[SOLVED] [Win7SP1 x64] Can't install WU. WU error 0x80070643.

[BrianDrab]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Thanks. Please do the following.

FRST Scan

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

[Haole Boy]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-09-2017
Ran by SY (administrator) on SABRAHAMS-PC2 (19-09-2017 15:54:20)
Running from C:\Users\SY\Desktop\Haole Boy\2017.09.19a
Loaded Profiles: SY (Available Profiles: SY & harryz)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\n360.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\n360.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Storage Appliance Corp.) C:\ProgramData\Clickfree\FullImagingBackup\FibReminder.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Storage Appliance Corp.) C:\ProgramData\Clickfree\cfagent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\Hookldr.exe


==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [724400 2016-07-24] (Waves Audio Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2016-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1462792 2016-08-16] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-06] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ihccontrol] => C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe [2231584 2016-09-28] (Instant Housecall)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 1999-12-31] (Intel Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\Run: [FibReminder] => c:\programdata\Clickfree\FullImagingBackup\FibReminder.exe [3634504 2013-11-28] (Storage Appliance Corp.)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\Run: [ClickfreeMonitor] => c:\programdata\Clickfree\cfagent.exe [354632 2013-11-28] (Storage Appliance Corp.)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\MountPoints2: {73f13087-5def-11e3-b8cc-f4b7e238d59a} - E:\FIBPGuard.exe
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\MountPoints2: {8233a6cf-41c6-11e3-a21d-806e6f6e6963} - F:\StartClickFreeBackup.exe
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\MountPoints2: {b62a9099-8647-11e4-9e17-f4b7e238d59a} - F:\FIBPGuard.exe
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\MountPoints2: {c242b3a2-9029-11e7-95cf-f4b7e238d59a} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk [2017-08-26]
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
BootExecute: autocheck autochk /r \??\J:autocheck autochk *


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{72BDC759-A894-4DA7-A186-54B0BA180380}: [DhcpNameServer] 192.168.0.1


Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06
SearchScopes: HKLM -> DefaultScope {9E5DDE83-B99B-4E2D-AAFB-D3D73ABB0607} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9E5DDE83-B99B-4E2D-AAFB-D3D73ABB0607} URL =
SearchScopes: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000 -> {3F884360-46DE-D83D-D764-01BA7C1E1338} URL =
SearchScopes: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000 -> {7F9F7881-8578-4777-92E1-D58AA41E4B68} URL = hxxp://search.whiteskyservices.com/?wstoken=E389B226-9AFE-4DF5-8873-86FB39B43F85&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22.10.1.10&locale=en_US&guid=2E0B8AD0-BD0C-11DF-93EA-001D09284AC3&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\x64\dgnriaie_x64.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\dgnriaie.dll => No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.830.1\NativeBHO.dll [2013-09-03] (WhiteSky)
BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll [2013-01-30] (Visicom Media)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Create 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Create 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine32\22.10.1.10\coIEPlg.dll [2017-08-24] (Symantec Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


FireFox:
========
FF ProfilePath: C:\Users\SY\AppData\Roaming\Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118 [2017-09-19]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118 -> XFINITY
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118 -> XFINITY
FF Homepage: Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118 -> hxxp://protopage.com/syspage
FF Extension: (CouponViewer Add-On) - C:\Users\SY\AppData\Roaming\Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118\Extensions\couponviewer@befrugal.com [2017-04-12]
FF Extension: (XFINITY Constant Guard Protection Suite) - C:\Users\SY\AppData\Roaming\Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118\Extensions\idvaultaddin@whitesky [2017-08-26] [not signed]
FF Extension: (XFINITY Toolbar) - C:\Users\SY\AppData\Roaming\Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118\Extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f} [2017-08-26] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\coFFAddon [2017-09-15]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.10.0.85\coFFAddon
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinitylcsearch.xml [2013-01-30]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml [2014-07-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-22] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\x64\npDgnRia2_x64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-22] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @palmsource.com/installer,version=1.0 -> C:\PROGRA~2\palmOne\PACKAG~1\NPInstal.dll [2007-03-19] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\npDgnRia2.dll [No File]
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [No File]
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-2804901569-1412701634-3446117099-1000: @movenetworks.com/Quantum Media Player -> C:\Users\SY\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-18] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\SY\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-18] (Cisco WebEx LLC)


Chrome:
=======
CHR Profile: C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default [2017-09-19]
CHR Extension: (Google Slides) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-05]
CHR Extension: (Google Docs) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-05]
CHR Extension: (Google Drive) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-05]
CHR Extension: (YouTube) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-05]
CHR Extension: (Norton Security Toolbar) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-09-05]
CHR Extension: (Adobe Acrobat) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-06]
CHR Extension: (Google Sheets) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-05]
CHR Extension: (Google Docs Offline) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-05]
CHR Extension: (Norton Identity Safe) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-05]
CHR Extension: (Gmail) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-05]
CHR Extension: (Chrome Media Router) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457960 2013-08-19] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22760 2013-08-19] ()
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [165440 2015-08-22] (Nuance Communications, Inc.)
S2 FibUacService; C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe [37192 2013-11-28] (Storage Appliance Corp.)
S2 FullImagingService; C:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe [233120 2013-11-28] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-06] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IHCserver; C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe [2231584 2016-09-28] (Instant Housecall)
S4 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
S3 iumsvc; c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\N360.exe [326144 2017-08-24] (Symantec Corporation)
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-04-05] (Nuance Communications, Inc.)
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-09-27] ()
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxMediaDB15.exe [1097448 2013-08-19] (Corel Corporation)
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxWatch15.exe [341736 2013-08-19] (Corel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2016-08-16] (Realtek Semiconductor)
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-08-04] (Dell Inc.)
S4 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 DragonSvc; "C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe" [X]


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.10.0.85\Definitions\BASHDefs\20170914.001\BHDrvx64.sys [1872032 2017-09-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\160A010.00A\ccSetx64.sys [187520 2017-07-14] (Symantec Corporation)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-16] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-01-15] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.10.0.85\Definitions\IPSDefs\20170919.001\IDSvia64.sys [1056920 2017-09-15] (Symantec Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-19] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-19] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-19] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-19] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [198712 2016-07-18] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [418784 2016-08-05] (Realsil Semiconductor Corporation)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2013-08-19] (Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2013-08-19] (Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2013-08-19] (Corel Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\160A010.00A\SRTSP64.SYS [810136 2017-07-14] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\160A010.00A\SRTSPX64.SYS [49304 2017-07-14] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\160A010.00A\SYMEFASI64.SYS [1868416 2017-07-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102568 2017-09-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\160A010.00A\Ironx64.SYS [301288 2017-07-14] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\160A010.00A\SYMNETS.SYS [566912 2017-07-14] (Symantec Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160628.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160628.001\EX64.SYS [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-09-19 15:53 - 2017-09-19 15:54 - 000000000 ____D C:\FRST
2017-09-19 15:04 - 2017-09-19 15:04 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2017-09-19 01:46 - 2017-09-19 01:46 - 000000000 ____D C:\5fe0afdfc01ac257509e48510bdb7f9c
2017-09-16 14:42 - 2017-09-16 14:42 - 000000000 ____D C:\Users\harryz\AppData\Roaming\Intel Corporation
2017-09-16 14:41 - 2017-09-16 14:41 - 000090824 _____ C:\Users\harryz\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-16 14:41 - 2017-09-16 14:41 - 000001419 _____ C:\Users\harryz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-09-16 14:41 - 2017-09-16 14:41 - 000000000 ____D C:\Users\harryz\AppData\Roaming\Adobe
2017-09-16 14:41 - 2017-09-16 14:41 - 000000000 ____D C:\Users\harryz\AppData\Local\Google
2017-09-16 14:40 - 2017-09-16 14:41 - 000000000 ___RD C:\Users\harryz\Virtual Machines
2017-09-16 14:40 - 2017-09-16 14:40 - 000000020 ___SH C:\Users\harryz\ntuser.ini
2017-09-16 14:40 - 2017-09-16 14:40 - 000000000 ____D C:\Users\harryz
2017-09-16 14:40 - 2017-09-15 18:30 - 000000000 ____D C:\Users\harryz\AppData\Local\SoftThinks
2017-09-16 14:40 - 2015-12-23 16:02 - 000000000 ____D C:\Users\harryz\AppData\Local\PC_Drivers_Headquarters
2017-09-16 14:40 - 2015-12-23 15:59 - 000000000 ____D C:\Users\harryz\AppData\Roaming\PCDr
2017-09-16 14:40 - 2014-11-29 18:28 - 000000000 ____D C:\Users\harryz\AppData\Roaming\iolo
2017-09-16 14:40 - 2014-11-28 21:08 - 000000000 __SHD C:\Users\harryz\AppData\Local\EmieUserList
2017-09-16 14:40 - 2014-11-28 21:08 - 000000000 __SHD C:\Users\harryz\AppData\Local\EmieSiteList
2017-09-16 14:40 - 2014-11-28 21:08 - 000000000 __SHD C:\Users\harryz\AppData\Local\EmieBrowserModeList
2017-09-16 14:40 - 2014-10-26 18:57 - 000000000 ____D C:\Users\harryz\AppData\Roaming\Roxio
2017-09-16 14:40 - 2014-10-26 18:56 - 000000000 ____D C:\Users\harryz\AppData\Roaming\ioloGovernor
2017-09-16 14:40 - 2013-09-02 14:38 - 000000000 ____D C:\Users\harryz\AppData\Roaming\Macromedia
2017-09-16 14:40 - 2010-11-21 00:16 - 000000000 ____D C:\Users\harryz\AppData\Roaming\Media Center Programs
2017-09-16 14:02 - 2017-09-16 14:02 - 000000000 ____D C:\MATS
2017-09-15 23:21 - 2017-09-15 23:21 - 000000000 ____D C:\Windows\System32\Tasks\Norton 360
2017-09-15 23:20 - 2017-09-15 23:20 - 000003252 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-09-15 19:04 - 2017-09-15 19:04 - 000004184 _____ C:\Windows\System32\Tasks\Norton Security Scan for SY
2017-09-15 19:04 - 2017-09-15 19:04 - 000001426 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2017-09-15 19:04 - 2017-09-15 19:04 - 000000000 ____D C:\Windows\system32\Drivers\NSSx64
2017-09-15 19:04 - 2017-09-15 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2017-09-15 19:04 - 2017-09-15 19:04 - 000000000 ____D C:\Program Files (x86)\Norton Security Scan
2017-09-15 18:55 - 2017-09-15 23:20 - 000002452 _____ C:\Users\Public\Desktop\Norton 360.lnk
2017-09-15 18:55 - 2017-09-15 18:55 - 000102568 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2017-09-15 18:55 - 2017-09-15 18:55 - 000008309 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2017-09-15 18:55 - 2017-09-15 18:55 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2017-09-15 18:49 - 2017-09-15 23:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2017-09-15 18:49 - 2017-09-15 23:20 - 000000000 ____D C:\Windows\system32\Drivers\N360x64
2017-09-15 18:49 - 2017-09-15 19:04 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2017-09-15 18:48 - 2017-09-15 18:48 - 001113088 _____ (Symantec Corporation) C:\Users\SY\Downloads\Norton_Download_Manager (1).exe
2017-09-15 18:48 - 2017-09-15 18:48 - 000001291 _____ C:\Users\SY\Desktop\Norton Installation Files.lnk
2017-09-11 14:58 - 2017-09-19 14:39 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-09-11 14:58 - 2017-09-19 14:39 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-11 14:58 - 2017-09-19 14:39 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-11 14:58 - 2017-09-11 14:58 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-11 14:49 - 2017-09-19 14:39 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-11 14:48 - 2017-09-14 17:21 - 000002038 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-11 14:48 - 2017-09-11 14:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-11 14:48 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-11 14:45 - 2017-09-11 14:45 - 066347240 _____ (Malwarebytes ) C:\Users\SY\Downloads\mb3-setup-cb.NT-3.2.2.2018.exe
2017-09-11 14:45 - 2017-09-11 14:45 - 066347240 _____ (Malwarebytes ) C:\Users\SY\Downloads\mb3-setup-cb.NT-3.2.2.2018 (1).exe
2017-09-10 16:42 - 2017-09-10 16:42 - 001912149 _____ C:\Users\SY\Downloads\neck-and-shoulder-pain-harvard-health.pdf
2017-09-10 16:30 - 2017-09-10 16:30 - 001589454 _____ C:\Users\SY\Downloads\healthy-hands-strategies-for-strong-pain-free-hands-harvard-health.pdf
2017-09-10 16:30 - 2017-09-10 16:30 - 001589454 _____ C:\Users\SY\Downloads\healthy-hands-strategies-for-strong-pain-free-hands-harvard-health (1).pdf
2017-09-09 15:54 - 2017-09-09 15:54 - 000353876 _____ C:\Users\SY\Downloads\08-23-2017 (3).pdf
2017-09-09 15:54 - 2017-09-09 15:54 - 000353876 _____ C:\Users\SY\Downloads\08-23-2017 (2).pdf
2017-09-09 15:53 - 2017-09-09 15:53 - 000353889 _____ C:\Users\SY\Downloads\08-23-2017.pdf
2017-09-09 15:53 - 2017-09-09 15:53 - 000353731 _____ C:\Users\SY\Downloads\08-23-2017 (1).pdf
2017-09-07 10:46 - 2017-09-07 10:46 - 000030431 _____ C:\Users\SY\Downloads\EMIR (1).pdf
2017-09-05 21:40 - 2017-09-05 21:40 - 000002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2017-09-05 21:40 - 2017-09-05 21:40 - 000002134 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-09-05 14:41 - 2017-09-05 14:41 - 000002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-05 14:41 - 2017-09-05 14:41 - 000002221 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-05 14:40 - 2017-09-05 14:40 - 001130328 _____ (Google Inc.) C:\Users\SY\Downloads\ChromeSetup.exe
2017-09-05 12:35 - 2017-09-14 20:40 - 000000000 ____D C:\SFCFix
2017-09-05 12:22 - 2017-09-14 20:40 - 000000000 ____D C:\Users\SY\AppData\Local\niemiro
2017-09-02 15:29 - 2017-09-02 15:43 - 000000000 ____D C:\5164701c28e045c8732a
2017-09-02 15:13 - 2017-09-02 15:13 - 000000000 ____D C:\Windows\CheckSur
2017-09-02 14:14 - 2017-09-02 14:15 - 069999448 _____ (Microsoft Corporation) C:\Users\SY\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2017-09-02 14:13 - 2017-09-02 14:13 - 000000022 _____ C:\Users\SY\Downloads\net 4.5.2 offline installer.zip
2017-08-28 18:14 - 2017-09-02 14:54 - 000000000 ____D C:\Windows\pss
2017-08-28 17:08 - 2017-08-28 17:08 - 001381582 _____ (Igor Pavlov) C:\Users\SY\Downloads\7z1604-x64.exe
2017-08-28 17:08 - 2017-08-28 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-08-28 17:08 - 2017-08-28 17:08 - 000000000 ____D C:\Program Files\7-Zip
2017-08-26 18:09 - 2017-08-28 17:24 - 000000000 ____D C:\Users\SY\AppData\Local\ID Vault
2017-08-26 18:09 - 2017-08-26 18:09 - 000000000 ____D C:\Users\SY\AppData\Local\White_Sky,_Inc
2017-08-26 18:08 - 2017-08-28 17:24 - 000000000 ____D C:\Users\SY\AppData\Roaming\ID Vault
2017-08-26 18:08 - 2017-08-28 17:24 - 000000000 ____D C:\Users\SY\AppData\LocalLow\ID Vault
2017-08-26 18:08 - 2017-08-26 18:08 - 000000000 ____D C:\Users\SY\AppData\LocalLow\xfin_portal
2017-08-26 18:07 - 2017-08-28 15:35 - 000000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2017-08-26 18:07 - 2017-08-26 18:08 - 000000000 ____D C:\Program Files (x86)\xfin_portal
2017-08-26 18:07 - 2017-08-26 18:07 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
2017-08-26 18:07 - 2017-08-26 18:07 - 000000000 ____D C:\ProgramData\White Sky, Inc
2017-08-26 11:49 - 2017-08-28 17:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-24 19:15 - 2017-08-24 19:16 - 001337928 _____ (Microsoft Corporation) C:\Users\SY\Downloads\NDP45-KB3035490-x64.exe
2017-08-24 19:15 - 2017-08-24 19:15 - 001337352 _____ (Microsoft Corporation) C:\Users\SY\Downloads\NDP45-KB3035490-x86.exe
2017-08-24 18:05 - 2017-08-24 18:10 - 000000000 ____D C:\AdwCleaner
2017-08-24 18:03 - 2017-08-24 18:03 - 008185288 _____ (Malwarebytes) C:\Users\SY\Downloads\adwcleaner_7.0.1.0.exe
2017-08-24 16:52 - 2017-08-24 16:52 - 000000000 ____D C:\RevoUninstallerPro_Portable
2017-08-24 16:17 - 2017-08-24 16:17 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-24 16:11 - 2017-09-18 20:44 - 000000000 ____D C:\Program Files\CCleaner
2017-08-24 16:11 - 2017-09-14 17:21 - 000000993 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-24 16:11 - 2017-08-24 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-08-24 15:50 - 2017-08-24 16:01 - 000000000 ____D C:\Users\SY\Documents\Windows Repair
2017-08-24 15:49 - 2017-08-24 15:49 - 000000207 _____ C:\Windows\tweaking.com-regbackup-SABRAHAMS-PC2-Windows-7-Professional-(64-bit).dat
2017-08-24 15:49 - 2017-08-24 15:49 - 000000000 ____D C:\RegBackup
2017-08-24 15:23 - 2017-09-19 15:53 - 000000000 ____D C:\Users\SY\Desktop\Haole Boy
2017-08-24 01:01 - 2017-08-24 01:02 - 000000000 ____D C:\51b61349b3b5892935e7
2017-08-23 13:58 - 2017-08-28 18:22 - 000000000 ____D C:\ProgramData\InstantHousecall
2017-08-23 13:57 - 2017-08-23 13:57 - 000001336 _____ C:\Users\Public\Desktop\Haole Boy Remote Support.lnk
2017-08-23 13:57 - 2017-08-23 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Instant Housecall
2017-08-23 13:57 - 2017-08-23 13:57 - 000000000 ____D C:\Program Files (x86)\Instant Housecall
2017-08-23 13:57 - 2016-09-28 00:45 - 000113152 _____ C:\Windows\system32\redmon64.dll
2017-08-23 13:56 - 2017-08-23 13:56 - 012414976 _____ C:\Users\SY\Downloads\HaoleBoyComputerServices-Setup.msi
2017-08-23 03:01 - 2017-08-23 03:02 - 000000000 ____D C:\bfbae9a2292a383ac230f0ba5dc0a4dc
2017-08-22 18:52 - 2017-08-22 18:52 - 001204208 _____ (Adobe Systems Incorporated) C:\Users\SY\Downloads\flashplayer26_ga_install.exe
2017-08-21 03:01 - 2017-08-21 03:01 - 000000000 ____D C:\d29624eb2c8411ba22c2e6
2017-08-20 03:01 - 2017-08-20 03:02 - 000000000 ____D C:\8b9f88b64d01baf2211dd15a
2017-08-20 03:01 - 2017-08-20 03:01 - 000000000 ____D C:\86704998a8e78d538e217b3369a46c


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-09-19 14:47 - 2014-11-30 10:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-19 14:47 - 2014-11-30 10:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-19 14:45 - 2014-11-30 10:44 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3139B9FA-8A8D-480E-9339-F34CE359A584}
2017-09-19 14:43 - 2014-11-30 10:45 - 000005172 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-19 14:42 - 2016-11-18 17:47 - 000000000 ____D C:\Users\SY\AppData\LocalLow\Mozilla
2017-09-19 14:39 - 2013-07-02 15:21 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-09-19 14:39 - 2013-07-02 15:21 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-09-19 14:39 - 2013-07-02 15:10 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-09-19 14:38 - 2014-11-30 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-19 01:46 - 2016-12-30 16:08 - 000055254 _____ C:\-MSI_netfx_Full_x64.msi.txt
2017-09-18 01:29 - 2013-09-01 02:54 - 000000000 ____D C:\Users\SY\AppData\Local\CrashDumps
2017-09-17 17:16 - 2009-07-13 22:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-09-17 01:00 - 2013-08-30 20:52 - 000000000 ____D C:\Users\SY\AppData\Local\ElevatedDiagnostics
2017-09-16 17:31 - 2017-03-27 16:47 - 000000000 ____D C:\ProgramData\pdf995
2017-09-16 14:41 - 2014-11-30 10:32 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-09-16 14:39 - 2013-09-09 19:17 - 000000000 ____D C:\ProgramData\TEMP
2017-09-15 23:47 - 2017-08-04 16:45 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-15 19:04 - 2013-08-31 20:27 - 000000000 ____D C:\ProgramData\Norton
2017-09-15 18:57 - 2013-09-01 18:01 - 000000000 ____D C:\Users\SY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2017-09-15 18:49 - 2013-09-09 19:19 - 000000000 ____D C:\Program Files (x86)\Norton Security Suite
2017-09-15 18:48 - 2013-09-01 00:55 - 000000000 ____D C:\Users\Public\Downloads\Norton
2017-09-15 18:31 - 2013-07-02 14:48 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-15 18:04 - 2013-08-31 20:27 - 000000000 ____D C:\ProgramData\NortonInstaller
2017-09-11 14:48 - 2013-09-09 15:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-10 16:54 - 2013-09-01 04:20 - 000000000 ____D C:\Users\SY\Desktop\Manuals
2017-09-06 10:39 - 2013-09-09 21:02 - 000000000 ____D C:\Users\SY\AppData\Local\Google
2017-09-05 21:40 - 2013-09-09 19:18 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-05 14:10 - 2016-12-28 18:29 - 000516106 _____ C:\-MSI_netfx_Full_GDR_x64.msi.txt
2017-09-05 14:08 - 2013-08-30 20:07 - 000090824 _____ C:\Users\SY\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-05 13:51 - 2014-11-30 10:45 - 000346232 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-05 13:43 - 2014-11-30 10:46 - 000000471 _____ C:\Windows\win.ini
2017-09-05 13:43 - 2011-02-10 07:33 - 000005172 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-04 16:12 - 2017-02-02 15:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-09-03 14:16 - 2013-09-01 04:14 - 000000000 ____D C:\Users\SY\Desktop\Articles
2017-08-30 14:51 - 2016-02-28 22:17 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 13:54 - 2016-10-10 15:00 - 000000000 ____D C:\Users\SY\Desktop\TAVR
2017-08-29 13:44 - 2013-09-09 21:56 - 000000000 ____D C:\Users\SY\AppData\Roaming\.oit
2017-08-28 17:43 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
2017-08-28 17:26 - 2013-09-10 16:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-28 15:57 - 2016-09-16 18:19 - 000002304 _____ C:\Users\SY\Documents\WillMaker 2017 File of Seymour Abrahams.pfl
2017-08-28 15:27 - 2016-07-21 17:34 - 000003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2017-08-25 15:49 - 2013-09-09 19:20 - 000000000 ____D C:\Program Files (x86)\TurboTax
2017-08-25 15:49 - 2013-09-01 04:01 - 000000000 ____D C:\Users\SY\AppData\Roaming\Intuit
2017-08-25 14:34 - 2012-05-27 18:05 - 000009216 _____ C:\Users\SY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-08-24 18:10 - 2013-08-30 20:06 - 000000000 ____D C:\Users\SY
2017-08-24 17:35 - 2013-09-09 19:19 - 000000000 ____D C:\Program Files (x86)\iolo
2017-08-24 17:32 - 2013-09-09 15:32 - 000000000 ____D C:\ProgramData\iolo
2017-08-24 17:27 - 2013-09-01 02:54 - 000000000 ____D C:\Users\SY\AppData\Local\Apple Computer
2017-08-24 15:42 - 2016-05-22 16:11 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.006
2017-08-24 15:42 - 2016-04-07 18:55 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.005
2017-08-24 15:42 - 2015-12-23 15:46 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.004
2017-08-24 15:41 - 2015-08-20 13:25 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.003
2017-08-24 15:41 - 2015-08-19 17:10 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.002
2017-08-24 15:40 - 2015-06-08 17:37 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.001
2017-08-24 15:40 - 2015-01-18 15:08 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.000
2017-08-24 15:40 - 2014-11-27 15:54 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2
2017-08-24 15:39 - 2014-04-22 18:42 - 000000000 ____D C:\Users\dub_cm_auto
2017-08-24 15:39 - 2013-12-24 02:52 - 000000000 ____D C:\Users\TEMP
2017-08-24 14:36 - 2014-05-08 17:57 - 000003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2017-08-22 18:52 - 2017-02-21 20:04 - 000000030 _____ C:\AVScanner.ini
2017-08-22 18:52 - 2014-11-30 10:45 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-22 18:52 - 2014-11-30 10:45 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-22 18:52 - 2014-11-30 10:44 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-22 18:52 - 2014-08-19 17:43 - 000000000 ____D C:\Users\SY\AppData\Local\Adobe
2017-08-22 18:52 - 2013-07-02 15:16 - 000000000 ____D C:\ProgramData\McAfee
2017-08-22 18:52 - 2013-07-02 14:48 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-20 16:24 - 2016-08-05 12:29 - 000000000 ____D C:\Users\SY\Desktop\TRUSTS


==================== Files in the root of some directories =======


2010-10-02 17:53 - 2016-05-13 17:53 - 000002315 _____ () C:\Users\SY\AppData\Roaming\SAS7_000.DAT
2012-05-27 18:05 - 2017-08-25 14:34 - 000009216 _____ () C:\Users\SY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-25 02:26 - 2010-12-25 02:26 - 000000000 _____ () C:\Users\SY\AppData\Local\rx_image32.Cache
2011-05-18 18:05 - 2013-07-01 13:14 - 000001940 _____ () C:\Users\SY\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2017-03-24 19:11 - 2017-03-24 19:11 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2010-09-10 18:26 - 2012-08-17 15:39 - 000001682 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-11-30 10:33 - 2016-01-30 18:29 - 000001825 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-09-13 06:56 - 2013-09-13 06:56 - 000002456 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag


Some files in TEMP:
====================
2017-09-15 18:12 - 2017-09-15 18:12 - 000010264 _____ () C:\Users\SY\AppData\Local\Temp\BullseyeCoverage-2-x64.dll


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-09-10 00:30


==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-09-2017
Ran by SY (19-09-2017 15:55:09)
Running from C:\Users\SY\Desktop\Haole Boy\2017.09.19a
Windows 7 Professional Service Pack 1 (X64) (2013-08-31 03:06:55)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-2804901569-1412701634-3446117099-500 - Administrator - Disabled)
Guest (S-1-5-21-2804901569-1412701634-3446117099-501 - Limited - Disabled)
harryz (S-1-5-21-2804901569-1412701634-3446117099-1003 - Administrator - Enabled) => C:\Users\harryz
SY (S-1-5-21-2804901569-1412701634-3446117099-1000 - Administrator - Enabled) => C:\Users\SY


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Norton Security Suite (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security Suite (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bernafon Product Selector (HKLM-x32\...\{B352491B-8B63-B168-67A5-A305AA333043}) (Version: 1.1.0 - Bernafon AG) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Clickfree Easy Image (HKLM-x32\...\Clickfree Easy Image) (Version: - Storage Appliance Corp.)
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.13.830.1 - Comcast)
Creator NXT 2 Content (HKLM-x32\...\{246D31A0-7B8A-41EA-8E31-33C2F2F26B53}) (Version: 14.5.000 - Roxio) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssistAgent (HKLM\...\{E1AA62F7-B32A-4090-814E-83BC7C3DF1FB}) (Version: 2.0.2.21 - Dell)
Dell Unified Wireless Suite (HKLM-x32\...\{6CFE6F33-3D69-4B9C-AA20-FF1F8CB064D5}) (Version: 1.00.0000 - Dell)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DirectX 9 Runtime (HKLM-x32\...\{3A9527CF-4E91-4683-A03F-F1AD022126E5}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Dragon 14 (HKLM-x32\...\{FEAB6184-0560-4EBF-A26B-C3F2B11FE9E1}) (Version: 14.00.000 - Nuance Communications Inc.)
EasyDuplicateFinder v4.4 (HKLM\...\Easy Duplicate Finder 4_is1) (Version: - WebMinds, Inc.)
Family Tree Heritage Collaboration Support (HKLM-x32\...\{50BD0B15-5197-4EAF-8BCD-81117D1324B1}) (Version: 1.10.0010 - Individual Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.79 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
H&R Block California 2016 (HKLM-x32\...\{BBC917D4-2752-484D-BEEA-1005B72B253F}) (Version: 1.16.5901 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2016 (HKLM-x32\...\{E7065AD9-D2DB-423B-B853-8310038D7D42}) (Version: 16.05.6401 - HRB Technology, LLC.)
HL-5470DW (HKLM-x32\...\{7171B206-5C5A-4B7F-B9E1-1F1827FC769F}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Instant Housecall (HKLM-x32\...\{A0DF6043-44FB-4162-9112-DF75B4B178A8}) (Version: 6.3.0.0 - Instant Housecall)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.2.1001 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.0.32 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8627.1 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Mozilla Thunderbird 52.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.3.0 (x86 en-US)) (Version: 52.3.0 - Mozilla)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.103 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.10.1.10 - Symantec Corporation)
Nuance OmniPage Ultimate (HKLM-x32\...\{419512F9-D5E7-4ED2-BF99-E7F2C0176B6A}) (Version: 19.00.0000 - Nuance Communications, Inc.)
Nuance PaperPort 14 (HKLM-x32\...\{B2E8EFDC-E4FF-42A8-B305-FE06D29BB33C}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Create 8 (HKLM\...\{D8AD8411-A273-4560-B756-A418ED4910AD}) (Version: 8.10.6293 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{5B28CD4A-ADCF-4B39-BB67-F2F398818F2F}) (Version: 7.20.3208 - Nuance Communications, Inc.)
Palm Desktop by ACCESS (HKLM-x32\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Palm, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PCmover (HKLM-x32\...\{01C41C3F-EA8F-4F84-9C21-9564ED195131}) (Version: 8.00.633.0 - Laplink Software, Inc.)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: 15.0s - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.1.11 - Intuit)
Quicken Willmaker 2016 eBook Library (HKLM-x32\...\Quicken Willmaker 2016 eBook Library) (Version: - )
Quicken WillMaker Plus 2015 (HKLM-x32\...\{661DA1B8-368B-42D5-BC0C-03B8C901A8FB}) (Version: 1.0.0.0 - Nolo)
Quicken WillMaker Plus 2017 (HKLM-x32\...\{A7EA52A4-C035-483E-922A-FB26823C2684}) (Version: 1.0.0.0 - Nolo)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7908 - Realtek Semiconductor Corp.)
Roxio Creator NXT 2 (HKLM-x32\...\{F6514099-C638-4F5D-878B-E1C68875B0E6}) (Version: 15.0.5.2 - Roxio)
Roxio Virtual Drive x64 (HKLM\...\{632DCE79-2711-4B07-BB89-DA763E96840C}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
The Handmark Scrabble Game (HKLM-x32\...\The Handmark Scrabble Game) (Version: - )
Times Reader (HKLM-x32\...\{331C9768-BAD9-F31B-8DA2-0268D346C702}) (Version: 2.053 - The New York Times Company) Hidden
TiVo Desktop 2.8.3 (HKLM-x32\...\{4E839090-3B68-436A-B3CF-A2A08C38DD26}) (Version: 2.8.412.370 - TiVo Inc.)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X6 - Common Files (HKLM-x32\...\{315FE707-7A15-4B1B-8C5A-955428AAA01D}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (HKLM-x32\...\{E1AF3785-AA77-471E-ABC5-4C2B459B877A}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - IPM (HKLM-x32\...\{230100D9-27B4-49A3-A30F-D44B51EF56AA}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (HKLM-x32\...\{440F51A9-8CA3-41D7-AFD5-F47820895949}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (HKLM-x32\...\{C4D92146-95DE-415A-99CC-51FBFF7C10CF}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (HKLM-x32\...\{8959569B-D9BA-43A9-972A-D509EE7D4BA9}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (HKLM-x32\...\{EAA5C699-6DB5-4508-BD64-B79EB9409C9D}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (HKLM-x32\...\{86ACFB25-0FA5-4A01-96B5-EE8F229D456E}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (HKLM-x32\...\{069793F3-E123-47B9-88DB-5DE76FF32ADB}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (HKLM-x32\...\{10FFE1D7-6A72-4483-9856-1A2FBBC5A425}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (HKLM-x32\...\{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (HKLM-x32\...\{8270ABE3-53A5-4046-BF84-EB5FBB0F5B10}) (Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (HKLM-x32\...\{CCADD122-70A5-47A6-8722-1BD5267B85F5}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (HKLM-x32\...\{CD29C36F-2C6D-4ED3-BC21-B20C8038E9A5}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (HKLM-x32\...\{0F7A0D0F-6576-489E-B20B-B7C8F95BBCC3}) (Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 (HKLM-x32\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.428 - Corel Corporation)
WordPerfect Office X6 (HKLM-x32\...\{F6582F6F-6CD1-4B62-8BC6-EACF98AF410F}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect OfficeReady (HKLM-x32\...\{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}) (Version: 1.0 - Corel Corporation.)
XFINITY Toolbar (HKLM-x32\...\xfin_portal) (Version: 4.0.0.23 - )


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


CustomCLSID: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000_Classes\CLSID\{1F6DE925-8416-40D4-BC66-D69DB9D4360B}\InprocServer32 -> C:\Program Files\Roxio Creator NXT 2\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [Instant Housecall] -> {F5CC79AD-5695-4db5-9669-4231686B4B84} => C:\Program Files (x86)\Instant Housecall\MenuExtension64.dll [2016-09-28] (Instant Housecall)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2012-07-05] ()
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1: [Zeon.GMFCDirectShellExt] -> {C037D85B-2F6F-4B14-9E6D-26D504D9194B} => C:\Program Files (x86)\Nuance\PDF Create 8\bin\GDirectShellExt.dll [2013-03-07] (Zeon International Investment Corp. )
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2012-10-31] (Corel Corporation)
ContextMenuHandlers2-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2012-10-31] (Corel Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-12-19] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\buShell.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers6: [Instant Housecall] -> {F5CC79AD-5695-4db5-9669-4231686B4B84} => C:\Program Files (x86)\Instant Housecall\MenuExtension64.dll [2016-09-28] (Instant Housecall)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\NavShExt.dll [2017-08-24] (Symantec Corporation)
ContextMenuHandlers1_S-1-5-21-2804901569-1412701634-3446117099-1000: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT 2\Virtual Drive 10\DC_ShellExt64.dll [2013-08-14] (Corel Corporation)
ContextMenuHandlers2_S-1-5-21-2804901569-1412701634-3446117099-1000: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT 2\Virtual Drive 10\DC_ShellExt64.dll [2013-08-14] (Corel Corporation)
ContextMenuHandlers6_S-1-5-21-2804901569-1412701634-3446117099-1000: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT 2\Virtual Drive 10\DC_ShellExt64.dll [2013-08-14] (Corel Corporation)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {0445EFC6-9332-4F58-8671-1A412D0DFF6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-22] (Adobe Systems Incorporated)
Task: {0C68EEB1-0961-4D1B-AF1F-A13302F89752} - System32\Tasks\{CBEB89BA-040E-483B-B437-D1838494D608} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\palmOne\QuickInstall.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handmark\Scrabble" -c /FileExt
Task: {0EDAABB2-B164-4EE7-9647-6865A79E4127} - System32\Tasks\{3C23A43E-B028-4C94-BB05-D34E3C9FDF03} => C:\Windows\system32\pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\palmOne\Hotsync.exe"
Task: {14689087-7397-421C-89EA-9A33F022E859} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [Argument = /toaster]
Task: {1D48667A-63BE-4946-8FA6-617627FECAB4} - System32\Tasks\{27621BCB-9F48-4CB6-8E26-010A2AD6ADB4} => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\natspeak.exe
Task: {2389A19A-EECF-49B0-9977-3F5C05E41EA0} - System32\Tasks\{03410A11-069A-4069-AA1A-DFC73B9C1601} => C:\Windows\system32\pcalua.exe -a D:\Welcome.exe -d D:\
Task: {23B5CB95-B9CB-47FC-A47A-4CC350AFE229} - System32\Tasks\{AA07DEE6-6D63-46EF-8FCE-9004537D60B7} => C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe [2013-04-23] (Nuance Communications, Inc.)
Task: {24EA2D27-323D-40A3-98E4-5084F65B3E97} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {2726F792-2A98-426D-A604-4E30468E9223} - \DigitalSite -> No File <==== ATTENTION
Task: {3FADE497-D496-4C22-B4F7-123C29B388BD} - System32\Tasks\{670A3140-0BA9-430E-AB57-E1E9CCB7B73C} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2017-08-18] (Mozilla Corporation)
Task: {400A7457-C2CB-4EE2-BADC-6CA376D6D592} - System32\Tasks\Norton 360\Norton Security Suite Error Processor => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {419FCE27-0968-42F7-B9A3-6C77D7309EC3} - System32\Tasks\{F028BEBF-76BB-4AF1-B5A9-1F89FC5F0BD8} => C:\Windows\system32\pcalua.exe -a D:\Prerequisites\netfx_setupverifier.exe -d D:\Prerequisites
Task: {44D0D572-B23D-4037-80EE-07105E2C9E63} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {4D47D6BE-99F8-43B9-892B-9263551A03C4} - System32\Tasks\{881A5E56-DCB5-4411-95F4-E14FE0C80759} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2017-08-18] (Mozilla Corporation)
Task: {51EB6394-87DF-407D-ABB5-A46316921B22} - System32\Tasks\{212EF262-0EF8-4D21-9839-63A99F8A1CE4} => C:\Program Files (x86)\Quicken\qw.exe [2014-08-28] (Intuit Inc.)
Task: {678EF8E2-4B08-458C-8CCD-EB7DE92D485D} - System32\Tasks\{05A07066-95F9-4411-B66C-2B88846C677C} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {6A6CFB5D-96C5-4C89-BBCA-FB5D07EDACDD} - System32\Tasks\{F8FDF7E9-11E4-4D9C-B334-B34BA6883F99} => C:\Program Files (x86)\Quicken\qw.exe [2014-08-28] (Intuit Inc.)
Task: {70A57960-06A7-4220-8EBB-EDAABB44CCD2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {7571B9CC-A705-4D23-8F8D-BA8CB6383F08} - System32\Tasks\{F8EB6DC3-B4A9-447F-A517-7A2278915720} => C:\Windows\system32\pcalua.exe -a C:\Users\SY\Downloads\mx860swin102ea24(2).exe -d C:\Users\SY\Downloads
Task: {7C6C2B84-1BE7-47A0-BB63-914E757891CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {8126E577-5839-4558-9C7E-AE6034BC3788} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {8A18CF1F-B947-4CF7-BAB5-D2EC02357149} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {8EB63F84-03E1-4DDF-8000-28C20A67286C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {9CB59AE8-941C-4436-8546-09CE1BC212D5} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-08-04] (Dell Inc.)
Task: {A5436D98-698C-420D-8908-ED4B1C9E3A94} - System32\Tasks\{2AA91062-DA91-454D-ACFC-161A8382B9B3} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {A6042BB1-B747-475D-9DEC-54625828410F} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-08-04] (Dell Inc.)
Task: {ACD13589-AD0B-47DB-AF6A-74F6E0F337D3} - System32\Tasks\{D798A542-5FB1-4093-94BD-32BF543ECAE9} => C:\Program Files (x86)\palmOne\Hotsync.exe [2008-01-03] (PalmSource, Inc)
Task: {B25052BB-7C38-437A-8C90-FD3F32CB4ED3} - System32\Tasks\{A78254AA-C0AF-4B23-8094-30734A53B1A5} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2017-08-18] (Mozilla Corporation)
Task: {C75B9F52-886A-40ED-B8F9-AA30B593E21F} - System32\Tasks\{A755690D-3FC5-4765-8257-04FA15FA4830} => C:\Program Files (x86)\Quicken\qw.exe [2014-08-28] (Intuit Inc.)
Task: {CDD20EB6-6B79-4A79-ADA7-E1FF6E120F3F} - System32\Tasks\Norton 360\Norton Security Suite Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\SymErr.exe [2017-08-24] (Symantec Corporation)
Task: {D178613D-2148-48C9-B8A9-23F92FD76F61} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D7750F63-51EA-4112-9A9D-E15C9C96B954} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2017-08-24] (Symantec Corporation)
Task: {D853072E-CB08-460F-929D-A17063393F0C} - System32\Tasks\Norton Security Scan for SY => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.103\Nss.exe [2017-06-09] (Symantec Corporation)
Task: {D8D32900-88C3-4DAB-B5CE-63FBA0252E01} - System32\Tasks\{0146DB28-3A1D-4132-B07D-A97E5A524049} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2017-08-18] (Mozilla Corporation)
Task: {DDA84B27-B2FF-42B0-8FAE-9E4FE32C38E6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2804901569-1412701634-3446117099-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DF5CD326-B30C-4F46-A771-A0079B38FE87} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.10.1.10\WSCStub.exe [2017-08-24] (Symantec Corporation)
Task: {E07CACD1-32ED-42B2-A2C6-18494E4D68F3} - System32\Tasks\{BA9E1970-EE5D-4BCD-8BF1-968103083C10} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\palmOne\Instapp.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" -c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handmark"
Task: {E16C23F4-6BF3-4F65-A669-3B2FA4AD832A} - System32\Tasks\{9423D4C6-AC75-4310-A6DD-9B5A8F8802DE} => C:\Program Files (x86)\Quicken\qw.exe [2014-08-28] (Intuit Inc.)
Task: {E2CF7BC9-2E0C-4EE4-89F2-4DCFBBC1D8D5} - System32\Tasks\{59B84CD5-4E76-4A89-8825-3D0BE759F3A6} => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\natspeak.exe
Task: {E7A29DCF-FEB7-45F5-B7F5-590B0147CEB1} - System32\Tasks\{71DAC10E-8B18-4B9D-8F3E-475152C34AD1} => C:\Windows\system32\pcalua.exe -a D:\AUTORUN.EXE -d D:\
Task: {EE0ED038-697B-48CA-8549-D39C07C6FB78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F002CFA5-1E09-4FE2-AC6A-FDF3DEF3544E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {F66A901A-A7BB-4221-BD70-2D7CF237FE1D} - System32\Tasks\{F374F950-1CCE-4941-BCAC-77A2BD2F3E69} => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\natspeak.exe


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)




==================== Shortcuts & WMI ========================


(The entries could be listed to be restored or removed.)




==================== Loaded Modules (Whitelisted) ==============


2017-03-27 16:47 - 2014-03-05 10:18 - 000040448 _____ () C:\Windows\System32\pdf995mon64.dll
2017-08-23 13:57 - 2016-09-28 00:45 - 000113152 _____ () C:\Windows\System32\redmon64.dll
2013-08-19 01:35 - 2013-08-19 01:35 - 000457960 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-08-19 02:04 - 2013-08-19 02:04 - 000022760 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2017-09-11 14:48 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-07-05 20:47 - 2012-07-05 20:47 - 000185488 _____ () C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll
2013-07-02 15:10 - 2012-01-26 19:49 - 002751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-09-27 19:23 - 2012-09-27 19:23 - 000535184 _____ () C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe
2013-08-19 02:04 - 2013-08-19 02:04 - 003322600 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2013-08-19 02:04 - 2013-08-19 02:04 - 000524520 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2013-08-19 02:04 - 2013-08-19 02:04 - 000108776 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2014-02-09 18:12 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-02-06 12:11 - 2013-02-06 12:11 - 000007680 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PSIClient.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)


AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [436]
AlternateDataStreams: C:\ProgramData\TEMP:A303874F [490]
AlternateDataStreams: C:\ProgramData\TEMP:FB7306E4 [130]
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3 [330]


==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IHCserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE trusted site: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\dell.com -> dell.com


==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-13 19:34 - 2017-04-17 15:35 - 000000826 ____N C:\Windows\system32\Drivers\etc\hosts




==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==




==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{235A4EE2-2374-4278-A0C7-B9AE5A0DF22D}] => (Allow) %SystemRoot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{66FAA44D-246C-4AD3-A182-F89FE4C4A7FC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{185AE002-6611-4A95-B945-031F722CE7A2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{A05DD5FD-9194-4035-B857-AE292D59A1E7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{07252E72-F0B3-4884-8D89-89BA76565BFC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{1AE4526D-AE7F-4E18-8292-FFA19CCF63D4}] => (Allow) C:\Program Files (x86)\Laplink\PCmover\pcmover.exe
FirewallRules: [{0BE17C66-5424-4D59-99A8-669E4F3F4DAE}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe
FirewallRules: [{72EFB3B2-FB00-4FC5-BC43-C58BF5977F2B}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe
FirewallRules: [{E25C6D8E-DFF9-48FE-8BF2-4B2D926A23FF}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
FirewallRules: [{633B072A-B4DA-49B4-82F5-BDA64CA7B34E}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
FirewallRules: [{FBC25754-CAB1-4099-BB7A-A207EE46A6E7}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
FirewallRules: [{A61F0FBA-DC3E-4862-82FE-DE20030AA4FB}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
FirewallRules: [{B264D9BF-ACDA-49A1-B843-024B68A507CD}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDesktop.exe
FirewallRules: [{5250C9F5-69B9-40DA-A4D3-B90CD96BF4AB}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDesktop.exe
FirewallRules: [{C693565C-4FC9-47DB-B4CE-B042C40518EF}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\curl.exe
FirewallRules: [{C9EFAE61-1A74-4A0C-9946-D18B8C5417B0}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\curl.exe
FirewallRules: [{A94AD87E-46F5-4F34-B507-AE8760BF4ED4}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe
FirewallRules: [{A551418B-2529-4A3D-9F80-F5E5934705BB}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe
FirewallRules: [{B1578F1B-4347-4DF5-8181-ECECD3B35224}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDiag.exe
FirewallRules: [{DA623ED0-B8E4-4169-9FB3-92B8A3F32779}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDiag.exe
FirewallRules: [{D91A9086-2FC3-41E1-B21E-71FD4C44E2F4}] => (Allow) LPort=5353
FirewallRules: [{71E1DB94-50FD-41F8-A8C6-A2ED8A17E2D2}] => (Allow) LPort=7288
FirewallRules: [{586A5CF7-6C8C-401E-8585-4B376A8A8676}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{B067FFDF-D5F5-408B-91C8-71702A8D3EF6}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{B31B80E2-B4E1-4344-9283-6DB905BF6752}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BFEB1AEC-AA9B-4D73-936C-B1E6C3E4A2D4}] => (Allow) LPort=2869
FirewallRules: [{94BEE233-31AC-473C-B381-370BEEC8AF6D}] => (Allow) LPort=1900
FirewallRules: [{94759552-DA80-459C-940A-1F9AAC2AD86E}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{1B5F34B7-576D-4341-9D0A-93CBEFBC4E9B}] => (Allow) LPort=51001
FirewallRules: [{B5A49CFA-DA6A-468B-8B51-D49A9F8D164F}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{D2BCA925-6391-4746-A096-062299FEBBBC}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{A2178F34-C789-45A9-AC28-C0274D2DB87A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F8F5F6E-C276-4DB1-94C8-C19C772D310F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A7B470E-D270-45AE-9BA7-14AEA228AD41}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{76479708-6B0B-4550-A22B-43A27E1BC353}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA28A590-E8B8-4949-84DD-37F7B99DCA9D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9425565C-2753-418C-9FD5-B638FC2C1976}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6BDD62FB-A33B-4DA7-A293-5C4892447950}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{005035F2-A1FA-4C40-8133-C973D814D431}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5BEF9DC3-B719-4784-A6E2-63E9EFABE9B2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{483F61F7-1B47-4FE9-8E8C-9A50DA430CED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E422BD05-92B6-4C70-8C1D-4B8A2C19AA4B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5438B6FB-8FDB-4499-9186-A12615C362BA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{42719154-825A-404C-91ED-9827683F9012}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3EB31DC2-CC64-420F-BFB0-A05C63B075A5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{7BD1EA4F-51F5-4EDB-9AAF-FDDD23CC0C74}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{18A2EEBF-6D82-4FD9-AD00-B190AF2A533F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Restore Points =========================


29-08-2017 10:54:59 Windows Update
29-08-2017 14:08:00 Windows Update
30-08-2017 03:00:34 Windows Update
30-08-2017 17:42:59 Windows Update
31-08-2017 03:00:30 Windows Update
31-08-2017 19:38:51 Windows Update
01-09-2017 13:42:06 Windows Update
02-09-2017 03:00:46 Windows Update
02-09-2017 14:08:47 Installed Microsoft Solution - 20e6675b-c4b2-6000-8dfa-40c074f8ff8f
02-09-2017 14:18:48 Installed Microsoft Solution - 6aadf339-ee7d-6c6a-5680-dcf83b58704a
02-09-2017 14:44:15 Installed Microsoft Solution - 20e6675b-c4b2-6000-8dfa-40c074f8ff8f
02-09-2017 14:45:14 Windows Update
02-09-2017 14:46:08 Installed Microsoft Solution - 6aadf339-ee7d-6c6a-5680-dcf83b58704a
02-09-2017 15:13:43 Windows Update
10-09-2017 00:00:01 Scheduled Checkpoint
12-09-2017 13:04:32 Windows Update
14-09-2017 14:05:16 Windows Update
15-09-2017 18:00:05 Removed Dragon 14.0.
15-09-2017 18:35:05 Windows Update
16-09-2017 14:01:28 Installed Microsoft Solution - B4164D8C-3813-495A-BBBC-BA51D122A226
16-09-2017 14:02:34 Restore Point before Dragon 14.0 was removed using Program Install and Uninstall troubleshooter
16-09-2017 14:03:45 Final Restore Point for Dragon 14.0 using Program Install and Uninstall troubleshooter.
16-09-2017 14:44:17 Windows Update
19-09-2017 01:46:28 Windows Update


==================== Faulty Device Manager Devices =============


Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.




==================== Event log errors: =========================


Application errors:
==================
Error: (09/19/2017 02:43:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


Error: (09/19/2017 02:43:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


Error: (09/19/2017 03:41:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\PaperPort\CheckPPFolders.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


Error: (09/19/2017 02:04:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


Error: (09/19/2017 02:04:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


Error: (09/18/2017 02:16:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6875.402, time stamp: 0x5927c713
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23864, time stamp: 0x595fa988
Exception code: 0xe0434f4d
Fault offset: 0x000000000001a06d
Faulting process id: 0x%9
Faulting application start time: 0xpcdrcui.exe0
Faulting application path: pcdrcui.exe1
Faulting module path: pcdrcui.exe2
Report Id: pcdrcui.exe3


Error: (09/18/2017 03:33:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\PaperPort\CheckPPFolders.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


Error: (09/18/2017 01:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ISUSPM.exe, version: 13.6.0.62600, time stamp: 0x51c870cd
Faulting module name: ISUSPM.exe, version: 13.6.0.62600, time stamp: 0x51c870cd
Exception code: 0xc0000005
Fault offset: 0x0000ad3b
Faulting process id: 0xea4
Faulting application start time: 0x01d32f455135fea3
Faulting application path: C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
Faulting module path: C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
Report Id: 6f6b1a6c-9c4b-11e7-9d6e-f4b7e238d59a


Error: (09/17/2017 02:43:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6875.402, time stamp: 0x5927c713
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23864, time stamp: 0x595fa988
Exception code: 0xe0434f4d
Fault offset: 0x000000000001a06d
Faulting process id: 0x%9
Faulting application start time: 0xpcdrcui.exe0
Faulting application path: pcdrcui.exe1
Faulting module path: pcdrcui.exe2
Report Id: pcdrcui.exe3


Error: (09/17/2017 04:10:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\PaperPort\CheckPPFolders.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.




System errors:
=============
Error: (09/19/2017 02:41:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell SupportAssist Agent service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Error: (09/19/2017 02:41:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell SupportAssist Agent service to connect.


Error: (09/19/2017 02:41:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Error: (09/19/2017 02:41:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.


Error: (09/19/2017 02:41:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Error: (09/19/2017 02:41:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.


Error: (09/19/2017 02:39:38 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.


Error: (09/19/2017 02:38:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CGPS Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Error: (09/19/2017 02:38:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CGPS Service service to connect.


Error: (09/19/2017 02:38:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FullImagingService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.




==================== Memory info ===========================


Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8127.8 MB
Available physical RAM: 5515.05 MB
Total Virtual: 16253.79 MB
Available Virtual: 13665.05 MB


==================== Drives ================================


Drive c: (OS) (Fixed) (Total:906.81 GB) (Free:503.95 GB) NTFS
Drive e: () (Removable) (Total:14.63 GB) (Free:14.63 GB) FAT32


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: DC221A98)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=24.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=906.8 GB) - (Type=07 NTFS)


========================================================
Disk: 2 (Size: 14.6 GB) (Disk ID: 00000000)


Partition: GPT.


==================== End of Addition.txt ============================

 

[BrianDrab]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

It looks like Norton is back on the machine? Until we resolve the issue we really need this uninstalled as well as Malware Bytes. We can temporarily put MSE on if your concerned about the short time the machine will be without AV protection.

 

[Haole Boy]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Aloha.

I have no problem removing Norton, but if I have to remove Malwarebytes, I have very little faith in MSE in terms of providing any malware protection. The client uses this machine in between the tests I run for you, and I'm not 100% confident that he can make good choices when surfing the web. Would it be enough to disable Malwarebytes while I run each test you request (as opposed to uninstalling it)? This problem existed for several months before I installed Malwarebytes on the machine.

Let me know what you want me to do in regards to uninstalling vs. disabling Malwarebytes, along with whatever next step you'd like me to do after that.

Mahalo,

Harry Z

 

[BrianDrab]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Let's keep Norton removed and leave Malwarebytes on but disable it between tests. Once Norton is completely removed please repeat steps in Post#41.

 

[Haole Boy]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Norton is now uninstalled, Malwarebytes disabled for this test. Tried to run FRST64.exe. The first thing it does is update itself and then I ran it. It runs, but does not generate the output files. Is there a switch to tell FRST64 to NOT check for updates? Or should I just wait a day or two for the author to fix this issue?

Harry Z

 

[BrianDrab]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Try downloading this version and running.
Dropbox - FRST64.exe

 

[Haole Boy]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Thanx for providing a working version of FRST64.exe. Disabled Malwarebytes and ran FRST64. Here are the output files. Looking forward to whatever's next!


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
Ran by SY (administrator) on SABRAHAMS-PC2 (21-09-2017 01:51:36)
Running from C:\Users\SY\Desktop\Haole Boy\2017.09.20
Loaded Profiles: SY (Available Profiles: SY & harryz)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Storage Appliance Corp.) C:\ProgramData\Clickfree\FullImagingBackup\FibReminder.exe
(Storage Appliance Corp.) C:\ProgramData\Clickfree\cfagent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Create 8\PdfCreate8Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\Hookldr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [724400 2016-07-24] (Waves Audio Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2016-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1462792 2016-08-16] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-06] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ihccontrol] => C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe [2231584 2016-09-28] (Instant Housecall)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 1999-12-31] (Intel Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDFCreHook] => C:\Program Files (x86)\Nuance\PDF Create 8\pdfcreate8hook.exe [2013512 2013-03-12] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OmniPage Preload] => C:\Program Files (x86)\Nuance\OmniPage19\OmniPage19.exe [2922824 2013-04-22] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [155592 2012-10-31] (Corel Corporation)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\Run: [FibReminder] => c:\programdata\Clickfree\FullImagingBackup\FibReminder.exe [3634504 2013-11-28] (Storage Appliance Corp.)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\Run: [ClickfreeMonitor] => c:\programdata\Clickfree\cfagent.exe [354632 2013-11-28] (Storage Appliance Corp.)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\Run: [TivoServer] => C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe [2264336 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\Run: [TranscodingService] => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856336 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\Run: [TivoTransfer] => C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [608528 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\Run: [TivoNotify] => C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe [437520 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\MountPoints2: {73f13087-5def-11e3-b8cc-f4b7e238d59a} - E:\FIBPGuard.exe
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\MountPoints2: {8233a6cf-41c6-11e3-a21d-806e6f6e6963} - F:\StartClickFreeBackup.exe
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\MountPoints2: {b62a9099-8647-11e4-9e17-f4b7e238d59a} - F:\FIBPGuard.exe
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\MountPoints2: {c242b3a2-9029-11e7-95cf-f4b7e238d59a} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk [2017-08-26]
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
BootExecute: autocheck autochk /r \??\J:autocheck autochk *


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{72BDC759-A894-4DA7-A186-54B0BA180380}: [DhcpNameServer] 192.168.0.1


Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06
SearchScopes: HKLM -> DefaultScope {9E5DDE83-B99B-4E2D-AAFB-D3D73ABB0607} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9E5DDE83-B99B-4E2D-AAFB-D3D73ABB0607} URL =
SearchScopes: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000 -> {3F884360-46DE-D83D-D764-01BA7C1E1338} URL =
SearchScopes: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000 -> {7F9F7881-8578-4777-92E1-D58AA41E4B68} URL = hxxp://search.whiteskyservices.com/?wstoken=E389B226-9AFE-4DF5-8873-86FB39B43F85&dtid=1&pid=21&src=sgsearch&v=1.14.1126.5&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22.10.1.10&locale=en_US&guid=2E0B8AD0-BD0C-11DF-93EA-001D09284AC3&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\x64\dgnriaie_x64.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\dgnriaie.dll => No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.830.1\NativeBHO.dll [2013-09-03] (WhiteSky)
BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll [2013-01-30] (Visicom Media)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Create 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Create 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab


FireFox:
========
FF ProfilePath: C:\Users\SY\AppData\Roaming\Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118 [2017-09-20]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118 -> XFINITY
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118 -> XFINITY
FF Homepage: Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118 -> hxxp://protopage.com/syspage
FF Extension: (CouponViewer Add-On) - C:\Users\SY\AppData\Roaming\Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118\Extensions\couponviewer@befrugal.com [2017-04-12]
FF Extension: (XFINITY Constant Guard Protection Suite) - C:\Users\SY\AppData\Roaming\Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118\Extensions\idvaultaddin@whitesky [2017-08-26] [not signed]
FF Extension: (XFINITY Toolbar) - C:\Users\SY\AppData\Roaming\Mozilla\Firefox\Profiles\qlrgqwzw.default-1485304143118\Extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f} [2017-08-26] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinitylcsearch.xml [2013-01-30]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml [2014-07-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-22] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\x64\npDgnRia2_x64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-22] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @palmsource.com/installer,version=1.0 -> C:\PROGRA~2\palmOne\PACKAG~1\NPInstal.dll [2007-03-19] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\npDgnRia2.dll [No File]
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [No File]
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-2804901569-1412701634-3446117099-1000: @movenetworks.com/Quantum Media Player -> C:\Users\SY\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-18] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\SY\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-18] (Cisco WebEx LLC)


Chrome:
=======
CHR Profile: C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default [2017-09-20]
CHR Extension: (Google Slides) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-05]
CHR Extension: (Google Docs) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-05]
CHR Extension: (Google Drive) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-05]
CHR Extension: (YouTube) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-05]
CHR Extension: (Adobe Acrobat) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-06]
CHR Extension: (Google Sheets) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-05]
CHR Extension: (Google Docs Offline) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-05]
CHR Extension: (Gmail) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-05]
CHR Extension: (Chrome Media Router) - C:\Users\SY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-15]
CHR HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457960 2013-08-19] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22760 2013-08-19] ()
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [165440 2015-08-22] (Nuance Communications, Inc.)
S2 FibUacService; C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe [37192 2013-11-28] (Storage Appliance Corp.)
S2 FullImagingService; C:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe [233120 2013-11-28] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-06] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IHCserver; C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe [2231584 2016-09-28] (Instant Housecall)
S4 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
S3 iumsvc; c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-04-05] (Nuance Communications, Inc.)
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-09-27] ()
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxMediaDB15.exe [1097448 2013-08-19] (Corel Corporation)
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT 2\Common\RoxWatch15.exe [341736 2013-08-19] (Corel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2016-08-16] (Realtek Semiconductor)
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-08-04] (Dell Inc.)
S4 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 DragonSvc; "C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe" [X]


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-01-15] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-11] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-20] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-20] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [198712 2016-07-18] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [418784 2016-08-05] (Realsil Semiconductor Corporation)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2013-08-19] (Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2013-08-19] (Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2013-08-19] (Corel Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160628.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160628.001\EX64.SYS [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-09-20 15:04 - 2017-09-20 15:04 - 072086900 _____ C:\Users\SY\Downloads\IMG_1440 (5).MOV
2017-09-19 19:19 - 2017-09-20 15:12 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2017-09-19 18:15 - 2017-09-19 18:15 - 072086900 _____ C:\Users\SY\Downloads\IMG_1440 (4).MOV
2017-09-19 18:14 - 2017-09-19 18:14 - 072086900 _____ C:\Users\SY\Downloads\IMG_1440 (3).MOV
2017-09-19 18:08 - 2017-09-19 18:09 - 072086900 _____ C:\Users\SY\Downloads\IMG_1440 (2).MOV
2017-09-19 18:08 - 2017-09-19 18:08 - 072086900 _____ C:\Users\SY\Downloads\IMG_1440 (1).MOV
2017-09-19 18:07 - 2017-09-19 18:07 - 072086900 _____ C:\Users\SY\Downloads\IMG_1440.MOV
2017-09-19 15:53 - 2017-09-21 01:51 - 000000000 ____D C:\FRST
2017-09-19 01:46 - 2017-09-19 01:46 - 000000000 ____D C:\5fe0afdfc01ac257509e48510bdb7f9c
2017-09-16 14:42 - 2017-09-16 14:42 - 000000000 ____D C:\Users\harryz\AppData\Roaming\Intel Corporation
2017-09-16 14:41 - 2017-09-16 14:41 - 000090824 _____ C:\Users\harryz\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-16 14:41 - 2017-09-16 14:41 - 000001419 _____ C:\Users\harryz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-09-16 14:41 - 2017-09-16 14:41 - 000000000 ____D C:\Users\harryz\AppData\Roaming\Adobe
2017-09-16 14:41 - 2017-09-16 14:41 - 000000000 ____D C:\Users\harryz\AppData\Local\Google
2017-09-16 14:40 - 2017-09-16 14:41 - 000000000 ___RD C:\Users\harryz\Virtual Machines
2017-09-16 14:40 - 2017-09-16 14:40 - 000000020 ___SH C:\Users\harryz\ntuser.ini
2017-09-16 14:40 - 2017-09-16 14:40 - 000000000 ____D C:\Users\harryz
2017-09-16 14:40 - 2017-09-15 18:30 - 000000000 ____D C:\Users\harryz\AppData\Local\SoftThinks
2017-09-16 14:40 - 2015-12-23 16:02 - 000000000 ____D C:\Users\harryz\AppData\Local\PC_Drivers_Headquarters
2017-09-16 14:40 - 2015-12-23 15:59 - 000000000 ____D C:\Users\harryz\AppData\Roaming\PCDr
2017-09-16 14:40 - 2014-11-29 18:28 - 000000000 ____D C:\Users\harryz\AppData\Roaming\iolo
2017-09-16 14:40 - 2014-11-28 21:08 - 000000000 __SHD C:\Users\harryz\AppData\Local\EmieUserList
2017-09-16 14:40 - 2014-11-28 21:08 - 000000000 __SHD C:\Users\harryz\AppData\Local\EmieSiteList
2017-09-16 14:40 - 2014-11-28 21:08 - 000000000 __SHD C:\Users\harryz\AppData\Local\EmieBrowserModeList
2017-09-16 14:40 - 2014-10-26 18:57 - 000000000 ____D C:\Users\harryz\AppData\Roaming\Roxio
2017-09-16 14:40 - 2014-10-26 18:56 - 000000000 ____D C:\Users\harryz\AppData\Roaming\ioloGovernor
2017-09-16 14:40 - 2013-09-02 14:38 - 000000000 ____D C:\Users\harryz\AppData\Roaming\Macromedia
2017-09-16 14:40 - 2010-11-21 00:16 - 000000000 ____D C:\Users\harryz\AppData\Roaming\Media Center Programs
2017-09-16 14:02 - 2017-09-16 14:02 - 000000000 ____D C:\MATS
2017-09-15 19:04 - 2017-09-15 19:04 - 000004184 _____ C:\Windows\System32\Tasks\Norton Security Scan for SY
2017-09-15 19:04 - 2017-09-15 19:04 - 000001426 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2017-09-15 19:04 - 2017-09-15 19:04 - 000000000 ____D C:\Windows\system32\Drivers\NSSx64
2017-09-15 19:04 - 2017-09-15 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2017-09-15 19:04 - 2017-09-15 19:04 - 000000000 ____D C:\Program Files (x86)\Norton Security Scan
2017-09-15 18:49 - 2017-09-20 15:14 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2017-09-15 18:48 - 2017-09-15 18:48 - 001113088 _____ (Symantec Corporation) C:\Users\SY\Downloads\Norton_Download_Manager (1).exe
2017-09-15 18:48 - 2017-09-15 18:48 - 000001291 _____ C:\Users\SY\Desktop\Norton Installation Files.lnk
2017-09-11 14:58 - 2017-09-21 01:20 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-11 14:58 - 2017-09-20 15:15 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-11 14:58 - 2017-09-11 14:58 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-11 14:49 - 2017-09-20 15:15 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-11 14:48 - 2017-09-14 17:21 - 000002038 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-11 14:48 - 2017-09-11 14:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-11 14:48 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-11 14:45 - 2017-09-11 14:45 - 066347240 _____ (Malwarebytes ) C:\Users\SY\Downloads\mb3-setup-cb.NT-3.2.2.2018.exe
2017-09-11 14:45 - 2017-09-11 14:45 - 066347240 _____ (Malwarebytes ) C:\Users\SY\Downloads\mb3-setup-cb.NT-3.2.2.2018 (1).exe
2017-09-10 16:42 - 2017-09-10 16:42 - 001912149 _____ C:\Users\SY\Downloads\neck-and-shoulder-pain-harvard-health.pdf
2017-09-10 16:30 - 2017-09-10 16:30 - 001589454 _____ C:\Users\SY\Downloads\healthy-hands-strategies-for-strong-pain-free-hands-harvard-health.pdf
2017-09-10 16:30 - 2017-09-10 16:30 - 001589454 _____ C:\Users\SY\Downloads\healthy-hands-strategies-for-strong-pain-free-hands-harvard-health (1).pdf
2017-09-09 15:54 - 2017-09-09 15:54 - 000353876 _____ C:\Users\SY\Downloads\08-23-2017 (3).pdf
2017-09-09 15:54 - 2017-09-09 15:54 - 000353876 _____ C:\Users\SY\Downloads\08-23-2017 (2).pdf
2017-09-09 15:53 - 2017-09-09 15:53 - 000353889 _____ C:\Users\SY\Downloads\08-23-2017.pdf
2017-09-09 15:53 - 2017-09-09 15:53 - 000353731 _____ C:\Users\SY\Downloads\08-23-2017 (1).pdf
2017-09-07 10:46 - 2017-09-07 10:46 - 000030431 _____ C:\Users\SY\Downloads\EMIR (1).pdf
2017-09-05 21:40 - 2017-09-05 21:40 - 000002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2017-09-05 21:40 - 2017-09-05 21:40 - 000002134 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-09-05 14:41 - 2017-09-05 14:41 - 000002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-05 14:41 - 2017-09-05 14:41 - 000002221 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-05 14:40 - 2017-09-05 14:40 - 001130328 _____ (Google Inc.) C:\Users\SY\Downloads\ChromeSetup.exe
2017-09-05 12:35 - 2017-09-14 20:40 - 000000000 ____D C:\SFCFix
2017-09-05 12:22 - 2017-09-14 20:40 - 000000000 ____D C:\Users\SY\AppData\Local\niemiro
2017-09-02 15:29 - 2017-09-02 15:43 - 000000000 ____D C:\5164701c28e045c8732a
2017-09-02 15:13 - 2017-09-02 15:13 - 000000000 ____D C:\Windows\CheckSur
2017-09-02 14:14 - 2017-09-02 14:15 - 069999448 _____ (Microsoft Corporation) C:\Users\SY\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2017-09-02 14:13 - 2017-09-02 14:13 - 000000022 _____ C:\Users\SY\Downloads\net 4.5.2 offline installer.zip
2017-08-28 18:14 - 2017-09-02 14:54 - 000000000 ____D C:\Windows\pss
2017-08-28 17:08 - 2017-08-28 17:08 - 001381582 _____ (Igor Pavlov) C:\Users\SY\Downloads\7z1604-x64.exe
2017-08-28 17:08 - 2017-08-28 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-08-28 17:08 - 2017-08-28 17:08 - 000000000 ____D C:\Program Files\7-Zip
2017-08-26 18:09 - 2017-08-28 17:24 - 000000000 ____D C:\Users\SY\AppData\Local\ID Vault
2017-08-26 18:09 - 2017-08-26 18:09 - 000000000 ____D C:\Users\SY\AppData\Local\White_Sky,_Inc
2017-08-26 18:08 - 2017-08-28 17:24 - 000000000 ____D C:\Users\SY\AppData\Roaming\ID Vault
2017-08-26 18:08 - 2017-08-28 17:24 - 000000000 ____D C:\Users\SY\AppData\LocalLow\ID Vault
2017-08-26 18:08 - 2017-08-26 18:08 - 000000000 ____D C:\Users\SY\AppData\LocalLow\xfin_portal
2017-08-26 18:07 - 2017-08-28 15:35 - 000000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2017-08-26 18:07 - 2017-08-26 18:08 - 000000000 ____D C:\Program Files (x86)\xfin_portal
2017-08-26 18:07 - 2017-08-26 18:07 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
2017-08-26 18:07 - 2017-08-26 18:07 - 000000000 ____D C:\ProgramData\White Sky, Inc
2017-08-26 11:49 - 2017-08-28 17:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-24 19:15 - 2017-08-24 19:16 - 001337928 _____ (Microsoft Corporation) C:\Users\SY\Downloads\NDP45-KB3035490-x64.exe
2017-08-24 19:15 - 2017-08-24 19:15 - 001337352 _____ (Microsoft Corporation) C:\Users\SY\Downloads\NDP45-KB3035490-x86.exe
2017-08-24 18:05 - 2017-08-24 18:10 - 000000000 ____D C:\AdwCleaner
2017-08-24 18:03 - 2017-08-24 18:03 - 008185288 _____ (Malwarebytes) C:\Users\SY\Downloads\adwcleaner_7.0.1.0.exe
2017-08-24 16:52 - 2017-08-24 16:52 - 000000000 ____D C:\RevoUninstallerPro_Portable
2017-08-24 16:17 - 2017-08-24 16:17 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-24 16:11 - 2017-09-18 20:44 - 000000000 ____D C:\Program Files\CCleaner
2017-08-24 16:11 - 2017-09-14 17:21 - 000000993 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-24 16:11 - 2017-08-24 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-08-24 15:50 - 2017-08-24 16:01 - 000000000 ____D C:\Users\SY\Documents\Windows Repair
2017-08-24 15:49 - 2017-08-24 15:49 - 000000207 _____ C:\Windows\tweaking.com-regbackup-SABRAHAMS-PC2-Windows-7-Professional-(64-bit).dat
2017-08-24 15:49 - 2017-08-24 15:49 - 000000000 ____D C:\RegBackup
2017-08-24 15:23 - 2017-09-20 15:08 - 000000000 ____D C:\Users\SY\Desktop\Haole Boy
2017-08-24 01:01 - 2017-08-24 01:02 - 000000000 ____D C:\51b61349b3b5892935e7
2017-08-23 13:58 - 2017-08-28 18:22 - 000000000 ____D C:\ProgramData\InstantHousecall
2017-08-23 13:57 - 2017-08-23 13:57 - 000001336 _____ C:\Users\Public\Desktop\Haole Boy Remote Support.lnk
2017-08-23 13:57 - 2017-08-23 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Instant Housecall
2017-08-23 13:57 - 2017-08-23 13:57 - 000000000 ____D C:\Program Files (x86)\Instant Housecall
2017-08-23 13:57 - 2016-09-28 00:45 - 000113152 _____ C:\Windows\system32\redmon64.dll
2017-08-23 13:56 - 2017-08-23 13:56 - 012414976 _____ C:\Users\SY\Downloads\HaoleBoyComputerServices-Setup.msi
2017-08-23 03:01 - 2017-08-23 03:02 - 000000000 ____D C:\bfbae9a2292a383ac230f0ba5dc0a4dc
2017-08-22 18:52 - 2017-08-22 18:52 - 001204208 _____ (Adobe Systems Incorporated) C:\Users\SY\Downloads\flashplayer26_ga_install.exe


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-09-21 01:51 - 2013-09-09 19:17 - 000000000 ____D C:\ProgramData\TEMP
2017-09-20 19:07 - 2016-11-18 17:47 - 000000000 ____D C:\Users\SY\AppData\LocalLow\Mozilla
2017-09-20 15:36 - 2014-11-30 10:44 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3139B9FA-8A8D-480E-9339-F34CE359A584}
2017-09-20 15:22 - 2014-11-30 10:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-20 15:22 - 2014-11-30 10:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-20 15:19 - 2014-11-30 10:45 - 000005172 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-20 15:15 - 2013-07-02 15:21 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2017-09-20 15:15 - 2013-07-02 15:21 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2017-09-20 15:15 - 2013-07-02 15:10 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-09-20 15:14 - 2014-11-30 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-20 15:14 - 2013-08-31 20:27 - 000000000 ____D C:\ProgramData\Norton
2017-09-19 16:02 - 2016-12-30 16:08 - 000058866 _____ C:\-MSI_netfx_Full_x64.msi.txt
2017-09-18 01:29 - 2013-09-01 02:54 - 000000000 ____D C:\Users\SY\AppData\Local\CrashDumps
2017-09-17 17:16 - 2009-07-13 22:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-09-17 01:00 - 2013-08-30 20:52 - 000000000 ____D C:\Users\SY\AppData\Local\ElevatedDiagnostics
2017-09-16 17:31 - 2017-03-27 16:47 - 000000000 ____D C:\ProgramData\pdf995
2017-09-16 14:41 - 2014-11-30 10:32 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-09-15 23:47 - 2017-08-04 16:45 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-15 18:57 - 2013-09-01 18:01 - 000000000 ____D C:\Users\SY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2017-09-15 18:49 - 2013-09-09 19:19 - 000000000 ____D C:\Program Files (x86)\Norton Security Suite
2017-09-15 18:48 - 2013-09-01 00:55 - 000000000 ____D C:\Users\Public\Downloads\Norton
2017-09-15 18:31 - 2013-07-02 14:48 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-15 18:04 - 2013-08-31 20:27 - 000000000 ____D C:\ProgramData\NortonInstaller
2017-09-11 14:48 - 2013-09-09 15:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-10 16:54 - 2013-09-01 04:20 - 000000000 ____D C:\Users\SY\Desktop\Manuals
2017-09-06 10:39 - 2013-09-09 21:02 - 000000000 ____D C:\Users\SY\AppData\Local\Google
2017-09-05 21:40 - 2013-09-09 19:18 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-05 14:10 - 2016-12-28 18:29 - 000516106 _____ C:\-MSI_netfx_Full_GDR_x64.msi.txt
2017-09-05 14:08 - 2013-08-30 20:07 - 000090824 _____ C:\Users\SY\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-05 13:51 - 2014-11-30 10:45 - 000346232 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-05 13:43 - 2014-11-30 10:46 - 000000471 _____ C:\Windows\win.ini
2017-09-05 13:43 - 2011-02-10 07:33 - 000005172 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-04 16:12 - 2017-02-02 15:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-09-03 14:16 - 2013-09-01 04:14 - 000000000 ____D C:\Users\SY\Desktop\Articles
2017-08-30 14:51 - 2016-02-28 22:17 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 13:54 - 2016-10-10 15:00 - 000000000 ____D C:\Users\SY\Desktop\TAVR
2017-08-29 13:44 - 2013-09-09 21:56 - 000000000 ____D C:\Users\SY\AppData\Roaming\.oit
2017-08-28 17:43 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\NDF
2017-08-28 17:26 - 2013-09-10 16:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-28 15:57 - 2016-09-16 18:19 - 000002304 _____ C:\Users\SY\Documents\WillMaker 2017 File of Seymour Abrahams.pfl
2017-08-28 15:27 - 2016-07-21 17:34 - 000003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2017-08-25 15:49 - 2013-09-09 19:20 - 000000000 ____D C:\Program Files (x86)\TurboTax
2017-08-25 15:49 - 2013-09-01 04:01 - 000000000 ____D C:\Users\SY\AppData\Roaming\Intuit
2017-08-25 14:34 - 2012-05-27 18:05 - 000009216 _____ C:\Users\SY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-08-24 18:10 - 2013-08-30 20:06 - 000000000 ____D C:\Users\SY
2017-08-24 17:35 - 2013-09-09 19:19 - 000000000 ____D C:\Program Files (x86)\iolo
2017-08-24 17:32 - 2013-09-09 15:32 - 000000000 ____D C:\ProgramData\iolo
2017-08-24 17:27 - 2013-09-01 02:54 - 000000000 ____D C:\Users\SY\AppData\Local\Apple Computer
2017-08-24 15:42 - 2016-05-22 16:11 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.006
2017-08-24 15:42 - 2016-04-07 18:55 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.005
2017-08-24 15:42 - 2015-12-23 15:46 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.004
2017-08-24 15:41 - 2015-08-20 13:25 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.003
2017-08-24 15:41 - 2015-08-19 17:10 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.002
2017-08-24 15:40 - 2015-06-08 17:37 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.001
2017-08-24 15:40 - 2015-01-18 15:08 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2.000
2017-08-24 15:40 - 2014-11-27 15:54 - 000000000 ____D C:\Users\TEMP.Sabrahams-PC2
2017-08-24 15:39 - 2014-04-22 18:42 - 000000000 ____D C:\Users\dub_cm_auto
2017-08-24 15:39 - 2013-12-24 02:52 - 000000000 ____D C:\Users\TEMP
2017-08-24 14:36 - 2014-05-08 17:57 - 000003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2017-08-22 18:52 - 2017-02-21 20:04 - 000000030 _____ C:\AVScanner.ini
2017-08-22 18:52 - 2014-11-30 10:45 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-22 18:52 - 2014-11-30 10:45 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-22 18:52 - 2014-11-30 10:44 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-22 18:52 - 2014-08-19 17:43 - 000000000 ____D C:\Users\SY\AppData\Local\Adobe
2017-08-22 18:52 - 2013-07-02 15:16 - 000000000 ____D C:\ProgramData\McAfee
2017-08-22 18:52 - 2013-07-02 14:48 - 000000000 ____D C:\Windows\system32\Macromed


==================== Files in the root of some directories =======


2010-10-02 17:53 - 2016-05-13 17:53 - 000002315 _____ () C:\Users\SY\AppData\Roaming\SAS7_000.DAT
2012-05-27 18:05 - 2017-08-25 14:34 - 000009216 _____ () C:\Users\SY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-25 02:26 - 2010-12-25 02:26 - 000000000 _____ () C:\Users\SY\AppData\Local\rx_image32.Cache
2011-05-18 18:05 - 2013-07-01 13:14 - 000001940 _____ () C:\Users\SY\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2017-03-24 19:11 - 2017-03-24 19:11 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2010-09-10 18:26 - 2012-08-17 15:39 - 000001682 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-11-30 10:33 - 2016-01-30 18:29 - 000001825 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-09-13 06:56 - 2013-09-13 06:56 - 000002456 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag


Some files in TEMP:
====================
2017-09-20 15:12 - 2017-09-20 15:12 - 000010264 _____ () C:\Users\SY\AppData\Local\Temp\BullseyeCoverage-2-x64.dll


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-09-20 00:52


==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017
Ran by SY (21-09-2017 01:51:53)
Running from C:\Users\SY\Desktop\Haole Boy\2017.09.20
Windows 7 Professional Service Pack 1 (X64) (2013-08-31 03:06:55)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-2804901569-1412701634-3446117099-500 - Administrator - Disabled)
Guest (S-1-5-21-2804901569-1412701634-3446117099-501 - Limited - Disabled)
harryz (S-1-5-21-2804901569-1412701634-3446117099-1003 - Administrator - Enabled) => C:\Users\harryz
SY (S-1-5-21-2804901569-1412701634-3446117099-1000 - Administrator - Enabled) => C:\Users\SY


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bernafon Product Selector (HKLM-x32\...\{B352491B-8B63-B168-67A5-A305AA333043}) (Version: 1.1.0 - Bernafon AG) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Clickfree Easy Image (HKLM-x32\...\Clickfree Easy Image) (Version: - Storage Appliance Corp.)
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.13.830.1 - Comcast)
Creator NXT 2 Content (HKLM-x32\...\{246D31A0-7B8A-41EA-8E31-33C2F2F26B53}) (Version: 14.5.000 - Roxio) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssistAgent (HKLM\...\{E1AA62F7-B32A-4090-814E-83BC7C3DF1FB}) (Version: 2.0.2.21 - Dell)
Dell Unified Wireless Suite (HKLM-x32\...\{6CFE6F33-3D69-4B9C-AA20-FF1F8CB064D5}) (Version: 1.00.0000 - Dell)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DirectX 9 Runtime (HKLM-x32\...\{3A9527CF-4E91-4683-A03F-F1AD022126E5}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Dragon 14 (HKLM-x32\...\{FEAB6184-0560-4EBF-A26B-C3F2B11FE9E1}) (Version: 14.00.000 - Nuance Communications Inc.)
EasyDuplicateFinder v4.4 (HKLM\...\Easy Duplicate Finder 4_is1) (Version: - WebMinds, Inc.)
Family Tree Heritage Collaboration Support (HKLM-x32\...\{50BD0B15-5197-4EAF-8BCD-81117D1324B1}) (Version: 1.10.0010 - Individual Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.79 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
H&R Block California 2016 (HKLM-x32\...\{BBC917D4-2752-484D-BEEA-1005B72B253F}) (Version: 1.16.5901 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2016 (HKLM-x32\...\{E7065AD9-D2DB-423B-B853-8310038D7D42}) (Version: 16.05.6401 - HRB Technology, LLC.)
HL-5470DW (HKLM-x32\...\{7171B206-5C5A-4B7F-B9E1-1F1827FC769F}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Instant Housecall (HKLM-x32\...\{A0DF6043-44FB-4162-9112-DF75B4B178A8}) (Version: 6.3.0.0 - Instant Housecall)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.2.1001 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.0.32 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8627.1 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Mozilla Thunderbird 52.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.3.0 (x86 en-US)) (Version: 52.3.0 - Mozilla)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.103 - Symantec Corporation)
Nuance OmniPage Ultimate (HKLM-x32\...\{419512F9-D5E7-4ED2-BF99-E7F2C0176B6A}) (Version: 19.00.0000 - Nuance Communications, Inc.)
Nuance PaperPort 14 (HKLM-x32\...\{B2E8EFDC-E4FF-42A8-B305-FE06D29BB33C}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Create 8 (HKLM\...\{D8AD8411-A273-4560-B756-A418ED4910AD}) (Version: 8.10.6293 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{5B28CD4A-ADCF-4B39-BB67-F2F398818F2F}) (Version: 7.20.3208 - Nuance Communications, Inc.)
Palm Desktop by ACCESS (HKLM-x32\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Palm, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PCmover (HKLM-x32\...\{01C41C3F-EA8F-4F84-9C21-9564ED195131}) (Version: 8.00.633.0 - Laplink Software, Inc.)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: 15.0s - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.1.11 - Intuit)
Quicken Willmaker 2016 eBook Library (HKLM-x32\...\Quicken Willmaker 2016 eBook Library) (Version: - )
Quicken WillMaker Plus 2015 (HKLM-x32\...\{661DA1B8-368B-42D5-BC0C-03B8C901A8FB}) (Version: 1.0.0.0 - Nolo)
Quicken WillMaker Plus 2017 (HKLM-x32\...\{A7EA52A4-C035-483E-922A-FB26823C2684}) (Version: 1.0.0.0 - Nolo)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7908 - Realtek Semiconductor Corp.)
Roxio Creator NXT 2 (HKLM-x32\...\{F6514099-C638-4F5D-878B-E1C68875B0E6}) (Version: 15.0.5.2 - Roxio)
Roxio Virtual Drive x64 (HKLM\...\{632DCE79-2711-4B07-BB89-DA763E96840C}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
The Handmark Scrabble Game (HKLM-x32\...\The Handmark Scrabble Game) (Version: - )
Times Reader (HKLM-x32\...\{331C9768-BAD9-F31B-8DA2-0268D346C702}) (Version: 2.053 - The New York Times Company) Hidden
TiVo Desktop 2.8.3 (HKLM-x32\...\{4E839090-3B68-436A-B3CF-A2A08C38DD26}) (Version: 2.8.412.370 - TiVo Inc.)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X6 - Common Files (HKLM-x32\...\{315FE707-7A15-4B1B-8C5A-955428AAA01D}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (HKLM-x32\...\{E1AF3785-AA77-471E-ABC5-4C2B459B877A}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - IPM (HKLM-x32\...\{230100D9-27B4-49A3-A30F-D44B51EF56AA}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (HKLM-x32\...\{440F51A9-8CA3-41D7-AFD5-F47820895949}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (HKLM-x32\...\{C4D92146-95DE-415A-99CC-51FBFF7C10CF}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (HKLM-x32\...\{8959569B-D9BA-43A9-972A-D509EE7D4BA9}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (HKLM-x32\...\{EAA5C699-6DB5-4508-BD64-B79EB9409C9D}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (HKLM-x32\...\{86ACFB25-0FA5-4A01-96B5-EE8F229D456E}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (HKLM-x32\...\{069793F3-E123-47B9-88DB-5DE76FF32ADB}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (HKLM-x32\...\{10FFE1D7-6A72-4483-9856-1A2FBBC5A425}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (HKLM-x32\...\{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (HKLM-x32\...\{8270ABE3-53A5-4046-BF84-EB5FBB0F5B10}) (Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (HKLM-x32\...\{CCADD122-70A5-47A6-8722-1BD5267B85F5}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (HKLM-x32\...\{CD29C36F-2C6D-4ED3-BC21-B20C8038E9A5}) (Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (HKLM-x32\...\{0F7A0D0F-6576-489E-B20B-B7C8F95BBCC3}) (Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 (HKLM-x32\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.428 - Corel Corporation)
WordPerfect Office X6 (HKLM-x32\...\{F6582F6F-6CD1-4B62-8BC6-EACF98AF410F}) (Version: 16.2 - Corel Corporation) Hidden
WordPerfect OfficeReady (HKLM-x32\...\{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}) (Version: 1.0 - Corel Corporation.)
XFINITY Toolbar (HKLM-x32\...\xfin_portal) (Version: 4.0.0.23 - )


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


CustomCLSID: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000_Classes\CLSID\{1F6DE925-8416-40D4-BC66-D69DB9D4360B}\InprocServer32 -> C:\Program Files\Roxio Creator NXT 2\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => -> No File
ContextMenuHandlers1: [Instant Housecall] -> {F5CC79AD-5695-4db5-9669-4231686B4B84} => C:\Program Files (x86)\Instant Housecall\MenuExtension64.dll [2016-09-28] (Instant Housecall)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2012-07-05] ()
ContextMenuHandlers1: [Zeon.GMFCDirectShellExt] -> {C037D85B-2F6F-4B14-9E6D-26D504D9194B} => C:\Program Files (x86)\Nuance\PDF Create 8\bin\GDirectShellExt.dll [2013-03-07] (Zeon International Investment Corp. )
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2012-10-31] (Corel Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {45dfc9aa-83c4-4ded-bc9d-f0442b4b02ea} => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\PFSE160.DLL [2012-10-31] (Corel Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-12-19] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [Instant Housecall] -> {F5CC79AD-5695-4db5-9669-4231686B4B84} => C:\Program Files (x86)\Instant Housecall\MenuExtension64.dll [2016-09-28] (Instant Housecall)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2804901569-1412701634-3446117099-1000: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT 2\Virtual Drive 10\DC_ShellExt64.dll [2013-08-14] (Corel Corporation)
ContextMenuHandlers2_S-1-5-21-2804901569-1412701634-3446117099-1000: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT 2\Virtual Drive 10\DC_ShellExt64.dll [2013-08-14] (Corel Corporation)
ContextMenuHandlers6_S-1-5-21-2804901569-1412701634-3446117099-1000: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT 2\Virtual Drive 10\DC_ShellExt64.dll [2013-08-14] (Corel Corporation)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {0445EFC6-9332-4F58-8671-1A412D0DFF6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-22] (Adobe Systems Incorporated)
Task: {0C68EEB1-0961-4D1B-AF1F-A13302F89752} - System32\Tasks\{CBEB89BA-040E-483B-B437-D1838494D608} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\palmOne\QuickInstall.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handmark\Scrabble" -c /FileExt
Task: {0EDAABB2-B164-4EE7-9647-6865A79E4127} - System32\Tasks\{3C23A43E-B028-4C94-BB05-D34E3C9FDF03} => C:\Windows\system32\pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\palmOne\Hotsync.exe"
Task: {14689087-7397-421C-89EA-9A33F022E859} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [Argument = /toaster]
Task: {1D48667A-63BE-4946-8FA6-617627FECAB4} - System32\Tasks\{27621BCB-9F48-4CB6-8E26-010A2AD6ADB4} => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\natspeak.exe
Task: {2389A19A-EECF-49B0-9977-3F5C05E41EA0} - System32\Tasks\{03410A11-069A-4069-AA1A-DFC73B9C1601} => C:\Windows\system32\pcalua.exe -a D:\Welcome.exe -d D:\
Task: {23B5CB95-B9CB-47FC-A47A-4CC350AFE229} - System32\Tasks\{AA07DEE6-6D63-46EF-8FCE-9004537D60B7} => C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe [2013-04-23] (Nuance Communications, Inc.)
Task: {24EA2D27-323D-40A3-98E4-5084F65B3E97} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {2726F792-2A98-426D-A604-4E30468E9223} - \DigitalSite -> No File <==== ATTENTION
Task: {3FADE497-D496-4C22-B4F7-123C29B388BD} - System32\Tasks\{670A3140-0BA9-430E-AB57-E1E9CCB7B73C} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2017-08-18] (Mozilla Corporation)
Task: {419FCE27-0968-42F7-B9A3-6C77D7309EC3} - System32\Tasks\{F028BEBF-76BB-4AF1-B5A9-1F89FC5F0BD8} => C:\Windows\system32\pcalua.exe -a D:\Prerequisites\netfx_setupverifier.exe -d D:\Prerequisites
Task: {44D0D572-B23D-4037-80EE-07105E2C9E63} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {4D47D6BE-99F8-43B9-892B-9263551A03C4} - System32\Tasks\{881A5E56-DCB5-4411-95F4-E14FE0C80759} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2017-08-18] (Mozilla Corporation)
Task: {51EB6394-87DF-407D-ABB5-A46316921B22} - System32\Tasks\{212EF262-0EF8-4D21-9839-63A99F8A1CE4} => C:\Program Files (x86)\Quicken\qw.exe [2014-08-28] (Intuit Inc.)
Task: {678EF8E2-4B08-458C-8CCD-EB7DE92D485D} - System32\Tasks\{05A07066-95F9-4411-B66C-2B88846C677C} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {6A6CFB5D-96C5-4C89-BBCA-FB5D07EDACDD} - System32\Tasks\{F8FDF7E9-11E4-4D9C-B334-B34BA6883F99} => C:\Program Files (x86)\Quicken\qw.exe [2014-08-28] (Intuit Inc.)
Task: {70A57960-06A7-4220-8EBB-EDAABB44CCD2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => c:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {7571B9CC-A705-4D23-8F8D-BA8CB6383F08} - System32\Tasks\{F8EB6DC3-B4A9-447F-A517-7A2278915720} => C:\Windows\system32\pcalua.exe -a C:\Users\SY\Downloads\mx860swin102ea24(2).exe -d C:\Users\SY\Downloads
Task: {7C6C2B84-1BE7-47A0-BB63-914E757891CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {8126E577-5839-4558-9C7E-AE6034BC3788} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {8A18CF1F-B947-4CF7-BAB5-D2EC02357149} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {8EB63F84-03E1-4DDF-8000-28C20A67286C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {9CB59AE8-941C-4436-8546-09CE1BC212D5} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-08-04] (Dell Inc.)
Task: {A5436D98-698C-420D-8908-ED4B1C9E3A94} - System32\Tasks\{2AA91062-DA91-454D-ACFC-161A8382B9B3} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {A6042BB1-B747-475D-9DEC-54625828410F} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-08-04] (Dell Inc.)
Task: {ACD13589-AD0B-47DB-AF6A-74F6E0F337D3} - System32\Tasks\{D798A542-5FB1-4093-94BD-32BF543ECAE9} => C:\Program Files (x86)\palmOne\Hotsync.exe [2008-01-03] (PalmSource, Inc)
Task: {B25052BB-7C38-437A-8C90-FD3F32CB4ED3} - System32\Tasks\{A78254AA-C0AF-4B23-8094-30734A53B1A5} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2017-08-18] (Mozilla Corporation)
Task: {C75B9F52-886A-40ED-B8F9-AA30B593E21F} - System32\Tasks\{A755690D-3FC5-4765-8257-04FA15FA4830} => C:\Program Files (x86)\Quicken\qw.exe [2014-08-28] (Intuit Inc.)
Task: {D178613D-2148-48C9-B8A9-23F92FD76F61} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D853072E-CB08-460F-929D-A17063393F0C} - System32\Tasks\Norton Security Scan for SY => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.103\Nss.exe [2017-06-09] (Symantec Corporation)
Task: {D8D32900-88C3-4DAB-B5CE-63FBA0252E01} - System32\Tasks\{0146DB28-3A1D-4132-B07D-A97E5A524049} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2017-08-18] (Mozilla Corporation)
Task: {DDA84B27-B2FF-42B0-8FAE-9E4FE32C38E6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2804901569-1412701634-3446117099-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E07CACD1-32ED-42B2-A2C6-18494E4D68F3} - System32\Tasks\{BA9E1970-EE5D-4BCD-8BF1-968103083C10} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\palmOne\Instapp.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" -c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handmark"
Task: {E16C23F4-6BF3-4F65-A669-3B2FA4AD832A} - System32\Tasks\{9423D4C6-AC75-4310-A6DD-9B5A8F8802DE} => C:\Program Files (x86)\Quicken\qw.exe [2014-08-28] (Intuit Inc.)
Task: {E2CF7BC9-2E0C-4EE4-89F2-4DCFBBC1D8D5} - System32\Tasks\{59B84CD5-4E76-4A89-8825-3D0BE759F3A6} => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\natspeak.exe
Task: {E7A29DCF-FEB7-45F5-B7F5-590B0147CEB1} - System32\Tasks\{71DAC10E-8B18-4B9D-8F3E-475152C34AD1} => C:\Windows\system32\pcalua.exe -a D:\AUTORUN.EXE -d D:\
Task: {EE0ED038-697B-48CA-8549-D39C07C6FB78} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F002CFA5-1E09-4FE2-AC6A-FDF3DEF3544E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {F66A901A-A7BB-4221-BD70-2D7CF237FE1D} - System32\Tasks\{F374F950-1CCE-4941-BCAC-77A2BD2F3E69} => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\natspeak.exe


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)




==================== Shortcuts & WMI ========================


(The entries could be listed to be restored or removed.)




==================== Loaded Modules (Whitelisted) ==============


2017-03-27 16:47 - 2014-03-05 10:18 - 000040448 _____ () C:\Windows\System32\pdf995mon64.dll
2017-08-23 13:57 - 2016-09-28 00:45 - 000113152 _____ () C:\Windows\System32\redmon64.dll
2013-08-19 01:35 - 2013-08-19 01:35 - 000457960 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-08-19 02:04 - 2013-08-19 02:04 - 000022760 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2012-07-05 20:47 - 2012-07-05 20:47 - 000185488 _____ () C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll
2013-07-02 15:10 - 2012-01-26 19:49 - 002751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-09-27 19:23 - 2012-09-27 19:23 - 000535184 _____ () C:\Program Files (x86)\Roxio Creator NXT 2\Roxio Burn\RoxioBurnLauncher.exe
2013-08-19 02:04 - 2013-08-19 02:04 - 003322600 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2013-08-19 02:04 - 2013-08-19 02:04 - 000524520 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2013-08-19 02:04 - 2013-08-19 02:04 - 000108776 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2010-05-17 22:54 - 2010-05-17 22:54 - 000716800 _____ () C:\Program Files (x86)\TiVo\Desktop\LOUDMOUTH.DLL
2003-01-30 07:04 - 2003-01-30 07:04 - 000618496 _____ () C:\Program Files (x86)\TiVo\Desktop\STLPMT45.DLL
2010-08-24 17:34 - 2010-08-24 17:34 - 000259584 _____ () C:\Program Files (x86)\TiVo\Desktop\ID3LIB.DLL
2010-08-24 17:55 - 2010-08-24 17:55 - 000050960 _____ () C:\Program Files (x86)\TiVo\Desktop\Plus\TranscodingServicePS.dll
2010-05-17 22:56 - 2010-05-17 22:56 - 000684032 _____ () C:\Program Files (x86)\TiVo\Desktop\libeay32.dll
2010-05-17 22:56 - 2010-05-17 22:56 - 000155648 _____ () C:\Program Files (x86)\TiVo\Desktop\ssleay32.dll
2014-02-09 18:12 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-02-06 12:11 - 2013-02-06 12:11 - 000007680 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PSIClient.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)


AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [436]
AlternateDataStreams: C:\ProgramData\TEMP:A303874F [490]
AlternateDataStreams: C:\ProgramData\TEMP:FB7306E4 [130]
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3 [330]


==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IHCserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE trusted site: HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\...\dell.com -> dell.com


==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-13 19:34 - 2017-04-17 15:35 - 000000826 ____N C:\Windows\system32\Drivers\etc\hosts




==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-2804901569-1412701634-3446117099-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==




==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{235A4EE2-2374-4278-A0C7-B9AE5A0DF22D}] => (Allow) %SystemRoot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{66FAA44D-246C-4AD3-A182-F89FE4C4A7FC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{185AE002-6611-4A95-B945-031F722CE7A2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{A05DD5FD-9194-4035-B857-AE292D59A1E7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{07252E72-F0B3-4884-8D89-89BA76565BFC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{1AE4526D-AE7F-4E18-8292-FFA19CCF63D4}] => (Allow) C:\Program Files (x86)\Laplink\PCmover\pcmover.exe
FirewallRules: [{0BE17C66-5424-4D59-99A8-669E4F3F4DAE}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe
FirewallRules: [{72EFB3B2-FB00-4FC5-BC43-C58BF5977F2B}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe
FirewallRules: [{E25C6D8E-DFF9-48FE-8BF2-4B2D926A23FF}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
FirewallRules: [{633B072A-B4DA-49B4-82F5-BDA64CA7B34E}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
FirewallRules: [{FBC25754-CAB1-4099-BB7A-A207EE46A6E7}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
FirewallRules: [{A61F0FBA-DC3E-4862-82FE-DE20030AA4FB}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
FirewallRules: [{B264D9BF-ACDA-49A1-B843-024B68A507CD}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDesktop.exe
FirewallRules: [{5250C9F5-69B9-40DA-A4D3-B90CD96BF4AB}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDesktop.exe
FirewallRules: [{C693565C-4FC9-47DB-B4CE-B042C40518EF}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\curl.exe
FirewallRules: [{C9EFAE61-1A74-4A0C-9946-D18B8C5417B0}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\curl.exe
FirewallRules: [{A94AD87E-46F5-4F34-B507-AE8760BF4ED4}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe
FirewallRules: [{A551418B-2529-4A3D-9F80-F5E5934705BB}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe
FirewallRules: [{B1578F1B-4347-4DF5-8181-ECECD3B35224}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDiag.exe
FirewallRules: [{DA623ED0-B8E4-4169-9FB3-92B8A3F32779}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDiag.exe
FirewallRules: [{D91A9086-2FC3-41E1-B21E-71FD4C44E2F4}] => (Allow) LPort=5353
FirewallRules: [{71E1DB94-50FD-41F8-A8C6-A2ED8A17E2D2}] => (Allow) LPort=7288
FirewallRules: [{586A5CF7-6C8C-401E-8585-4B376A8A8676}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{B067FFDF-D5F5-408B-91C8-71702A8D3EF6}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{B31B80E2-B4E1-4344-9283-6DB905BF6752}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BFEB1AEC-AA9B-4D73-936C-B1E6C3E4A2D4}] => (Allow) LPort=2869
FirewallRules: [{94BEE233-31AC-473C-B381-370BEEC8AF6D}] => (Allow) LPort=1900
FirewallRules: [{94759552-DA80-459C-940A-1F9AAC2AD86E}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{1B5F34B7-576D-4341-9D0A-93CBEFBC4E9B}] => (Allow) LPort=51001
FirewallRules: [{B5A49CFA-DA6A-468B-8B51-D49A9F8D164F}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{D2BCA925-6391-4746-A096-062299FEBBBC}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{A2178F34-C789-45A9-AC28-C0274D2DB87A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F8F5F6E-C276-4DB1-94C8-C19C772D310F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A7B470E-D270-45AE-9BA7-14AEA228AD41}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{76479708-6B0B-4550-A22B-43A27E1BC353}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA28A590-E8B8-4949-84DD-37F7B99DCA9D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9425565C-2753-418C-9FD5-B638FC2C1976}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6BDD62FB-A33B-4DA7-A293-5C4892447950}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{005035F2-A1FA-4C40-8133-C973D814D431}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5BEF9DC3-B719-4784-A6E2-63E9EFABE9B2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{483F61F7-1B47-4FE9-8E8C-9A50DA430CED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E422BD05-92B6-4C70-8C1D-4B8A2C19AA4B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5438B6FB-8FDB-4499-9186-A12615C362BA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{42719154-825A-404C-91ED-9827683F9012}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3EB31DC2-CC64-420F-BFB0-A05C63B075A5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{7BD1EA4F-51F5-4EDB-9AAF-FDDD23CC0C74}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{18A2EEBF-6D82-4FD9-AD00-B190AF2A533F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Restore Points =========================


29-08-2017 14:08:00 Windows Update
30-08-2017 03:00:34 Windows Update
30-08-2017 17:42:59 Windows Update
31-08-2017 03:00:30 Windows Update
31-08-2017 19:38:51 Windows Update
01-09-2017 13:42:06 Windows Update
02-09-2017 03:00:46 Windows Update
02-09-2017 14:08:47 Installed Microsoft Solution - 20e6675b-c4b2-6000-8dfa-40c074f8ff8f
02-09-2017 14:18:48 Installed Microsoft Solution - 6aadf339-ee7d-6c6a-5680-dcf83b58704a
02-09-2017 14:44:15 Installed Microsoft Solution - 20e6675b-c4b2-6000-8dfa-40c074f8ff8f
02-09-2017 14:45:14 Windows Update
02-09-2017 14:46:08 Installed Microsoft Solution - 6aadf339-ee7d-6c6a-5680-dcf83b58704a
02-09-2017 15:13:43 Windows Update
10-09-2017 00:00:01 Scheduled Checkpoint
12-09-2017 13:04:32 Windows Update
14-09-2017 14:05:16 Windows Update
15-09-2017 18:00:05 Removed Dragon 14.0.
15-09-2017 18:35:05 Windows Update
16-09-2017 14:01:28 Installed Microsoft Solution - B4164D8C-3813-495A-BBBC-BA51D122A226
16-09-2017 14:02:34 Restore Point before Dragon 14.0 was removed using Program Install and Uninstall troubleshooter
16-09-2017 14:03:45 Final Restore Point for Dragon 14.0 using Program Install and Uninstall troubleshooter.
16-09-2017 14:44:17 Windows Update
19-09-2017 01:46:28 Windows Update
19-09-2017 16:01:49 Windows Update


==================== Faulty Device Manager Devices =============


Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.




==================== Event log errors: =========================


Application errors:
==================
Error: (09/20/2017 03:19:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


Error: (09/20/2017 03:19:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


Error: (09/20/2017 03:00:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


Error: (09/20/2017 03:00:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


Error: (09/20/2017 03:50:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\PaperPort\CheckPPFolders.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


Error: (09/19/2017 02:43:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


Error: (09/19/2017 02:43:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


Error: (09/19/2017 03:41:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\PaperPort\CheckPPFolders.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


Error: (09/19/2017 02:04:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


Error: (09/19/2017 02:04:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.




System errors:
=============
Error: (09/20/2017 03:17:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell SupportAssist Agent service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Error: (09/20/2017 03:17:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell SupportAssist Agent service to connect.


Error: (09/20/2017 03:17:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Error: (09/20/2017 03:17:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.


Error: (09/20/2017 03:17:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Error: (09/20/2017 03:17:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.


Error: (09/20/2017 03:15:05 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.


Error: (09/20/2017 03:14:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CGPS Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Error: (09/20/2017 03:14:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CGPS Service service to connect.


Error: (09/20/2017 03:14:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FullImagingService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.




==================== Memory info ===========================


Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8127.8 MB
Available physical RAM: 5585.65 MB
Total Virtual: 16253.79 MB
Available Virtual: 13795.43 MB


==================== Drives ================================


Drive c: (OS) (Fixed) (Total:906.81 GB) (Free:504.03 GB) NTFS
Drive e: () (Removable) (Total:14.63 GB) (Free:14.63 GB) FAT32


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: DC221A98)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=24.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=906.8 GB) - (Type=07 NTFS)


========================================================
Disk: 2 (Size: 14.6 GB) (Disk ID: 00000000)


Partition: GPT.


==================== End of Addition.txt ============================

 

[BrianDrab]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Great, thanks. Please do the following.

1. Enable Verbose logging. https://support.microsoft.com/en-us/help/223300/how-to-enable-windows-installer-logging
2. Attempt the install of the .NET Framework 4.7 again
3. Repeat Post#6 if the install fails.
4. Zip up and upload all logs in the following directory C:\Windows\System32\winevt\Logs\
5. Attach information from Post#28.

 

[Haole Boy]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Ran test with Malwarebytes disabled. Install failed again with same '641' error code. Files too big to attach, sending you a PM with link.

Mahalo,

Harry Z

 

[BrianDrab]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

OK, let's take a step back then. Please do the following.

1. Click Start...Control Panel and if you are viewing icons by Category then choose Programs.
2. Click "Turn Windows features on or off" within Programs and Features.
3. Allow this to populate. Assuming the Windows Features window populates, let me know if "Microsoft .NET Framework 3.5.1 has a checkbox in it, is a completely white check box or if the checkbox is filled in light green.
4. If it's a completely white checkbox then click on it and click OK in an attempt to install. If it has a check box or is shaded green, then uncheck it and click OK to see if it will completely remove on its own.

Let me know.

 

[Haole Boy]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

The "Microsoft .Net Framework 3.51" had a solid color box next to it, and when I clicked on the plus sign next to the name the two subordinate items has blank check boxes. Clicked on the solid color box and then OK, and I was required to reboot. After reboot, the box next to .Net 3.51 was empty. See attached screen shots if my explanation does not make sense.

This was done with Malwarebytes enabled. I've used this program for so long with no issues that I'm having problems remembering that you want me to disable it. I will try to do better in the future.

Also, before I opened this thread, I could not determine if this was an issue with .Net, Windows Update, or Windows Installer. Would it be worthwhile to try installing something other then .Net? IIRC, I can choose a Silverlight update or the Microsoft Malicious Software Removal Tool in addition to the 3 different levels of .Net from the Windows Updates list of Important updates. Just a thought...

Mahalo,

Harry Z

 

[BrianDrab]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Please go back to Turn Windows features on or off and click "Microsoft .NET Framework 3.51" again so it's shaded and click OK for it to re-install.

Once this is done and after a reboot (if you are requested to do so) then go ahead and check for Windows Updates and like you mentioned attempt to install all updates. Keep installing all updates until only the ones that remain fail. Let me know which ones those are.

 

[Haole Boy]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Please go back to Turn Windows features on or off and click "Microsoft .NET Framework 3.51" again so it's shaded and click OK for it to re-install.

Once this is done and after a reboot (if you are requested to do so) then go ahead and check for Windows Updates and like you mentioned attempt to install all updates. Keep installing all updates until only the ones that remain fail. Let me know which ones those are.

Turned "on" .Net 3.51, not prompted for reboot. Tried to install Silverlight, get a different error code (656). Also tried installing Malicious Software Removal tool and that also gets the 656 code. Screen shot and Windows Update Log attached.

Harry Z

 

[BrianDrab]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Please do the following.

Note: If you are unable to boot into Safe mode because you are doing this remotely then follow all the steps except for rebooting into Safe mode.

Run Windows Repairs
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
1. Download Windows Repair (All-in-One) Portable to your desktop.
2. Once the file is downloaded, right-click on the file on your desktop and choose Extract All...
3. Keep the defaults and click the Extract button.
4. A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
5. Inside this folder, there is a folder named Tweaking.com - Windows Repair. Open this folder as well.
6. Double-click on Repair_Windows.exe to open. Note: Please make sure all of your programs are closed and anything you were working on is saved as we will be rebooting.
7. When the program opens, click the Reboot to Safe Mode button at the bottom of the screen. Answer Yes to allow.
8. Once rebooted into Safe Mode, open the program again. When the program opens, click the Repairs tab and click the Open Repairs button.
9. A backup of your registry will be made. After a few moments you will have many options from which you can choose.
10. Keep all the defaults
11. Ensure the Restart check box is selected and click the Start Repairs button in the lower right of the screen. This may take some time to run so be patient.
12. Once the fixes are complete you will be prompted to restart your machine. Answer Yes.

 

[Haole Boy]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Aloha Brian. Ran all repairs per your instructions. Decided to go ahead and try running WU. Silverlight failed with same error code as before. .Net 4.7 got a different error code: FF. WindowsUpdate.log attached along with Windows Repair logs.

We've been at this for quite a while. Are we reaching the point where there is no real hope that this can be fixed? (If I had the machine on my bench, I would just re-install Win 7. But the machine is 2500 miles away...)

Mahalo,

Harry Z.

 

[BrianDrab]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Why not just put the Windows 7 ISO on the machine and do a repair install? All of the programs and documents will reamain and should it should also fix your issue?

Repair Install - Windows 7 Help Forums

 

[Haole Boy]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

Interesting idea, but I'm not real enthusiastic about trying this via remote connection. i.e.: what happens if the repair install fails and I can't get remote access? While the user of the machine is somewhat competent, spending hours and hours asking him to read me what's on the screen followed by enter this command.... does not really interest me.

Are we at the "no other choice but to reinstall" phase with this thread? Or is there anything more we can do?

Mahalo! I really do appreciate your assistance!

Harry Z.

 

[BrianDrab]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

It just appeared you may have been getting impatient so I wanted to provide a solution that would likely work. There are other things we can try if you are interested.

 

[Haole Boy]

Re: [Win7SP1 x64] Unable to install Windows Updates. WU error code 0x80070643.

I opened this thread on the 2nd, it's now the 26th. So, yeah, I am getting a little antsy about arriving at a solution.

But, I really would like to get this fixed. So, what's next?

Harry Z.