• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved DVD/CD Drives

Status
Not open for further replies.
#21
We need a security expert to take a look at this, being the Christmas period there may be some delay but as the program got on your computer without you knowing and you all of a sudden have this issue the program could be involved, meanwhile can you do the following;

Download/run then post an Autoruns log for us, free to download from here

1: Extract the Autoruns Zip file contents to a folder.

2: Double-click the "Autoruns.exe".

3: Click on the "Hide Signed Microsoft and Windows Entries” option.

4: Go to File then to Export As or Save in some versions.

5: Save AutoRuns.txt file to known location like your Desktop > when you click on File > Save you will then get the option to Save as type, click the drop down tab, change it to Text and then click the Save button.

6: Attach to your next reply.

Tutorial here
 
#22
Phil',

Thanks for that - please see attached report as requested.
Hope this is what you expected - if not please let me know where I've gone wrong.

(I once again right clicked on the "D" drive and the drop down list appeared and then went again???)
And then back to the same problem.
 

Attachments

  • ROGER-PC.txt
    92.3 KB · Views: 14
#23
Hi Roger,

Aye, exactly what I was after thanks (y)

Quick question or two, you have BitDefender Anti Virus/Malware protecting your computer, do you have a link to the Zemana AntiMalware software showing up in AutoRuns.

Have you checked the Device Manager for any yellow ! or red Xs against your drives.

Lets see how the drives show up in Disk Manager;

1. Click on the Start button and then choose Control Panel.
2. Click on the System and Security link.
Note: If you're viewing the Large icons or Small iconsview of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
3. In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
4. In the Administrative Tools window, double-click on the Computer Management icon.
5. When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.
After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.
Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.

To capture and post a screenshot;

Click on the ALT key + PRT SCR key..its on the top row..right hand side..now click on start...all programs...accessories...paint....left click in the white area ...press CTRL + V...click on file...click on save...save it to your desktop...name it something related to the screen your capturing... BE SURE TO SAVE IT AS A .JPG ...otherwise it may be to big to upload... then after typing in any response you have... click on the Upload a File tab.
 
#24
phil',
Just for info - Bitdefender and Zemana were installed via a recommendation by Gus (one of your team), after a fairly recent session with him.

phillpower2 said:
do you have a link to the Zemana AntiMalware software showing up in AutoRuns
Click to expand...
. phil' - not sure what you mean??

No yellow or red Xs. showing in Device Manager.

Please see attached screenshot as requested. CD-ROM 3 not showing in screenshot.
 

Attachments

  • Untitled.jpg
    Untitled.jpg
    116.7 KB · Views: 11
Last edited:
#25
Thanks Roger, the Zemana is not the full real time protection package then, you would be amazed at the amount of people that have been caught out by the free 14 day trial of Malwarebytes which offers full real time protection for 14 days before going back to the basic on demand scanner if not paid for to permanently upgrade.

roger hawke said:
. phil' - not sure what you mean??
Click to expand...
No problem, covered above but just to confirm was checking to make sure that the Zemana was not the full AV package.

This is definitely not hardware related, I suspect that it is registry related and something potentially caused by the rogue TechUtilities garbage that got on your machine somehow.

Need to wait on some malware expertise for now I`m afraid.

As a precaution, if you happen to use USB thumb drives or external HDDs, please do not connect them to this computer until you have been given the all clear of malware on it.
 
#26
Hi Phill and Roger, recently whilst cleaning Rogers PC I recommended he use Bitdefender as his realtime security. We also ran a scan with Zemana and I suggested he keep it as a second opinion/run as required scanner. Yes Zemana only runs as realtime for 14 days, and yes whilst it is not desirable to run more than one realtime security app at the same time it was only for the two weeks till Zemana reverted to manual scan only.

With Bitdefender running realtime and Zemana as required should give Roger excellent ongoing protection?
 
  • Like
Reactions: phillpower2
#27
Hello again Roger, can you please run FRST and ADWcleaner again?

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

icon2-jpg.112


If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

frst-disclaimer-jpg.113

  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select "Scan"

frst-jpg.114


Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

2016-08-12_152002-jpg.115


Please COPY and PASTE the contents of these two files in your next post.:)

We will need a log from AdwCleaner for further information.

Please download a copy of AdwCleaner from HERE, it is important to download it to your desktop.

Once downloaded to the desktop AdwCleaner will create an icon
eEGkHPS.jpg


Should you receive any security warnings or your User Account Control warning appears whilst you are using this application you can safely allow AdwCleaner to continue.

Before running AdwCleaner please ensure all other programs and browsers are closed, then double left click the icon to open it.

AdwCleaner will open, click the scan button to start searching.

hBYSf6z.jpg


The scan may take some time to complete, and when it has any malware found will be automatically selected for quarantining. Click the "Clean" button.

ftC2WaB.jpg


After a few seconds a message should tell you your computer will now reboot. Allow the reboot.

When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[C#].txt (The C denotes the Cleaning log)

jr9Bx9h.jpg


Please Copy and Paste the contents of the log file with your next reply.:thumbsup:
 
#28
Hi Gus,
Welcome back !!

Please find attached FRST files as requested.
Please find attached ADWcleaner file as requested.
Hopefully I've done everything correctly?
 

Attachments

  • Addition.txt
    37.5 KB · Views: 10
  • FRST.txt
    54.1 KB · Views: 5
  • AdwCleaner[C0].txt
    1.4 KB · Views: 7
  • Like
Reactions: phillpower2
#29
Roger, please copy and paste any logs, as per instructions. I have pasted the current ones.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by Roger (administrator) on ROGER-PC (27-12-2017 08:49:52)
Running from C:\Users\Roger\Desktop
Loaded Profiles: Roger (Available Profiles: Roger)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\downloader.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKU\S-1-5-21-1680508398-4254546052-4236040641-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{61F1216A-4E5B-47CC-A19A-73CEA2788528}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1680508398-4254546052-4236040641-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-09] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-06] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-09] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-06] (Oracle Corporation)
BHO-x32: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-09] (Google Inc.)
Toolbar: HKLM-x32 - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2012-04-26] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-12-09] (Google Inc.)
Toolbar: HKU\S-1-5-21-1680508398-4254546052-4236040641-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-12-09] (Google Inc.)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1481385760985

FireFox:
========
FF ProfilePath: C:\Users\Roger\AppData\Roaming\TomTom\HOME\Profiles\qc5vq6kh.default [2017-04-16]
FF ProfilePath: C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\kamjy6dk.default-1459599605567 [2017-12-26]
FF Homepage: Mozilla\Firefox\Profiles\kamjy6dk.default-1459599605567 -> hxxps://www.google.co.uk/
FF Extension: (Autofill) - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\kamjy6dk.default-1459599605567\Extensions\firefox-autofill@googlegroups.com.xpi [2016-07-10] [Legacy]
FF Extension: (Form History Control (II)) - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\kamjy6dk.default-1459599605567\Extensions\formhistory@yahoo.com.xpi [2017-11-26]
FF Extension: (Google Translator for Firefox) - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\kamjy6dk.default-1459599605567\Extensions\translator@zoli.bod.xpi [2017-11-26]
FF Extension: (Googlebar Lite) - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\kamjy6dk.default-1459599605567\Extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi [2016-05-16] [Legacy]
FF Extension: (Default Full Zoom Level) - C:\Users\Roger\AppData\Roaming\Mozilla\Firefox\Profiles\kamjy6dk.default-1459599605567\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2016-05-16] [Legacy]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-23] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2013-03-21] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-02-11] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-27] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default [2017-12-26]
CHR Extension: (No Name) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-03]
CHR Extension: (Docs) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-27]
CHR Extension: (Google Drive) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-27]
CHR Extension: (YouTube) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-27]
CHR Extension: (avast! SafePrice) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-27]
CHR Extension: (Gmail) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-09-13] (Digital Wave Ltd.)
S4 Everything; C:\Program Files\Everything\Everything.exe [2197608 2017-06-07] ()
S4 ICScsiSV; C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [75952 2007-01-26] (Sony Corporation)
S4 IcVzMonLauncher; C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [67760 2007-01-26] (Sony Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 Image Converter video recording monitor for VAIO Entertainment; C:\Program Files (x86)\Sony\IMAGE CONVERTER 3\IcVzMon.exe [43184 2007-01-26] (Sony Corporation)
S4 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
S4 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
S4 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
S4 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S4 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S4 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2017-11-15] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2017-11-15] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2017-11-15] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2013-04-10] ()
R0 atc; C:\Windows\System32\DRIVERS\atc.sys [1019880 2017-11-15] (BitDefender S.R.L. Bucharest, ROMANIA)
R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-25] (Atheros Communications, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1763744 2017-11-15] (BitDefender)
R0 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [155488 2017-11-17] (Bitdefender)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [250504 2017-11-15] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-07-26] (The OpenVPN Project)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 USTOR2K; C:\Windows\System32\DRIVERS\ustor2k.sys [52224 2010-02-22] (Genesys Logic) [File not signed]
R0 videX64; C:\Windows\System32\DRIVERS\videX64.sys [15000 2013-03-20] (VIA Technologies, Inc.)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [95232 2010-11-20] (Microsoft Corporation) [File not signed]
R0 xfiltx64; C:\Windows\System32\DRIVERS\xfiltx64.sys [26776 2013-03-20] (VIA Technologies, Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-11-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-11-26] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-27 08:49 - 2017-12-27 08:50 - 000015995 _____ C:\Users\Roger\Desktop\FRST.txt
2017-12-27 08:49 - 2017-12-27 08:49 - 000000000 ____D C:\FRST
2017-12-27 08:47 - 2017-12-27 08:47 - 002391552 _____ (Farbar) C:\Users\Roger\Desktop\FRST64.exe
2017-12-25 18:46 - 2017-12-25 18:46 - 000094566 _____ C:\Users\Roger\Desktop\ROGER-PC.txt
2017-12-25 18:40 - 2017-12-25 18:40 - 000000000 ____D C:\Users\Roger\Desktop\Autoruns
2017-12-25 18:39 - 2017-12-25 18:39 - 001336829 _____ C:\Users\Roger\Desktop\Autoruns.zip
2017-12-24 19:59 - 2017-12-24 19:42 - 000019588 _____ C:\Users\Roger\Desktop\chkdsk_full_log.txt
2017-12-24 19:59 - 2017-12-24 19:42 - 000004524 _____ C:\Users\Roger\Desktop\chkdsk_log.txt
2017-12-24 19:31 - 2017-12-24 19:31 - 000003654 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-12-24 19:31 - 2017-12-24 19:31 - 000002123 _____ C:\Users\Roger\Desktop\Tweaking.com - Windows Repair.lnk
2017-12-24 19:31 - 2017-12-24 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-12-24 19:31 - 2017-12-24 19:31 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2017-12-24 19:29 - 2017-12-24 19:29 - 037693392 _____ (Tweaking.com) C:\Users\Roger\Desktop\tweaking.com_windows_repair_aio_setup.exe
2017-12-24 17:39 - 2017-12-27 08:50 - 000040769 _____ C:\Windows\ZAM.krnl.trace
2017-12-24 17:39 - 2017-12-27 08:50 - 000013263 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-12-24 16:49 - 2017-12-24 16:49 - 000000756 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-12-24 16:49 - 2017-12-24 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-12-24 16:49 - 2017-12-24 16:49 - 000000000 ____D C:\Program Files\Speccy
2017-12-24 16:48 - 2017-12-24 16:48 - 006299336 _____ (Piriform Ltd) C:\Users\Roger\Desktop\spsetup131.exe
2017-12-16 08:56 - 2017-12-16 08:56 - 000045704 _____ () C:\Windows\system32\Drivers\staport.sys
2017-12-16 08:53 - 2017-12-16 13:06 - 000000000 ____D C:\ProgramData\AVAST Software
2017-12-16 08:09 - 2017-11-14 03:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-16 08:09 - 2017-11-14 02:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-16 08:09 - 2017-11-14 01:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-16 08:08 - 2017-11-15 01:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-12-16 08:08 - 2017-11-15 00:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-12-16 08:08 - 2017-11-14 03:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-12-16 08:08 - 2017-11-14 03:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-12-16 08:08 - 2017-11-14 03:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-16 08:08 - 2017-11-14 03:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-12-16 08:08 - 2017-11-14 03:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-12-16 08:08 - 2017-11-14 03:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-16 08:08 - 2017-11-14 03:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-12-16 08:08 - 2017-11-14 03:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-12-16 08:08 - 2017-11-14 03:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-16 08:08 - 2017-11-14 03:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-12-16 08:08 - 2017-11-14 03:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-12-16 08:08 - 2017-11-14 03:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-12-16 08:08 - 2017-11-14 03:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-16 08:08 - 2017-11-14 03:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-16 08:08 - 2017-11-14 03:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-12-16 08:08 - 2017-11-14 03:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-12-16 08:08 - 2017-11-14 03:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-16 08:08 - 2017-11-14 03:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-12-16 08:08 - 2017-11-14 03:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-12-16 08:08 - 2017-11-14 03:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-16 08:08 - 2017-11-14 03:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-12-16 08:08 - 2017-11-14 03:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-12-16 08:08 - 2017-11-14 03:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-12-16 08:08 - 2017-11-14 03:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-12-16 08:08 - 2017-11-14 02:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-12-16 08:08 - 2017-11-14 02:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-12-16 08:08 - 2017-11-14 02:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-12-16 08:08 - 2017-11-14 02:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-16 08:08 - 2017-11-14 02:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-12-16 08:08 - 2017-11-14 02:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-16 08:08 - 2017-11-14 02:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-16 08:08 - 2017-11-14 02:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-16 08:08 - 2017-11-14 02:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-12-16 08:08 - 2017-11-14 01:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-16 08:08 - 2017-11-14 01:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-12-16 08:08 - 2017-11-14 01:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-12-16 08:08 - 2017-11-14 01:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-12-16 08:08 - 2017-11-14 00:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-16 08:08 - 2017-11-14 00:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-12-16 08:08 - 2017-11-07 20:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-12-16 08:08 - 2017-11-07 20:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-12-16 08:08 - 2017-11-07 20:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-12-16 08:08 - 2017-11-07 20:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-12-16 08:08 - 2017-11-07 20:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-16 08:08 - 2017-11-07 20:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-12-16 08:08 - 2017-11-07 20:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-12-16 08:08 - 2017-11-07 20:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-12-16 08:08 - 2017-11-07 20:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-16 08:08 - 2017-11-07 20:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-16 08:08 - 2017-11-07 20:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-12-16 08:08 - 2017-11-07 20:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-12-16 08:08 - 2017-11-07 20:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-12-16 08:08 - 2017-11-07 20:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-12-16 08:08 - 2017-11-07 20:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-16 08:08 - 2017-11-07 20:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-12-16 08:08 - 2017-11-07 20:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-12-16 08:08 - 2017-11-07 20:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-12-16 08:08 - 2017-11-07 20:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-12-16 08:08 - 2017-11-07 20:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-16 08:08 - 2017-11-07 20:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-12-16 08:08 - 2017-11-07 20:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-16 08:08 - 2017-11-07 20:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-16 08:08 - 2017-11-07 19:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-12-16 08:08 - 2017-11-07 16:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-16 08:08 - 2017-11-07 16:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-16 08:08 - 2017-11-04 15:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2017-12-16 08:08 - 2017-11-04 15:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-16 08:08 - 2017-11-04 15:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2017-12-16 08:08 - 2017-11-04 15:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-16 08:08 - 2017-11-02 16:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-16 08:08 - 2017-11-02 16:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2017-12-16 08:08 - 2017-11-02 16:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-12-16 08:08 - 2017-11-02 16:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2017-12-16 08:08 - 2017-11-02 15:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-16 08:08 - 2017-11-02 15:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2017-12-16 08:08 - 2017-11-02 15:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-12-16 08:08 - 2017-11-02 14:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2017-12-16 08:08 - 2017-10-16 23:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-12-16 08:08 - 2017-10-16 22:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-12-16 08:08 - 2017-10-12 00:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-16 07:55 - 2017-12-16 07:56 - 218332489 _____ C:\Users\Roger\My Documents\Thunderbird 52.5.0 (en-US) - 2017-12-16.pcv
2017-12-09 19:39 - 2017-12-22 11:57 - 000000000 ____D C:\Users\Roger\My Documents\'TONES STUFF
2017-12-09 15:14 - 2017-12-09 15:15 - 000000000 ____D C:\Users\Roger\My Documents\FORUMS
2017-12-08 15:12 - 2017-12-08 15:11 - 011723350 _____ C:\Users\Roger\My Documents\Canon PowerShot620 Manual.pdf
2017-12-07 12:05 - 2017-12-07 12:05 - 000000000 ____D C:\Users\Roger\AppData\Roaming\ZoomBrowser EX
2017-12-07 12:00 - 2017-12-07 12:00 - 000000000 ____D C:\ProgramData\ZoomBrowser
2017-12-07 11:43 - 2017-12-13 16:37 - 000000000 ____D C:\Users\Roger\AppData\Roaming\CANON INC
2017-12-07 11:42 - 2017-12-07 11:42 - 000000000 ____D C:\Users\Roger\AppData\Roaming\Canon_Inc_IC
2017-12-07 11:41 - 2017-12-07 11:41 - 000000000 ____D C:\Users\Roger\AppData\Roaming\canon
2017-12-07 11:41 - 2017-12-07 11:41 - 000000000 ____D C:\ProgramData\Canon_Inc_IC
2017-12-06 16:47 - 2017-12-24 19:23 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-27 13:10 - 2017-11-27 13:10 - 000000000 ____D C:\ProgramData\dbg
2017-11-27 11:07 - 2017-11-27 11:07 - 000001377 _____ C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-11-27 11:06 - 2017-12-24 19:23 - 000003874 _____ C:\Windows\System32\Tasks\CCleaner Update
2017-11-27 11:06 - 2017-12-24 19:23 - 000002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-11-27 10:58 - 2017-12-25 00:30 - 000000000 ____D C:\Users\Roger\AppData\Local\Everything
2017-11-27 10:45 - 2017-10-18 02:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-27 10:45 - 2017-10-18 02:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-27 10:45 - 2017-10-18 02:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-27 10:45 - 2017-10-18 02:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-27 10:45 - 2017-10-18 02:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-27 10:45 - 2017-10-18 02:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-27 10:45 - 2017-10-18 02:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-27 10:45 - 2017-10-16 23:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-27 10:45 - 2017-10-16 21:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-27 10:45 - 2017-10-12 00:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-27 10:45 - 2017-10-12 00:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-27 10:45 - 2017-10-12 00:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-27 10:45 - 2017-10-12 00:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-27 10:45 - 2017-10-12 00:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-27 10:45 - 2017-10-12 00:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-27 10:45 - 2017-10-12 00:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-27 10:45 - 2017-10-12 00:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-27 10:45 - 2017-10-12 00:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-27 10:45 - 2017-10-12 00:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-27 10:45 - 2017-10-12 00:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-27 10:45 - 2017-10-12 00:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-27 10:45 - 2017-10-12 00:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-27 10:45 - 2017-10-12 00:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-27 10:45 - 2017-10-12 00:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-27 10:45 - 2017-10-12 00:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-27 10:45 - 2017-10-12 00:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-27 10:45 - 2017-10-12 00:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-27 10:45 - 2017-10-12 00:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-27 10:45 - 2017-10-12 00:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-27 10:45 - 2017-10-12 00:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-27 10:45 - 2017-10-12 00:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-27 10:45 - 2017-10-12 00:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-27 10:45 - 2017-10-12 00:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-27 10:45 - 2017-10-12 00:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-27 10:45 - 2017-10-12 00:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-27 10:45 - 2017-10-12 00:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-27 10:45 - 2017-10-12 00:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-27 10:45 - 2017-10-12 00:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-27 10:45 - 2017-10-12 00:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-27 10:45 - 2017-10-12 00:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-27 10:45 - 2017-10-12 00:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-27 10:45 - 2017-09-07 13:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-27 10:40 - 2017-11-17 04:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-27 10:40 - 2017-10-18 02:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-27 10:40 - 2017-10-18 02:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-27 10:40 - 2017-10-15 22:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-27 10:40 - 2017-10-04 13:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-27 10:40 - 2017-10-04 13:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-27 10:40 - 2017-10-04 13:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-27 10:40 - 2017-10-04 13:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-27 10:40 - 2017-10-04 13:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-27 10:40 - 2017-10-04 13:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-27 10:40 - 2017-10-04 13:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-27 10:15 - 2017-11-27 10:11 - 000000953 _____ C:\Users\Roger\My Documents\Search Everything.lnk
2017-11-27 10:15 - 2017-11-27 10:10 - 001443120 _____ () C:\Users\Roger\My Documents\Everything-1.4.1.877.x64-Setup.exe
2017-11-27 10:11 - 2017-12-25 00:30 - 000000000 ____D C:\Users\Roger\AppData\Roaming\Everything
2017-11-27 10:11 - 2017-12-25 00:22 - 000000000 ____D C:\Program Files\Everything
2017-11-27 10:11 - 2017-11-27 10:11 - 000000000 ____D C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-27 08:49 - 2017-11-15 10:04 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-12-27 08:45 - 2016-12-09 14:25 - 000000000 ____D C:\Users\Roger\AppData\LocalLow\Mozilla
2017-12-27 08:44 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-26 18:38 - 2013-03-21 19:20 - 000000000 ____D C:\Users\Roger\AppData\Roaming\PhotoScape
2017-12-26 18:38 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
2017-12-26 18:28 - 2013-03-20 15:21 - 000000000 ____D C:\Users\Roger
2017-12-26 09:10 - 2009-07-14 04:45 - 000031120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-26 09:10 - 2009-07-14 04:45 - 000031120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-25 09:20 - 2014-10-22 18:53 - 000000000 ____D C:\Program Files\Recuva
2017-12-24 19:23 - 2017-11-21 15:05 - 000004326 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-24 19:23 - 2017-11-15 09:47 - 000003650 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-12-24 19:23 - 2013-03-21 16:16 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-24 19:23 - 2013-03-21 16:16 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-24 17:18 - 2013-03-21 21:18 - 000000000 ____D C:\ProgramData\TEMP
2017-12-24 16:02 - 2013-03-21 21:50 - 000000000 ____D C:\Users\Roger\AppData\Local\ElevatedDiagnostics
2017-12-23 15:07 - 2013-03-21 19:28 - 000000000 ____D C:\Users\Roger\AppData\Roaming\vlc
2017-12-21 09:52 - 2013-03-21 18:15 - 000000000 ____D C:\Program Files (x86)\EPSON Print CD
2017-12-21 09:51 - 2009-07-14 05:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-12-16 13:03 - 2015-06-14 09:50 - 000000000 ____D C:\Users\Roger\My Documents\PC info
2017-12-16 12:17 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\rescache
2017-12-16 08:30 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-16 08:30 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-16 08:17 - 2014-01-19 09:55 - 000766376 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-12-16 08:17 - 2009-07-14 05:13 - 000766376 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-16 08:14 - 2013-07-31 10:43 - 000000000 ____D C:\Windows\system32\MRT
2017-12-16 08:10 - 2017-11-04 10:59 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-16 08:10 - 2013-03-22 00:04 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-12 18:14 - 2013-03-21 20:12 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-12 18:14 - 2013-03-21 20:12 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-12 18:14 - 2013-03-21 20:12 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-12 18:14 - 2013-03-21 20:06 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-09 18:55 - 2009-07-14 05:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-09 09:57 - 2013-03-22 14:29 - 000000000 ____D C:\Windows\pss
2017-12-07 12:01 - 2013-03-21 20:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2017-12-07 12:01 - 2013-03-21 20:33 - 000000000 ____D C:\Program Files (x86)\Canon
2017-12-07 09:02 - 2015-04-21 08:46 - 000000000 ____D C:\Users\Roger\AppData\Local\Windows Live
2017-12-06 16:47 - 2016-02-16 19:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-29 13:27 - 2015-03-04 20:33 - 000000000 ____D C:\Users\Roger\My Documents\DVD Photo Slideshow
2017-11-29 08:58 - 2013-03-21 19:17 - 000000000 ____D C:\Users\Roger\AppData\Roaming\Audacity
2017-11-28 14:48 - 2016-11-27 16:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-11-28 14:48 - 2013-03-21 17:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-27 11:09 - 2014-12-06 15:48 - 000000000 ____D C:\Users\Roger\AppData\Local\CrashDumps
2017-11-27 11:07 - 2013-03-21 16:16 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-27 11:02 - 2009-07-14 04:45 - 000348272 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-27 10:59 - 2014-12-16 14:43 - 000000000 ____D C:\Windows\system32\appraiser

==================== Files in the root of some directories =======

2015-06-06 10:28 - 2007-02-05 09:10 - 000038456 _____ (Sony Corporation) C:\Program Files (x86)\AppReg.exe
2015-06-05 17:05 - 2005-03-21 19:30 - 000106496 _____ (Microsoft Corporation) C:\Program Files (x86)\atl71.dll
2015-06-06 10:29 - 2007-02-02 18:39 - 000081920 _____ (Sony Corporation) C:\Program Files (x86)\Cddb2Access.dll
2015-06-06 10:28 - 2007-02-02 18:46 - 000094208 _____ (Sony Corporation) C:\Program Files (x86)\DMPInternet.dll
2015-06-06 10:28 - 2006-12-26 16:57 - 000143360 _____ (Inner Media, Inc.) C:\Program Files (x86)\dunzip32.dll
2015-06-06 10:28 - 2007-02-02 18:46 - 000045056 _____ (Sony Corporation) C:\Program Files (x86)\GenMediaKey.dll
2015-06-06 10:28 - 2007-02-02 18:42 - 000032768 _____ (Sony Corporation) C:\Program Files (x86)\HelpHelper.dll
2015-06-06 10:28 - 2005-03-21 19:34 - 000352256 _____ (Intel Corporation) C:\Program Files (x86)\ijl15.dll
2015-06-06 10:28 - 2005-03-21 19:30 - 000000007 _____ () C:\Program Files (x86)\initials.ini
2015-06-06 10:28 - 2007-02-02 18:41 - 000434176 _____ (Sony Corporation) C:\Program Files (x86)\Items.dll
2015-06-06 10:28 - 2005-03-21 19:30 - 000065536 _____ (Microsoft Corporation) C:\Program Files (x86)\JETCOMP.exe
2015-06-06 10:28 - 2007-02-02 18:07 - 000012800 _____ (Sony Corporation) C:\Program Files (x86)\Lam.dll
2015-06-05 17:05 - 2005-03-21 19:30 - 001060864 _____ (Microsoft Corporation) C:\Program Files (x86)\mfc71.dll
2015-06-05 17:05 - 2005-03-21 19:30 - 000499712 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcp71.dll
2015-06-05 17:05 - 2005-03-21 19:30 - 000348160 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcr71.dll
2015-06-06 10:28 - 2007-02-05 09:10 - 000603704 _____ (Sony Corporation) C:\Program Files (x86)\Ojbsir.exe
2015-06-06 10:28 - 2007-02-02 19:03 - 000528384 _____ (Sony Corporation) C:\Program Files (x86)\OjbSirRes.dll
2015-06-06 10:28 - 2007-02-05 09:10 - 000603704 _____ (Sony Corporation) C:\Program Files (x86)\Omg1to2.exe
2015-06-06 10:28 - 2007-02-02 18:05 - 000003584 _____ (Sony Corporation) C:\Program Files (x86)\Omg1to2Res.dll
2015-06-06 10:28 - 2007-02-05 09:10 - 000816696 _____ (Sony Corporation) C:\Program Files (x86)\OMG2OMA.exe
2015-06-06 19:49 - 2015-06-06 19:49 - 000000642 _____ () C:\Program Files (x86)\OMG2OMA.LOG
2015-06-06 10:28 - 2007-02-02 18:08 - 000536576 _____ (Sony Corporation) C:\Program Files (x86)\OMG2OMARes.dll
2015-06-06 10:28 - 2007-02-05 09:11 - 001201720 _____ (Sony Corporation) C:\Program Files (x86)\Omgbkup.exe
2015-06-06 10:28 - 2007-02-02 19:07 - 000143360 _____ (Sony Corporation) C:\Program Files (x86)\OmgbkupRes.dll
2015-06-06 10:28 - 2007-02-05 09:11 - 005961272 _____ (Sony Corporation) C:\Program Files (x86)\Omgjbox.exe
2015-06-06 10:28 - 2007-02-02 18:35 - 001323008 _____ (Sony Corporation) C:\Program Files (x86)\OmgjboxRes.dll
2015-06-06 10:28 - 2007-02-02 18:36 - 000106496 _____ (Sony Corporation) C:\Program Files (x86)\RBasis.dll
2015-06-06 10:29 - 2007-01-16 17:13 - 000007453 _____ () C:\Program Files (x86)\Readme.txt
2015-06-06 10:28 - 2007-02-02 18:39 - 000196608 _____ (Sony Corporation) C:\Program Files (x86)\RGraph.dll
2015-06-06 10:28 - 2007-02-02 18:42 - 000798720 _____ (Sony Corporation) C:\Program Files (x86)\Si.dll
2015-06-06 10:28 - 2005-08-25 08:10 - 000081920 _____ (Sony Corporation) C:\Program Files (x86)\SonyFsConvFilter.ax
2015-06-06 10:28 - 2007-02-02 19:08 - 000053248 _____ (Sony Corporation) C:\Program Files (x86)\SonyWavParser2.ax
2015-06-05 17:05 - 2007-02-05 09:11 - 000476728 _____ () C:\Program Files (x86)\SSAAD.exe
2015-06-06 10:28 - 2007-02-02 18:39 - 000397312 _____ (Sony Corporation) C:\Program Files (x86)\SsEncMp3.dll
2015-06-06 10:28 - 2007-02-02 18:39 - 000065536 _____ (Sony Corporation) C:\Program Files (x86)\SsEncWma.dll
2015-06-05 17:05 - 2007-02-02 18:39 - 000217088 _____ (Sony Corporation) C:\Program Files (x86)\SsMidAccess.dll
2015-06-06 10:28 - 2007-02-02 18:40 - 000131072 _____ (Sony Corporation) C:\Program Files (x86)\SsMtp.dll
2015-06-06 10:28 - 2007-02-02 18:39 - 000049152 _____ (Sony Corporation) C:\Program Files (x86)\SsProxy.dll
2015-06-06 10:28 - 2007-02-02 18:42 - 000057344 _____ (Sony Corporation) C:\Program Files (x86)\SsTpl.dll
2015-06-06 10:28 - 2007-02-02 19:09 - 000025600 _____ (Sony Corporation) C:\Program Files (x86)\SsVerChk.ocx
2015-06-06 10:28 - 2007-02-02 19:08 - 000065536 _____ (Sony Corporation) C:\Program Files (x86)\StdoutSs2.ax
2015-06-06 10:29 - 2007-02-05 18:29 - 000000014 _____ () C:\Program Files (x86)\Version.txt
2015-06-06 10:28 - 2007-02-02 18:46 - 000013312 _____ (Sony Corporation) C:\Program Files (x86)\WtsNotify.dll
2015-06-06 10:28 - 2006-12-19 14:03 - 000192512 _____ (Sony Corporation) C:\Program Files (x86)\XCoreAudio.dll
2015-06-06 10:28 - 2007-02-02 18:47 - 000069632 _____ (Sony Corporation) C:\Program Files (x86)\XPanel.dll
2015-06-06 10:28 - 2007-02-02 18:08 - 000017920 _____ (Sony Corporation) C:\Program Files (x86)\XThumbnail.dll
2016-07-02 21:13 - 2016-07-02 21:14 - 000000115 _____ () C:\Users\Roger\AppData\Roaming\LogFile.txt
2015-05-02 20:24 - 2015-05-02 20:27 - 000000149 _____ () C:\Users\Roger\AppData\Roaming\settings.xml
2014-10-27 21:01 - 2016-01-04 16:40 - 000027136 ___SH () C:\Users\Roger\AppData\Roaming\Thumbs.db
2014-10-14 09:48 - 2014-10-14 09:48 - 000017194 _____ () C:\Users\Roger\AppData\Roaming\UserTile.png
2013-11-17 10:36 - 2014-04-05 08:58 - 000000124 _____ () C:\Users\Roger\AppData\Roaming\WB.CFG
2013-11-17 10:36 - 2013-11-21 11:36 - 000000006 _____ () C:\Users\Roger\AppData\Roaming\WBPU-TTL.DAT
2014-11-18 15:43 - 2015-05-07 10:32 - 000006656 _____ () C:\Users\Roger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-28 10:34 - 2015-06-28 10:34 - 000006271 _____ () C:\Users\Roger\AppData\Local\recently-used.xbel
2013-11-16 14:47 - 2013-11-16 14:47 - 000000017 _____ () C:\Users\Roger\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-20 10:59

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Roger (27-12-2017 08:52:04)
Running from C:\Users\Roger\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-03-20 15:21:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1680508398-4254546052-4236040641-500 - Administrator - Disabled)
Guest (S-1-5-21-1680508398-4254546052-4236040641-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1680508398-4254546052-4236040641-1002 - Limited - Enabled)
Roger (S-1-5-21-1680508398-4254546052-4236040641-1001 - Administrator - Enabled) => C:\Users\Roger

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ArcSoft Camera Suite 1.3 (HKLM-x32\...\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}) (Version: - )
Ashampoo Burning Studio 2017 (HKLM-x32\...\{91B33C97-C878-6579-69BA-23E5405C7AAB}_is1) (Version: 18.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Uninstaller 2017 (HKLM-x32\...\{4209F371-E035-1302-F540-12532A0A4FC7}_is1) (Version: 6.00.14 - Ashampoo GmbH & Co. KG)
Autoplay Repair 2.2.2 (HKLM-x32\...\Autoplay Repair) (Version: 2.2.2 - OrangeBlue)
BenVista PhotoZoom Classic 6.1 (HKU\S-1-5-21-1680508398-4254546052-4236040641-1001\...\PhotoZoom Classic 6) (Version: 6.1 - BenVista Ltd.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.8.33 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.8.0.1 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.7.0.1 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.7.0.6 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.5.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.6.0.5 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.7.32 - Canon Inc.)
Canon Utilities Map Utility (HKLM-x32\...\Map Utility Parent) (Version: 1.8.1.2 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.1.0.4 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.6.0.23 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.4.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
ColorPic (HKLM-x32\...\ColorPic) (Version: 4.1 - Iconico)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD Menu Template Package 1.2 (HKLM-x32\...\DVD Menu Template Package) (Version: 1.2 - AnvSoft Inc.)
EPSON Attach To Email (HKLM-x32\...\{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Attach To Email (HKLM-x32\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Easy Photo Print (HKLM-x32\...\{1DF4AC80-F76B-42AE-A263-15D2313D4472}) (Version: 1.2.0.0 - )
Epson E-Web Print (HKLM-x32\...\{876D7EAD-D1FB-4AB2-B922-796EBDE58924}) (Version: 1.10.0000 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM-x32\...\{E86BC406-944E-41F6-ADE6-2C136734C96B}) (Version: 1.1.0.0 - )
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.44.00 - Seiko Epson Corporation)
EPSON Print CD (HKLM-x32\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.40.000 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Web-To-Page (HKLM-x32\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version: - )
ESPR220 User's Guide (HKLM-x32\...\ESPR220 User's Guide) (Version: - )
Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
FastStone Photo Resizer 3.8 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.8 - FastStone Soft.)
Free Video To MP3 Converter (HKLM-x32\...\Free Video To MP3 Converter_is1) (Version: 5.1.5.913 - Digital Wave Ltd)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Image Converter 3 (HKLM-x32\...\{FE013D72-CF3D-41A8-BC09-C38070FDE2CB}) (Version: 3.0 - Sony Corporation)
iTunes (HKLM\...\{22CF21C4-4E46-458B-B363-E4890B53A650}) (Version: 12.7.1.14 - Apple Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Menu Template Package 1 Ver 1.10 (HKLM-x32\...\Anvsoft DVD Menu Template Package 1) (Version: 1.10 - Anvsoft, Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 57.0 (x64 en-GB)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Mozilla Thunderbird 52.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.5.0 (x86 en-US)) (Version: 52.5.0 - Mozilla)
Nero 11 (HKLM-x32\...\{EB475D31-14C0-4DC3-8E0A-8AE1711399B3}) (Version: 11.0.10100 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 12.0.4000 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1006 - Nero AG)
Nero MediaHome Free (HKLM-x32\...\{AD35CA78-52F0-4A86-B672-0EF769752CEB}) (Version: 15.0.04700 - Nero AG)
Nero Prerequisite Installer 1.0 (HKLM-x32\...\{E4B86819-E9B8-4089-963B-DF5E70E7A05E}) (Version: 11.0.13100 - Nero AG)
Nero Prerequisite Installer 3.0 (HKLM-x32\...\{929FAC65-06DD-4577-882C-E8A558C47B75}) (Version: 15.0.00900 - Nero AG)
Nero Prerequisite Installer 6.0 (HKLM-x32\...\{E5BAA2DF-F586-4319-BF9B-30AA50AD6B5D}) (Version: 18.0.00100 - Nero AG)
OpenMG Limited Patch 4.7-07-14-05-01 (HKLM-x32\...\OpenMG HotFix4.7-07-13-22-01) (Version: - )
OpenMG Secure Module 4.7.00 (HKLM-x32\...\{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation) Hidden
OpenMG Secure Module 4.7.00 (HKLM-x32\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
PDF Manual NW-A800 Series (HKLM-x32\...\{99B9FAF2-33FD-4DC7-9087-5BC2EE4CBB9E}) (Version: 1.0 - Sony Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PIF DESIGNER (HKLM-x32\...\{B90450DF-E781-46FD-B1F1-0C86DA40E443}) (Version: - )
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
Prerequisite installer (HKLM-x32\...\{5909A89E-C97F-407C-AE2B-47BDED86BF5D}) (Version: 15.0.0010 - Nero AG) Hidden
Prerequisite installer (HKLM-x32\...\{EB511CD1-C87C-490D-A7B1-D6C47F57820F}) (Version: 18.0.0003 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Reshade 3.0 (HKLM-x32\...\Reshade 3.0) (Version: 3.0 - Reshade)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SimEditor (UB01) v.2.6.8 (remove only) (HKLM-x32\...\SimEditor (UB01)) (Version: - )
SonicStage 4.3 (HKLM-x32\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
Sony Video Shared Library (HKLM-x32\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.1.01 - Sony Corporation)
Sound Blaster X-Fi (HKLM-x32\...\{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}) (Version: 1.0 - )
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SSC Service Utility v4.30 (HKLM-x32\...\SSC Service Utility_is1) (Version: - SSC Localization Group)
TomTom HOME (HKLM-x32\...\{30E6FC43-C31F-4968-9A06-AA38E3C3CF73}) (Version: 2.10.1 - TomTom)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.11 - Tweaking.com)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
USB2.0 Card Reader Software (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 1.00.0000 - Realtek Semiconductor Corp.)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Video Downloader (HKLM-x32\...\{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}) (Version: 1.0.00.03050 - Sony Corporation)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WALKMAN Launcher (HKLM-x32\...\{C20B3C31-28CD-4732-AE45-A30F401AF91F}) (Version: 1.0.00.02190 - Sony Corporation)
Welcome App (Start-up experience) (HKLM-x32\...\{51865D9D-8F63-46F2-87AB-9E72F93B618C}) (Version: 11.0.23500.0.0 - Nero AG) Hidden
WinAVI Video Converter (HKLM-x32\...\WinAVI Video Converter) (Version: 11.5.1.4360 - ZJMedia Digital Technology Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player 64-bit Plug-in Fix (HKLM\...\{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}.sdb) (Version: - )
WizTree v3.16 (HKLM\...\WizTree_is1) (Version: - Antibody Software)
Womble EasyDVD 1.0.1.28 (12/2013) (HKLM-x32\...\Womble EasyDVD) (Version: 1.0.1.28 (12/2013) - Womble Multimedia, Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-26] ()
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers2: [CardLocatingExt] -> {4C2815A8-D0F1-466E-BBC7-8CCBC0D19112} => C:\Program Files (x86)\Realtek\USB2.0 Card Reader Software\CardLocating.dll [2009-01-09] ()
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2014-11-20] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-26] ()
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2014-03-14] (Piriform Ltd)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04D43E1E-1513-45FD-A0D4-59B9A6845A25} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-06-21] (Bitdefender)
Task: {0B03AE65-CE05-46C8-8356-64B6980EA2AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {239C021D-A82E-4198-8466-C07A768877BB} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {2E426580-5E77-4259-BCC2-AD2A7CBEEEDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {3C37137B-72FE-4B7C-87AD-390719FF8D66} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {AA1D64D3-9F9E-4748-8CA8-F73D26C91807} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DCF1A779-2E76-44DE-B1EA-0EE5EFC1CE8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E4693233-7541-47CF-A605-C92EBFD47BEF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {F29D109D-DBD8-425A-83B4-7DB78FBDEBB5} - \TechUtilities -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Roger\My Documents\Create IPhone - Ringtones.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.udemy.com/blog/how-to-add-ringtones-to-iphone/
ShortcutWithArgument: C:\Users\Roger\My Documents\Draw Polygon - Freeform shape.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.dummies.com/how-to/content/how-to-draw-polygon-or-freeform-shapes-on-your-pow.html
ShortcutWithArgument: C:\Users\Roger\My Documents\Google Preference Page.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.google.co.uk/preferences
ShortcutWithArgument: C:\Users\Roger\My Documents\Youtube Clips.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://en.savefrom.net/102-how-to-download-youtube-video-mp3.html?lang=en
ShortcutWithArgument: C:\Users\Roger\My Documents\FORUMS\Thunderbird Forum.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://forums.mozillazine.org/viewforum.php?f=39
ShortcutWithArgument: C:\Users\Roger\My Documents\'TONES STUFF\'Tones Facebook.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.facebook.com/OfficialTheUndertones/
ShortcutWithArgument: C:\Users\Roger\My Documents\'TONES STUFF\'Tones Italian.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.facebook.com/pages/The-Undertones-Italia/289890997869209?ref_type=bookmark
ShortcutWithArgument: C:\Users\Roger\My Documents\'TONES STUFF\Rocking Humdingers Club.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.facebook.com/UndertonesHumdingers/
ShortcutWithArgument: C:\Users\Roger\Desktop\Radio Foyle.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.bbc.co.uk/programmes/b038c0vg
ShortcutWithArgument: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Documents\My Documents\'Tones Italian.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.facebook.com/pages/The-Undertones-Italia/289890997869209?ref_type=bookmark
ShortcutWithArgument: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Documents\My Documents\Draw Polygon - Freeform shape.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.dummies.com/how-to/content/how-to-draw-polygon-or-freeform-shapes-on-your-pow.html
ShortcutWithArgument: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Documents\My Documents\Google Preference Page.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.google.co.uk/preferences

==================== Loaded Modules (Whitelisted) ==============

2017-11-15 10:05 - 2017-11-23 18:49 - 000280576 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2017-11-15 10:05 - 2017-02-07 12:29 - 001008448 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2017-11-15 10:05 - 2017-02-07 12:29 - 000541952 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2017-11-15 10:05 - 2017-02-07 12:29 - 003243920 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2017-11-15 10:05 - 2017-02-07 12:29 - 001544568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2010-07-15 04:44 - 2010-07-15 04:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2017-11-26 09:27 - 2017-11-26 09:27 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:A31FAD21 [163]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2017-11-26 11:09 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1680508398-4254546052-4236040641-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: EPSON_PM_RPCV4_01 => 2
MSCONFIG\Services: Everything => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: ICScsiSV => 3
MSCONFIG\Services: IcVzMonLauncher => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: Image Converter video recording monitor for VAIO Entertainment => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSCSPTISRV => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: PACSPTISVR => 3
MSCONFIG\Services: ProductAgentService => 2
MSCONFIG\Services: SonicStage Back-End Service => 3
MSCONFIG\Services: SPTISRV => 3
MSCONFIG\Services: SSScsiSV => 3
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: ZAMSvc => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0C988403-6F21-4350-B509-1726E45FDF24}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F067DDE8-8E5E-450C-B4A0-9386A653F2D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

16-12-2017 12:49:42 OK
23-12-2017 15:54:23 Scheduled Checkpoint
24-12-2017 19:14:27 OK

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.20)
Description: Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2017 08:44:48 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/27/2017 08:44:48 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/27/2017 08:44:48 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/27/2017 08:44:48 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (12/27/2017 08:44:44 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/27/2017 08:44:44 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/27/2017 08:44:44 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/27/2017 08:44:44 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/27/2017 08:44:44 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (12/27/2017 08:44:44 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (2548) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0040A.log.


System errors:
=============
Error: (12/27/2017 08:45:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (12/27/2017 08:45:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (12/27/2017 08:45:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (12/27/2017 08:45:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (12/27/2017 08:45:32 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (12/27/2017 08:45:32 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (12/27/2017 08:45:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (12/27/2017 08:45:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (12/27/2017 08:45:22 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (12/27/2017 08:45:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
Date: 2016-10-30 20:30:12.143
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PEAuth.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-10-30 20:30:12.096
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PEAuth.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-10-30 20:30:05.747
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-30 20:18:16.704
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-30 16:39:11.283
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PEAuth.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-10-30 16:39:11.205
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PEAuth.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-10-30 16:38:47.742
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-26 14:14:35.774
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-26 13:47:35.019
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-10-26 13:25:50.931
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
Percentage of memory in use: 45%
Total physical RAM: 4095.3 MB
Available physical RAM: 2213.28 MB
Total Virtual: 8188.78 MB
Available Virtual: 6141.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:372.19 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive g: () (Fixed) (Total:232.88 GB) (Free:173.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DF13BED6)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 9C539C53)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#30
Hello Roger, please give me a little extra time, because of Christmas, to check your logs. In the meantime can you do a full system scan with Zemana?

Please COPY AND PASTE the log Zemana produces in your next post:)

Also do you have another mouse you can try?
 
Last edited:
#31
gus said:
Roger, please copy and paste any logs, as per instructions. I have pasted the current ones
Click to expand...

Gus - Apologies - not with you on this one - do you want me to do something with all that info?? If so can you please explain exactly what to do.. (Sorry about this)
Tried another mouse - problem still exists.
(Gus - just to re-iterate - the right click problem seems to be confined to all the icons (including HDDs) in the screenshot of my first post of this query)
Please see attached Zemana report as requested.
 

Attachments

  • 2017.12.28-09.04.37-i0-t92-d0.txt
    813 bytes · Views: 7
Last edited:
#32
Hi Roger,
roger hawke said:
Gus - Apologies - not with you on this one - do you want me to do something with all that info?? If so can you please explain exactly what to do.. (Sorry about this)
Click to expand...

I meant can you copy the contents of the log file and paste it, not attach it please. Just like I did with your attached files in post 29 above.

Regarding Nero which you have installed, it's up to you but as a Ashampoo Burning Studio user I would uninstall Nero and its bloatware. It has also been known to come bundled with crapware. Burning studio does everything Nero does except backup but there are far better backup software out there for free anyway. It's up yo you and I don't believe Nero is the sole source of your problems, just FWIW.

Please go here and download RogueKiller, click HERE to download a 32bit version, or HERE for a 64bit one. If you are unsure if your PC is a 32 or 64bit version look HERE.

Save the download to your desktop.

  • Close all running programs, Including any Antivirus or Security programs. If you are unsure how to do this please ask.:thumbsup:
  • Right click the new RogueKiller desktop shortcut, and then click on "Run as Administrator"
  • If you get a dialogue box explaining that there is a new version, go to the website and download it. Click the go to website button at the bottom of the box.
  • Once the application is open, or you have updated it, click on the Scan button located on the top menu bar.
  • The scan may take some time to complete depending on the amount of data on your PC. Allow it to complete.
  • Once the scan is complete check every item for deletion.
  • Then check "Remove Selected"
C4i7v64.jpg


Again it may take a little time to remove the detections.
Then click "Open Report" on the bottom left of the main program interface.
A new dialogue box will open, click "Open TXT"

u32ik5U.jpg


Please Copy and Paste the contents of that text file in your next post.:)

If by chance you have closed the TXT file before copying it you can retrieve it by clicking on the History button on the programs main interface.
 
Last edited:
#33
Gus,
I'll hang on to Nero for now as it does allow me to do something that Ashampoo doesn't. (I'll explain if you want me to)
Unless you are adamant that I should uninstall Nero.

Please see RogueKiller report as requested.

RogueKiller V12.11.30.0 (x64) [Dec 26 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Roger [Administrator]
Started from : C:\Users\Roger\Desktop\RogueKiller_portable64.exe
Mode : Delete -- Date : 12/29/2017 10:17:46 (Duration : 00:30:12)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1680508398-4254546052-4236040641-1001\Software\OCS -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1680508398-4254546052-4236040641-1001\Software\OCS -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1680508398-4254546052-4236040641-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1680508398-4254546052-4236040641-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 7 ¤¤¤
[Hj.Shortcut][File] C:\Users\Roger\Desktop\Radio Foyle.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe http://www.bbc.co.uk/programmes/b038c0vg -> Shortcut cleaned
[Hj.Shortcut][File] C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Documents\My Documents\'Tones Italian.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe https://www.facebook.com/pages/The-Undertones-Italia/289890997869209?ref_type=bookmark -> Shortcut cleaned
[Hj.Shortcut][File] C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Documents\My Documents\Draw Polygon - Freeform shape.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe http://www.dummies.com/how-to/content/how-to-draw-polygon-or-freeform-shapes-on-your-pow.html -> Shortcut cleaned
[Hj.Shortcut][File] C:\Users\Roger\Desktop\Radio Foyle.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe http://www.bbc.co.uk/programmes/b038c0vg -> Shortcut cleaned
[Hj.Shortcut][File] C:\Users\Roger\My Documents\Create IPhone - Ringtones.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe https://www.udemy.com/blog/how-to-add-ringtones-to-iphone/ -> Shortcut cleaned
[Hj.Shortcut][File] C:\Users\Roger\My Documents\Draw Polygon - Freeform shape.lnk [LNK@] C:\PROGRA~2\INTERN~1\iexplore.exe http://www.dummies.com/how-to/content/how-to-draw-polygon-or-freeform-shapes-on-your-pow.html -> Shortcut cleaned
[Hj.Shortcut][File] C:\Users\Roger\My Documents\Youtube Clips.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://en.savefrom.net/102-how-to-download-youtube-video-mp3.html?lang=en -> Shortcut cleaned

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] b58e8feb8166c6779b6d30229adeab34
[BSP] 7eff6c0c0048791d09da368fb2cd3120 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Hitachi HDP725025GLA380 ATA Device +++++
--- User ---
[MBR] e2692b7c963b1305bcdb60e346ff8b29
[BSP] 5c7ab4c552c6cd5c3b9462cced612663 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
#34
Gus,
I was reading an article on the Internet ref.Right-Click Context Menu Not Showing in which it talked about removing Third-Party Shell Extensions from Context Menu.
I thought I would give it a coat of looking at.
It directed me to CCleaner:
Tools/Startup/Context Menu - either delete or disable.
I first disabled all the entries and the right click of the icons in question was back to normal.
I then enabled them all again and then disabled them one by one.
The only entry that was causing the problem can be seen in attached.

Would you advise leaving it disabled or deleting it?
Any idea why this occurred?

Gus - that appears to have solved the problem? Is there anything else you would like me to do?

If not, I need to clear up all the entries on desktop. Please assist.
 

Attachments

  • shell extensions.jpg
    shell extensions.jpg
    226.2 KB · Views: 15
Last edited:
#35
Hello Roger,
roger hawke said:
Unless you are adamant that I should uninstall Nero.
Click to expand...

No not at all, if you have a need for it then definitely keep it.

Lets check that file/app you found to be causing a problem, good work by the way:thumbsup:

Please left click on the attached Fixlist.txt file at the bottom of this post. On the dialogue box that opens click "Save File" and then "OK"

vzol8OV.jpg


Select a location then save the file. IMPORTANT the fixlist.txt file must be in the same location as the FRST program otherwise the fix will not work.

pjsQ8XB.jpg


To run the fix right click the FRST icon and choose "Run as Administrator" then click on "Fix"

cp0349X.jpg


Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the "Fixlist.txt" file you created will be renamed "Fixlog.txt"

Please COPY and PASTE the contents of this new file in your next post:)
 

Attachments

  • fixlist.txt
    86 bytes · Views: 9
#36
Gus,
Please see below "FixLog.txt" as requested.


Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Roger (30-12-2017 09:13:19) Run:1
Running from C:\Users\Roger\Desktop
Loaded Profiles: Roger (Available Profiles: Roger)
Boot Mode: Normal
==============================================

fixlist content:
*****************
virustotal: C:\Program Files (86)\Realtek\USB2.0 Card Reader Software\CardLocating.dll
*****************

"VirusTotal: C:\Program Files (86)\Realtek\USB2.0 Card Reader Software\CardLocating.dll" => not found

==== End of Fixlog 09:13:19 ====
 
#37
Hi Roger, Sorry but in my haste, and sloppy typing, I got the path wrong to your file:oops:. Can you please run the FRST fix again as you just did but use this fixlist (attached) then post the new fixlog as you did

Also tell me about your card reader, is it a built in one, or one that is plugged in as required?
Do you use it?
And when did you install the software for it? It's this.. USB2.0 Card Reader Software

I do have another fix for you to do but we will run it after we sort out this card reader issue.
 

Attachments

  • fixlist.txt
    87 bytes · Views: 29
Last edited:
#38
Gus,
Happy New Year to you. :thumbsup:

Please see below report you requested.

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by Roger (31-12-2017 09:36:37) Run:2
Running from C:\Users\Roger\Desktop
Loaded Profiles: Roger (Available Profiles: Roger)
Boot Mode: Normal
==============================================

fixlist content:
*****************
virustotal: C:\Program Files (x86)\Realtek\USB2.0 Card Reader Software\CardLocating.dll
*****************

VirusTotal: C:\Program Files (x86)\Realtek\USB2.0 Card Reader Software\CardLocating.dll => https://www.virustotal.com/file/afb...bbf5f1902dab6b6dcc029a6d/analysis/1455910655/

==== End of Fixlog 09:36:38 ====


Card Reader is a Kingston FCR-HS219/1 - usb plug in.
I use it often.
Installed 28 March 2013 when I changed from XP tp 7
 
Last edited:
#39
Hi Roger, Happy new year to you too:)

That Kingston card reader should need no other software other than it's USB driver it will install when first plugged in.

So lets use Geek uninstaller (or Revo uninstaller) to remove USB2.0 Card Reader Software

If you no longer have Geek uninstaller we used last time we removed stuff from your PC here is how to get and run it.


Please go HERE and download Geek Uninstaller portable and save it to somewhere you can find later. Now use you favorite Unzip application to extract the zipped file from the download. This should create a new folder that contains a Geek.exe file which you can now double left click to open the program.

Optionally you can create a desktop shortcut by right clicking the Geek.exe file and choose "Send to" from the drop down menu. This will give you a shortcut icon on the desktop for future use of this handy application.

You can safely ignore any security pop ups that may appear before the program opens.

Either way you open it once Geek Uninstaller is running select the program you wish to uninstall by right clicking it and then choose "Uninstall" from the drop down menu.

dvNuQMe.jpg


Follow and accept all uninstall options once the uninstaller begins.

It is recommended when removing any Antivirus/Security program, or if you have errors or difficulty removing any program to use "Force removal" to uninstall the program.

m089MyG.jpg


Should you have any further difficulty removing any items please ask us for help:)

Once you have removed Realtek USB2.0 card reader can you reboot your computer and check that you can use your Kinsgton card reader as per normal please?
 
#40
Gus,
I retained Geek Uninstaller from last time.
I have uninstalled USB2.0 Card Reader Software as requested - no problem.
Rebooted PC and the Kingston Card Reader is functioning perfectly.
 
Last edited:
  • Like
Reactions: gus
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu