017-03-09 15:37 - 2016-01-05 12:33 - 00000629 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Files in the root of some directories =======

2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Smooth Strings
2014-05-21 15:59 - 2014-05-21 15:59 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Solid Colors
2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Sound Effects
2014-05-21 15:57 - 2014-05-21 15:57 - 0000268 ___RH () C:\Users\Roland\AppData\Roaming\Static Library
2017-03-24 11:26 - 2017-03-25 07:10 - 0007605 _____ () C:\Users\Roland\AppData\Local\resmon.resmoncfg
2013-04-23 21:48 - 2013-04-23 21:48 - 2250054 _____ () C:\ProgramData\1.bmp
2013-04-23 21:47 - 2013-04-23 21:47 - 0302806 _____ () C:\ProgramData\1.jpg
2011-01-03 21:26 - 2011-01-03 21:38 - 0000802 _____ () C:\ProgramData\hpzinstall.log
2016-01-05 12:33 - 2017-03-09 15:37 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-05-21 15:57 - 2014-05-21 15:57 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-05-21 15:59 - 2014-05-21 15:59 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-05-21 15:58 - 2014-05-23 11:55 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-05-21 15:58 - 2014-05-21 15:58 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\ProgramData\Soundtrack
2014-05-21 15:59 - 2014-05-21 15:59 - 0000268 ___RH () C:\ProgramData\Space Choir
2014-05-21 15:58 - 2014-05-21 15:58 - 0000268 ___RH () C:\ProgramData\Spacious
2014-05-21 15:57 - 2014-05-21 15:57 - 0000268 ___RH () C:\ProgramData\String Ensemble
2012-10-12 17:31 - 2012-10-12 19:46 - 0028232 _____ () C:\ProgramData\xportnchk.ini

Some files in TEMP:
====================
2017-03-30 05:34 - 2017-03-30 05:34 - 3957784 _____ (Geek Unіnstaller) C:\Users\Roland\AppData\Local\Temp\geek64.exe
2017-03-30 05:36 - 2017-03-24 17:18 - 11581544 _____ (SurfRight B.V.) C:\Users\Roland\AppData\Local\Temp\HitmanPro.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-20 22:23

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Roland (30-03-2017 14:22:46)
Running from C:\Users\Roland\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-11-14 00:13:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3236689562-672039265-411895171-500 - Administrator - Disabled)
Guest (S-1-5-21-3236689562-672039265-411895171-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3236689562-672039265-411895171-1002 - Limited - Enabled)
Roland (S-1-5-21-3236689562-672039265-411895171-1000 - Administrator - Enabled) => C:\Users\Roland
SophosSAUROLAND-PC0 (S-1-5-21-3236689562-672039265-411895171-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

470_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
470_Readme (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.12 (HKLM-x32\...\{23170F69-40C1-2701-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
BPDSoftware (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Brother HL-5040 (HKLM-x32\...\Brother HL-5040) (Version: - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 13.2.3.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
EPSON Artisan 810 Series Printer Uninstall (HKLM\...\EPSON Artisan 810 Series) (Version: - SEIKO EPSON Corporation)
EPSON Artisan 830 Series Printer Uninstall (HKLM\...\EPSON Artisan 830 Series) (Version: - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
Eusing Free Registry Cleaner (HKLM-x32\...\Eusing Free Registry Cleaner) (Version: - Eusing Software)
FINPACK (HKLM-x32\...\FINPACK) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
H470 (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP OfficeJet H470 (HKLM\...\{2B71BB94-F52C-4EF2-85E8-45E63296EDF2}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 2.3.11.8936 - LeapFrog)
LeapFrog Connect (x32 Version: 2.3.11.8936 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 2.3.11.8936 - LeapFrog) Hidden
Lexmark 840 Series (HKLM\...\Lexmark 840 Series) (Version: - Lexmark International, Inc.)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Accounting 2008 (HKLM-x32\...\Microsoft Office Accounting 2008) (Version: 3.0.8627.1 - Microsoft Corporation)
Microsoft Office Accounting 2008 Equifax Addin (HKLM-x32\...\{0C2AF762-0565-4C91-9F55-B8B53BB82A38}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting 2008 Fixed Asset Manager (HKLM-x32\...\{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting 2008 PayPal Addin (HKLM-x32\...\{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting ADP Payroll Addin (HKLM-x32\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MPM (HKLM-x32\...\{00772F8B-37FF-4704-A47D-72B30BFAF126}) (Version: 1.00.0000 - Hewlett-Packard)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.7 - Nikon)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
ProductContext (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
Reliable IT repair tool (HKLM\...\UVK - Ultra virus killer) (Version: 5.9.0.1 - Reliable IT)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.0 - Roxio)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
TomTom HOME 2.8.3.2499 (HKLM-x32\...\TomTom HOME) (Version: 2.8.3.2499 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 2.3.11.8936 - LeapFrog)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.6.0 - Nikon)
WebEx (HKU\S-1-5-21-3236689562-672039265-411895171-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000E6622-8E66-4CB8-BB22-0F4F4C9CAD71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0726F637-A340-47AC-8B8F-6087BA8A0E2C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-20] (Adobe Systems Incorporated)
Task: {15832EAB-161B-4C8A-96A7-11300F4C614B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {20F7C2B2-27FE-45D5-9359-9EA921ECC318} - System32\Tasks\{B2F436F5-BB82-4B49-AA0E-CF73AB8ED396} => pcalua.exe -a C:\Users\Roland\Desktop\install_flash_player_9.exe -d C:\Users\Roland\Desktop
Task: {2C4E3533-1253-41DD-A189-F2AE3C1BD123} - System32\Tasks\{0340C534-D0C2-4710-BD77-C5035BF28B2D} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe
Task: {57946441-35E3-4F03-BB0D-B5F132F26294} - System32\Tasks\{911256C9-F921-4261-91B8-2BD6F6AD8D8C} => pcalua.exe -a D:\setup.exe -d D:\
Task: {5F38FEEE-8C02-46AF-A131-3495F00C96DC} - System32\Tasks\{CE6D138D-5A2A-4319-8091-2DF841919D35} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe
Task: {8796A92C-9213-47B3-838D-44229A147DA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A6CEFA61-91CB-4C24-B433-ADFFFE59AC68} - System32\Tasks\{F1F36E3E-E697-479D-8DCD-598E6B1EAD20} => pcalua.exe -a "C:\Program Files (x86)\FINPACK\FINPACK.exe" -d "C:\Program Files (x86)\FINPACK"
Task: {C067F5CD-BD7C-4EC2-86A8-B44B1938E709} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {C56D37B2-D883-47CE-BC6F-D066233631ED} - System32\Tasks\{47FBF903-CA97-4C8A-9129-AA1B50D7A5AB} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe
Task: {DD3422B8-7429-47EF-99E6-189B5A044880} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {E49F9117-EAD7-49CF-888D-268FFDA38A82} - System32\Tasks\{F3743546-E375-4083-AA1F-907F3B6A7548} => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-09-23 17:34 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2017-03-19 21:46 - 2017-03-16 00:11 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\libglesv2.dll
2017-03-19 21:46 - 2017-03-16 00:11 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\libegl.dll