Windows 7 x64 Updates KB4467107 and KB4467240 failed - both error codes : 80073712

[midcareer]

Hi bruce1270

txt file attached

 

[Sysnative Windows Update]

Hi!

As bruce will be away for some time, I will be assisting you in the meantime :) You can expect a reply from me in the next 24 hours.

 

[Sysnative Windows Update]

Hi!

Please do the following

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Run SURT again and post the CheckSUR.log.

Step#2 - Update Install
Please try to install update KB4489878 only and attach CBS log if it fails.

 

[midcareer]

Hi softwaremaniac, thans for taking over.....

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Zenith (31-03-2019 15:12:54) Run:15
Running from E:\Toshiba\ZENITHfolders\Desktop
Loaded Profiles: Zenith (Available Profiles: Zenith & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
reg: reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS

StartRegedit:
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_59c591d1342f58cf711f85153cf32ea8_31bf3856ad364e35_6.1.7601.24056_none_f9255791cf979318]
"S256H"=hex:d4,18,00,ec,ca,f2,20,0a,47,a4,37,31,61,55,da,3d,e0,da,ac,71,b5,f7,\
  b4,a9,96,f1,7e,50,59,d0,70,8f
"identity"=hex:35,39,63,35,39,31,64,31,33,34,32,66,35,38,63,66,37,31,31,66,38,\
  35,31,35,33,63,66,33,32,65,61,38,2c,20,43,75,6c,74,75,72,65,3d,6e,65,75,74,\
  72,61,6c,2c,20,56,65,72,73,69,6f,6e,3d,36,2e,31,2e,37,36,30,31,2e,32,34,30,\
  35,36,2c,20,50,75,62,6c,69,63,4b,65,79,54,6f,6b,65,6e,3d,33,31,62,66,33,38,\
  35,36,61,64,33,36,34,65,33,35,2c,20,50,72,6f,63,65,73,73,6f,72,41,72,63,68,\
  69,74,65,63,74,75,72,65,3d,61,6d,64,36,34,2c,20,76,65,72,73,69,6f,6e,53,63,\
  6f,70,65,3d,4e,6f,6e,53,78,53
"ClosureFlags"=dword:00000003
"c!59c591d1342..5153cf32ea8_31bf3856ad364e35_6.1.7601.24056_f9255791cf979318"=hex:

[HKEY_LOCAL_MACHINE\COMPONENTS\CanonicalData\Deployments\59c591d1342..5153cf32ea8_31bf3856ad364e35_6.1.7601.24056_f9255791cf979318]
"appid"=hex:35,39,63,35,39,31,64,31,33,34,32,66,35,38,63,66,37,31,31,66,38,35,\
  31,35,33,63,66,33,32,65,61,38,2c,20,43,75,6c,74,75,72,65,3d,6e,65,75,74,72,\
  61,6c,2c,20,56,65,72,73,69,6f,6e,3d,36,2e,31,2e,37,36,30,31,2e,32,34,30,35,\
  36,2c,20,50,75,62,6c,69,63,4b,65,79,54,6f,6b,65,6e,3d,33,31,62,66,33,38,35,\
  36,61,64,33,36,34,65,33,35,2c,20,50,72,6f,63,65,73,73,6f,72,41,72,63,68,69,\
  74,65,63,74,75,72,65,3d,61,6d,64,36,34,2c,20,76,65,72,73,69,6f,6e,53,63,6f,\
  70,65,3d,4e,6f,6e,53,78,53
"CatalogThumbprint"="9f3dc59ed5a97ca6cc0c3aa82130a3517fcd403052e3cf3f6fb225f643a33769"
"p!CBS_package_137_for_kb4088875~31bf3856ad364e35~amd64~~6.1.1.2.40_8bfcea83afd42a91"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,30,38,38,38,37,35,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,32,2e,34,30,38,38,38,37,35,2d,34,30,\
  34,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_135_for_kb4093118~31bf3856ad364e35~amd64~~6.1.1.4.40_17dc6eb05630de38"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,35,5f,66,6f,72,5f,4b,42,\
  34,30,39,33,31,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,30,39,33,31,31,38,2d,33,39,\
  35,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_136_for_kb4103718~31bf3856ad364e35~amd64~~6.1.1.4.41_bb676bc23b6c8183"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,36,5f,66,6f,72,5f,4b,42,\
  34,31,30,33,37,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,31,30,33,37,31,38,2d,33,39,\
  37,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4284826~31bf3856ad364e35~amd64~~6.1.1.4.42_f0b6a13076cc6882"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,32,38,34,38,32,36,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,32,38,34,38,32,36,2d,33,39,\
  39,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4338818~31bf3856ad364e35~amd64~~6.1.1.8.43_fe256886f3d1a959"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,33,33,38,38,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,38,2e,34,33,33,38,38,31,38,2d,34,30,\
  34,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4343900~31bf3856ad364e35~amd64~~6.1.1.5.43_2d8965c3b0dd4c1a"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,33,34,33,39,30,30,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,35,2e,34,33,34,33,39,30,30,2d,34,30,\
  36,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4457144~31bf3856ad364e35~amd64~~6.1.1.6.44_b00f4f50816c72fb"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,34,35,37,31,34,34,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,36,2e,34,34,35,37,31,34,34,2d,34,30,\
  38,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4462923~31bf3856ad364e35~amd64~~6.1.1.4.44_637d577b7e2b136c"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,34,36,32,39,32,33,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,34,36,32,39,32,33,2d,34,30,\
  39,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4457139~31bf3856ad364e35~amd64~~6.1.1.6.44_8904d5a827481d98"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,34,35,37,31,33,39,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,36,2e,34,34,35,37,31,33,39,2d,34,30,\
  39,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_138_for_kb4467107~31bf3856ad364e35~amd64~~6.1.1.11.4_9351a8acefbc5e29"=hex:52,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,36,37,31,30,37,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,31,31,2e,34,34,36,37,31,30,37,2d,34,\
  31,30,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_138_for_kb4471318~31bf3856ad364e35~amd64~~6.1.1.5.44_6f3734ad60c85c3a"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,37,31,33,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,35,2e,34,34,37,31,33,31,38,2d,34,31,\
  30,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_138_for_kb4480970~31bf3856ad364e35~amd64~~6.1.1.6.44_767fba18b9c504a1"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,30,39,37,30,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,36,2e,34,34,38,30,39,37,30,2d,34,31,\
  30,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_138_for_kb4486563~31bf3856ad364e35~amd64~~6.1.1.4.44_6b4deaf540ac0b68"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,36,35,36,33,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,34,38,36,35,36,33,2d,34,31,\
  31,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_138_for_kb4489878~31bf3856ad364e35~amd64~~6.1.1.9.44_e7ac899933210092"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,39,38,37,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,39,2e,34,34,38,39,38,37,38,2d,34,31,\
  38,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"i!CBS_package_138_for_kb4489878~31bf3856ad364e35~amd64~~6.1.1.9.44_e7ac899933210092"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,39,38,37,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,39,2e,34,34,38,39,38,37,38,2d,34,31,\
  38,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35


[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.24383 (win7sp1_ldr_escrow.190215-1954)\ComponentFamilies\amd64_59c591d1342f58cf711f85153cf32ea8_31bf3856ad364e35_none_a342d76a8493ca4e\v!6.1.7601.24056]
"InstallMapMissingComponentKey"=-
EndRegedit:
*****************

Error: (0) Failed to create a restore point.

========= reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS =========

The operation completed successfully.



========= End of Reg: =========


====> Registry

==== End of Fixlog 15:12:56 ====

KB4489878 failed

 

[Sysnative Windows Update]

Hi!

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Run SURT again and post the CheckSUR.log.

Step#2 - Update Install
Please try to install update KB4489878 only and attach CBS log if it fails.

 

[midcareer]

Thank you softwaremaniac.

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Zenith (03-04-2019 15:09:24) Run:16
Running from E:\Toshiba\ZENITHfolders\Desktop
Loaded Profiles: Zenith (Available Profiles: Zenith & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
reg: reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
StartRegedit:
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_dfac26a4355481917de47832ddd4d97f_31bf3856ad364e35_6.1.7601.23806_none_b056b1d582bf838e]
"S256H"=hex:4f,9b,12,b3,72,ee,59,58,36,da,ef,2f,3b,35,37,d9,33,fe,fd,55,89,68,\
  0c,2d,2b,3d,f3,d6,54,17,8a,6c
"identity"=hex:64,66,61,63,32,36,61,34,33,35,35,34,38,31,39,31,37,64,65,34,37,\
  38,33,32,64,64,64,34,64,39,37,66,2c,20,43,75,6c,74,75,72,65,3d,6e,65,75,74,\
  72,61,6c,2c,20,56,65,72,73,69,6f,6e,3d,36,2e,31,2e,37,36,30,31,2e,32,33,38,\
  30,36,2c,20,50,75,62,6c,69,63,4b,65,79,54,6f,6b,65,6e,3d,33,31,62,66,33,38,\
  35,36,61,64,33,36,34,65,33,35,2c,20,50,72,6f,63,65,73,73,6f,72,41,72,63,68,\
  69,74,65,63,74,75,72,65,3d,61,6d,64,36,34,2c,20,76,65,72,73,69,6f,6e,53,63,\
  6f,70,65,3d,4e,6f,6e,53,78,53
"ClosureFlags"=dword:00000003
"c!dfac26a4355..832ddd4d97f_31bf3856ad364e35_6.1.7601.23806_b056b1d582bf838e"=hex:

[HKEY_LOCAL_MACHINE\COMPONENTS\CanonicalData\Deployments\dfac26a4355..832ddd4d97f_31bf3856ad364e35_6.1.7601.23806_b056b1d582bf838e]
"appid"=hex:64,66,61,63,32,36,61,34,33,35,35,34,38,31,39,31,37,64,65,34,37,38,\
  33,32,64,64,64,34,64,39,37,66,2c,20,43,75,6c,74,75,72,65,3d,6e,65,75,74,72,\
  61,6c,2c,20,56,65,72,73,69,6f,6e,3d,36,2e,31,2e,37,36,30,31,2e,32,33,38,30,\
  36,2c,20,50,75,62,6c,69,63,4b,65,79,54,6f,6b,65,6e,3d,33,31,62,66,33,38,35,\
  36,61,64,33,36,34,65,33,35,2c,20,50,72,6f,63,65,73,73,6f,72,41,72,63,68,69,\
  74,65,63,74,75,72,65,3d,61,6d,64,36,34,2c,20,76,65,72,73,69,6f,6e,53,63,6f,\
  70,65,3d,4e,6f,6e,53,78,53
"CatalogThumbprint"="9f3dc59ed5a97ca6cc0c3aa82130a3517fcd403052e3cf3f6fb225f643a33769"
"p!CBS_package_134_for_kb4054518~31bf3856ad364e35~amd64~~6.1.1.2.40_1b43ed1f353ea47a"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,34,5f,66,6f,72,5f,4b,42,\
  34,30,35,34,35,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,32,2e,34,30,35,34,35,31,38,2d,34,30,\
  32,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4056894~31bf3856ad364e35~amd64~~6.1.1.4.40_332a5a9f3a63e78d"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,30,35,36,38,39,34,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,30,35,36,38,39,34,2d,33,39,\
  38,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4074598~31bf3856ad364e35~amd64~~6.1.1.3.40_e5bfec8e8b4bb1be"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,30,37,34,35,39,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,33,2e,34,30,37,34,35,39,38,2d,34,30,\
  30,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4088875~31bf3856ad364e35~amd64~~6.1.1.2.40_dfed349931ebbaaa"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,30,38,38,38,37,35,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,32,2e,34,30,38,38,38,37,35,2d,34,30,\
  35,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_135_for_kb4093118~31bf3856ad364e35~amd64~~6.1.1.4.40_6bccbb9ed8486e51"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,35,5f,66,6f,72,5f,4b,42,\
  34,30,39,33,31,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,30,39,33,31,31,38,2d,33,39,\
  36,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_107_for_kb4038777~31bf3856ad364e35~amd64~~6.1.1.3.40_a12729e98e3f614f"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,30,37,5f,66,6f,72,5f,4b,42,\
  34,30,33,38,37,37,37,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,33,2e,34,30,33,38,37,37,37,2d,33,34,\
  39,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_136_for_kb4103718~31bf3856ad364e35~amd64~~6.1.1.4.41_0f57b5d7bd84119c"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,36,5f,66,6f,72,5f,4b,42,\
  34,31,30,33,37,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,31,30,33,37,31,38,2d,33,39,\
  38,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4284826~31bf3856ad364e35~amd64~~6.1.1.4.42_5a51a5129e7daa33"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,32,38,34,38,32,36,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,32,38,34,38,32,36,2d,34,30,\
  30,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_134_for_kb4041686~31bf3856ad364e35~amd64~~6.1.1.0.40_823313c47f6ce9e1"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,34,5f,66,6f,72,5f,4b,42,\
  34,30,34,31,36,38,36,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,30,2e,34,30,34,31,36,38,36,2d,33,37,\
  37,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4338818~31bf3856ad364e35~amd64~~6.1.1.8.43_5215b29c75e93972"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,33,33,38,38,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,38,2e,34,33,33,38,38,31,38,2d,34,30,\
  35,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4343900~31bf3856ad364e35~amd64~~6.1.1.5.43_8179afd932f4dc33"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,33,34,33,39,30,30,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,35,2e,34,33,34,33,39,30,30,2d,34,30,\
  37,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4457144~31bf3856ad364e35~amd64~~6.1.1.6.44_03ff996603840314"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,34,35,37,31,34,34,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,36,2e,34,34,35,37,31,34,34,2d,34,30,\
  39,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4462923~31bf3856ad364e35~amd64~~6.1.1.4.44_700ab9e119ddd34a"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,34,36,32,39,32,33,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,34,36,32,39,32,33,2d,34,31,\
  30,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_105_for_kb4025341~31bf3856ad364e35~amd64~~6.1.1.6.40_bc14821a1173988c"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,30,35,5f,66,6f,72,5f,4b,42,\
  34,30,32,35,33,34,31,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,36,2e,34,30,32,35,33,34,31,2d,33,30,\
  39,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_137_for_kb4457139~31bf3856ad364e35~amd64~~6.1.1.6.44_95923534c2fadd76"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,34,35,37,31,33,39,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,36,2e,34,34,35,37,31,33,39,2d,34,31,\
  30,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_138_for_kb4467107~31bf3856ad364e35~amd64~~6.1.1.11.4_085c4ddfa8646a98"=hex:52,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,36,37,31,30,37,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,31,31,2e,34,34,36,37,31,30,37,2d,34,\
  31,31,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_106_for_kb4034664~31bf3856ad364e35~amd64~~6.1.1.4.40_34496e2ab17a0246"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,30,36,5f,66,6f,72,5f,4b,42,\
  34,30,33,34,36,36,34,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,30,33,34,36,36,34,2d,33,31,\
  31,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_138_for_kb4471318~31bf3856ad364e35~amd64~~6.1.1.5.44_c3277ec2e2dfec53"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,37,31,33,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,35,2e,34,34,37,31,33,31,38,2d,34,31,\
  31,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_138_for_kb4480970~31bf3856ad364e35~amd64~~6.1.1.6.44_ca70042e3bdc94ba"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,30,39,37,30,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,36,2e,34,34,38,30,39,37,30,2d,34,31,\
  31,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_138_for_kb4486563~31bf3856ad364e35~amd64~~6.1.1.4.44_bf3e350ac2c39b81"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,36,35,36,33,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,34,38,36,35,36,33,2d,34,31,\
  32,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"p!CBS_package_138_for_kb4489878~31bf3856ad364e35~amd64~~6.1.1.9.44_3b9cd3aeb53890ab"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,39,38,37,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,39,2e,34,34,38,39,38,37,38,2d,34,31,\
  39,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35
"i!CBS_package_138_for_kb4489878~31bf3856ad364e35~amd64~~6.1.1.9.44_3b9cd3aeb53890ab"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,39,38,37,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,39,2e,34,34,38,39,38,37,38,2d,34,31,\
  39,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,35


[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.23505 (win7sp1_ldr.160722-0600)\ComponentFamilies\amd64_dfac26a4355481917de47832ddd4d97f_31bf3856ad364e35_none_fc47b5cb70a7455a\v!6.1.7601.23806]
"InstallMapMissingComponentKey"=-
EndRegedit:
*****************

Error: (0) Failed to create a restore point.

========= reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS =========

The operation completed successfully.



========= End of Reg: =========


====> Registry

==== End of Fixlog 15:09:26 ====

KB4489878 failed

 

[Sysnative Windows Update]

Hi!

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Run SURT again and post the CheckSUR.log.

Step#2 - Update Install
Please try to install update KB4489878 only and attach CBS log if it fails.

 

[midcareer]

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Zenith (04-04-2019 18:22:28) Run:17
Running from E:\Toshiba\ZENITHfolders\Desktop
Loaded Profiles: Zenith (Available Profiles: Zenith & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
reg: reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
StartRegedit:
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_e8a4857a5e252da348754e4e2cbb944a_31bf3856ad364e35_6.1.7601.23971_none_16c5041472dc017f]
"S256H"=hex:fe,40,a5,e7,81,a6,54,d3,29,47,9c,bb,da,53,34,30,9a,02,77,be,38,85,\
  90,49,b5,1d,71,22,ed,39,e7,ed
"identity"=hex:65,38,61,34,38,35,37,61,35,65,32,35,32,64,61,33,34,38,37,35,34,\
  65,34,65,32,63,62,62,39,34,34,61,2c,20,43,75,6c,74,75,72,65,3d,6e,65,75,74,\
  72,61,6c,2c,20,56,65,72,73,69,6f,6e,3d,36,2e,31,2e,37,36,30,31,2e,32,33,39,\
  37,31,2c,20,50,75,62,6c,69,63,4b,65,79,54,6f,6b,65,6e,3d,33,31,62,66,33,38,\
  35,36,61,64,33,36,34,65,33,35,2c,20,50,72,6f,63,65,73,73,6f,72,41,72,63,68,\
  69,74,65,63,74,75,72,65,3d,61,6d,64,36,34,2c,20,76,65,72,73,69,6f,6e,53,63,\
  6f,70,65,3d,4e,6f,6e,53,78,53
"ClosureFlags"=dword:00000003
"c!e8a4857a5e2..e4e2cbb944a_31bf3856ad364e35_6.1.7601.23971_16c5041472dc017f"=hex:

[HKEY_LOCAL_MACHINE\COMPONENTS\CanonicalData\Deployments\e8a4857a5e2..e4e2cbb944a_31bf3856ad364e35_6.1.7601.23971_16c5041472dc017f]
"appid"=hex:65,38,61,34,38,35,37,61,35,65,32,35,32,64,61,33,34,38,37,35,34,65,\
  34,65,32,63,62,62,39,34,34,61,2c,20,43,75,6c,74,75,72,65,3d,6e,65,75,74,72,\
  61,6c,2c,20,56,65,72,73,69,6f,6e,3d,36,2e,31,2e,37,36,30,31,2e,32,33,39,37,\
  31,2c,20,50,75,62,6c,69,63,4b,65,79,54,6f,6b,65,6e,3d,33,31,62,66,33,38,35,\
  36,61,64,33,36,34,65,33,35,2c,20,50,72,6f,63,65,73,73,6f,72,41,72,63,68,69,\
  74,65,63,74,75,72,65,3d,61,6d,64,36,34,2c,20,76,65,72,73,69,6f,6e,53,63,6f,\
  70,65,3d,4e,6f,6e,53,78,53
"CatalogThumbprint"="9f3dc59ed5a97ca6cc0c3aa82130a3517fcd403052e3cf3f6fb225f643a33769"
"p!CBS_package_137_for_kb4074598~31bf3856ad364e35~amd64~~6.1.1.3.40_8da083928f7ad1f0"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,30,37,34,35,39,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,33,2e,34,30,37,34,35,39,38,2d,34,30,\
  32,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4088875~31bf3856ad364e35~amd64~~6.1.1.2.40_87cdcb9d361adadc"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,30,38,38,38,37,35,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,32,2e,34,30,38,38,38,37,35,2d,34,30,\
  37,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_135_for_kb4093118~31bf3856ad364e35~amd64~~6.1.1.4.40_13ad4fc9dc778e83"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,35,5f,66,6f,72,5f,4b,42,\
  34,30,39,33,31,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,30,39,33,31,31,38,2d,33,39,\
  38,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_136_for_kb4103718~31bf3856ad364e35~amd64~~6.1.1.4.41_cce303cf674ce366"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,36,5f,66,6f,72,5f,4b,42,\
  34,31,30,33,37,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,31,30,33,37,31,38,2d,34,30,\
  30,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4284826~31bf3856ad364e35~amd64~~6.1.1.4.42_0232393da2acca65"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,32,38,34,38,32,36,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,32,38,34,38,32,36,2d,34,30,\
  32,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4338818~31bf3856ad364e35~amd64~~6.1.1.8.43_f9f646c77a1859a4"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,33,33,38,38,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,38,2e,34,33,33,38,38,31,38,2d,34,30,\
  37,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4343900~31bf3856ad364e35~amd64~~6.1.1.5.43_295a44043723fc65"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,33,34,33,39,30,30,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,35,2e,34,33,34,33,39,30,30,2d,34,30,\
  39,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4457144~31bf3856ad364e35~amd64~~6.1.1.6.44_647d45e1214e530b"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,34,35,37,31,34,34,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,36,2e,34,34,35,37,31,34,34,2d,34,31,\
  31,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4462923~31bf3856ad364e35~amd64~~6.1.1.4.44_17eb4e0c1e0cf37c"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,34,36,32,39,32,33,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,34,36,32,39,32,33,2d,34,31,\
  32,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4457139~31bf3856ad364e35~amd64~~6.1.1.6.44_3d72cc38c729fda8"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,34,35,37,31,33,39,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,36,2e,34,34,35,37,31,33,39,2d,34,31,\
  32,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_138_for_kb4467107~31bf3856ad364e35~amd64~~6.1.1.11.4_f271984519b48376"=hex:52,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,36,37,31,30,37,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,31,31,2e,34,34,36,37,31,30,37,2d,34,\
  31,33,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_138_for_kb4471318~31bf3856ad364e35~amd64~~6.1.1.5.44_6b0815c6e70f0c85"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,37,31,33,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,35,2e,34,34,37,31,33,31,38,2d,34,31,\
  33,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_138_for_kb4480970~31bf3856ad364e35~amd64~~6.1.1.6.44_72509859400bb4ec"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,30,39,37,30,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,36,2e,34,34,38,30,39,37,30,2d,34,31,\
  33,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_138_for_kb4486563~31bf3856ad364e35~amd64~~6.1.1.4.44_671ecc0ec6f2bbb3"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,36,35,36,33,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,34,38,36,35,36,33,2d,34,31,\
  34,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_138_for_kb4489878~31bf3856ad364e35~amd64~~6.1.1.9.44_9c1a7d50d302e0a2"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,39,38,37,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,39,2e,34,34,38,39,38,37,38,2d,34,32,\
  31,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"i!CBS_package_138_for_kb4489878~31bf3856ad364e35~amd64~~6.1.1.9.44_9c1a7d50d302e0a2"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,39,38,37,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,39,2e,34,34,38,39,38,37,38,2d,34,32,\
  31,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.23505 (win7sp1_ldr.160722-0600)\ComponentFamilies\amd64_e8a4857a5e252da348754e4e2cbb944a_31bf3856ad364e35_none_04399e0dc7c75b24\v!6.1.7601.23971]
"InstallMapMissingComponentKey"=-
EndRegedit:
*****************

Error: (0) Failed to create a restore point.

========= reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS =========

The operation completed successfully.



========= End of Reg: =========


====> Registry

==== End of Fixlog 18:22:29 ====

Unfortunately, KB4489878 failed

 

[Sysnative Windows Update]

Hi!

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.


Run SURT again and post the CheckSUR.log.

Step#2 - Update Install
Please try to install update KB4489878 only and attach CBS log if it fails.

 

[midcareer]

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Zenith (07-04-2019 12:46:30) Run:18
Running from E:\Toshiba\ZENITHfolders\Desktop
Loaded Profiles: Zenith (Available Profiles: Zenith & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
reg: reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
StartRegedit:
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_ef7e786066aaee327fafa648b1dc4e45_31bf3856ad364e35_6.1.7601.24000_none_5b37473d258b5d7e]
"S256H"=hex:a0,13,5f,af,26,85,19,0b,79,f4,f1,51,62,ea,6f,c4,9b,f3,64,4a,4a,d6,\
  a9,e6,e8,f9,38,69,0b,d2,5f,9c
"identity"=hex:65,66,37,65,37,38,36,30,36,36,61,61,65,65,33,32,37,66,61,66,61,\
  36,34,38,62,31,64,63,34,65,34,35,2c,20,43,75,6c,74,75,72,65,3d,6e,65,75,74,\
  72,61,6c,2c,20,56,65,72,73,69,6f,6e,3d,36,2e,31,2e,37,36,30,31,2e,32,34,30,\
  30,30,2c,20,50,75,62,6c,69,63,4b,65,79,54,6f,6b,65,6e,3d,33,31,62,66,33,38,\
  35,36,61,64,33,36,34,65,33,35,2c,20,50,72,6f,63,65,73,73,6f,72,41,72,63,68,\
  69,74,65,63,74,75,72,65,3d,61,6d,64,36,34,2c,20,76,65,72,73,69,6f,6e,53,63,\
  6f,70,65,3d,4e,6f,6e,53,78,53
"ClosureFlags"=dword:00000003
"c!ef7e786066a..648b1dc4e45_31bf3856ad364e35_6.1.7601.24000_5b37473d258b5d7e"=hex:

[HKEY_LOCAL_MACHINE\COMPONENTS\CanonicalData\Deployments\ef7e786066a..648b1dc4e45_31bf3856ad364e35_6.1.7601.24000_5b37473d258b5d7e]
"appid"=hex:65,66,37,65,37,38,36,30,36,36,61,61,65,65,33,32,37,66,61,66,61,36,\
  34,38,62,31,64,63,34,65,34,35,2c,20,43,75,6c,74,75,72,65,3d,6e,65,75,74,72,\
  61,6c,2c,20,56,65,72,73,69,6f,6e,3d,36,2e,31,2e,37,36,30,31,2e,32,34,30,30,\
  30,2c,20,50,75,62,6c,69,63,4b,65,79,54,6f,6b,65,6e,3d,33,31,62,66,33,38,35,\
  36,61,64,33,36,34,65,33,35,2c,20,50,72,6f,63,65,73,73,6f,72,41,72,63,68,69,\
  74,65,63,74,75,72,65,3d,61,6d,64,36,34,2c,20,76,65,72,73,69,6f,6e,53,63,6f,\
  70,65,3d,4e,6f,6e,53,78,53
"CatalogThumbprint"="9f3dc59ed5a97ca6cc0c3aa82130a3517fcd403052e3cf3f6fb225f643a33769"
"p!CBS_package_137_for_kb4056894~31bf3856ad364e35~amd64~~6.1.1.4.40_f0b5a896e42cb957"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,30,35,36,38,39,34,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,30,35,36,38,39,34,2d,34,30,\
  30,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4074598~31bf3856ad364e35~amd64~~6.1.1.3.40_e190cda811926209"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,30,37,34,35,39,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,33,2e,34,30,37,34,35,39,38,2d,34,30,\
  33,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4088875~31bf3856ad364e35~amd64~~6.1.1.2.40_dbbe15b2b8326af5"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,30,38,38,38,37,35,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,32,2e,34,30,38,38,38,37,35,2d,34,30,\
  38,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_135_for_kb4093118~31bf3856ad364e35~amd64~~6.1.1.4.40_679d99df5e8f1e9c"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,35,5f,66,6f,72,5f,4b,42,\
  34,30,39,33,31,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,30,39,33,31,31,38,2d,33,39,\
  39,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_136_for_kb4103718~31bf3856ad364e35~amd64~~6.1.1.4.41_20d34de4e964737f"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,36,5f,66,6f,72,5f,4b,42,\
  34,31,30,33,37,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,31,30,33,37,31,38,2d,34,30,\
  31,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4284826~31bf3856ad364e35~amd64~~6.1.1.4.42_5622835324c45a7e"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,32,38,34,38,32,36,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,32,38,34,38,32,36,2d,34,30,\
  33,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4338818~31bf3856ad364e35~amd64~~6.1.1.8.43_4de690dcfc2fe9bd"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,33,33,38,38,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,38,2e,34,33,33,38,38,31,38,2d,34,30,\
  38,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4343900~31bf3856ad364e35~amd64~~6.1.1.5.43_35e7a669d2d6bc43"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,33,34,33,39,30,30,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,35,2e,34,33,34,33,39,30,30,2d,34,31,\
  30,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4457144~31bf3856ad364e35~amd64~~6.1.1.6.44_b86d8ff6a365e324"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,34,35,37,31,34,34,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,36,2e,34,34,35,37,31,34,34,2d,34,31,\
  32,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4462923~31bf3856ad364e35~amd64~~6.1.1.4.44_6bdb9821a0248395"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,34,36,32,39,32,33,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,34,36,32,39,32,33,2d,34,31,\
  33,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_137_for_kb4457139~31bf3856ad364e35~amd64~~6.1.1.6.44_9163164e49418dc1"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,37,5f,66,6f,72,5f,4b,42,\
  34,34,35,37,31,33,39,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,36,2e,34,34,35,37,31,33,39,2d,34,31,\
  33,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_138_for_kb4467107~31bf3856ad364e35~amd64~~6.1.1.11.4_677c3d26d25c8fe5"=hex:52,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,36,37,31,30,37,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,31,31,2e,34,34,36,37,31,30,37,2d,34,\
  31,34,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_138_for_kb4471318~31bf3856ad364e35~amd64~~6.1.1.5.44_bef85fdc69269c9e"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,37,31,33,31,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,35,2e,34,34,37,31,33,31,38,2d,34,31,\
  34,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_138_for_kb4480970~31bf3856ad364e35~amd64~~6.1.1.6.44_c640e547c2234505"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,30,39,37,30,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,36,2e,34,34,38,30,39,37,30,2d,34,31,\
  34,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_138_for_kb4486563~31bf3856ad364e35~amd64~~6.1.1.4.44_bb0f1624490a4bcc"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,36,35,36,33,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,34,2e,34,34,38,36,35,36,33,2d,34,31,\
  35,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"p!CBS_package_138_for_kb4489878~31bf3856ad364e35~amd64~~6.1.1.9.44_f00ac766551a70bb"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,39,38,37,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,39,2e,34,34,38,39,38,37,38,2d,34,32,\
  32,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34
"i!CBS_package_138_for_kb4489878~31bf3856ad364e35~amd64~~6.1.1.9.44_f00ac766551a70bb"=hex:51,\
  00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,33,38,5f,66,6f,72,5f,4b,42,\
  34,34,38,39,38,37,38,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,\
  61,6d,64,36,34,7e,7e,36,2e,31,2e,31,2e,39,2e,34,34,38,39,38,37,38,2d,34,32,\
  32,5f,6e,65,75,74,72,61,6c,5f,4c,44,52,34

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.23505 (win7sp1_ldr.160722-0600)\ComponentFamilies\amd64_ef7e786066aaee327fafa648b1dc4e45_31bf3856ad364e35_none_01b766465e913e11\v!6.1.7601.24000]
"InstallMapMissingComponentKey"=-
EndRegedit:
*****************

Error: (0) Failed to create a restore point.

========= reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS =========

The operation completed successfully.



========= End of Reg: =========


====> Registry

==== End of Fixlog 12:46:33 ====

Unfortunately, KB4489878 failed

Thank You

 

[Sysnative Windows Update]

Hi!

Bruce is back, so he will take over from here. :)

 

[midcareer]

Thank you softwaremaniac.....

 

[bruce1270]

Hi Midcareer

I am discussing my next fix with my instructor so will post further instructions very soon. Sorry for the delay.

Thanks

 

[midcareer]

Hi bruce1270, thanks for keeping me appraised....

 

[bruce1270]

Hi Midcareer

Please do the following

Step #1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
Run SURT again and post the CheckSUR.log.

Step#2 - Update Install
Please try to install update KB4493472 only and attach CBS log if it fails.

 

[midcareer]

Hi bruce1270

KB4493472 is not being offered to me by WU.

Please advise how to proceed ? Thank you.

 

[midcareer]

Hello bruce1270

FYI :

I've been having a slightly closer look at my WU. I have it set to "Check for updates but let me choose whether to download and install them".

When I manually select "Check for Updates", I get the error message "Windows could not search for new updates", Error Code 80072EFD, and other messages as follows : "Most recent check for updates 30/03/1019 at 11:41", "Updates were installed 17/3/2019 at 11:27"

 

[bruce1270]

Hi Midcareer

Thank you for the information

Please do the following.

Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
1. Right click on the file and select run as administrator (if you don't have this option just double click the file to run it). When the tool opens click Yes to disclaimer.
2. Press Scan button.
3. It will produce a log called FRST.txt in the same directory the tool is run from (this should be your desktop).
4. Please copy (CTRL + C) and paste (CTRL + V) the FRST.txt log back here.
5. The first time the tool is run it generates another log Addition.txt - also located in the same directory as FRST.exe.
6. Please also paste that along with the FRST.txt into your reply.
Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

 

[midcareer]

Hi bruce1270

I know you say "Please do not attach any logs unless specifically requested.", but I am attaching Fixlog.txt & Checksur.log arising from when I undertook the requested actions set out in your message #155 above.

Below I give the content of FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Zenith (administrator) on SJT_LAPTOP (14-04-2019 02:16:12)
Running from E:\Toshiba\ZENITHfolders\Desktop
Loaded Profiles: Zenith (Available Profiles: Zenith & Administrator & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(OrdinarySoft -> OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Ransomware Protection\Service\arp-application-service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Windows Firewall Control\wfcs.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Windows Firewall Control\wfc.exe
(Comfort Software Group -> Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
(CrispyBytes Software) [File not signed] C:\Program Files (x86)\DateInTray\DateInTray.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRHE.EXE
() [File not signed] C:\Program Files\locate32_x64-3.1.11.7100\locate32.exe
() [File not signed] C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Compal Electronics, Inc. -> TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Ransomware Protection\ARPTray.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Eyeo GmbH -> Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-07-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis, Inc -> Acronis)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [Malwarebytes Windows Firewall Control] => C:\Program Files\Malwarebytes\Windows Firewall Control\wfc.exe [646352 2019-03-30] (Malwarebytes Corporation -> Malwarebytes)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955360 2012-06-28] (Acronis, Inc -> Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-15] (Compal Electronics, Inc. -> TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3268176 2018-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.) [File not signed]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis, Inc -> Acronis)
HKLM-x32\...\Run: [Acronis Ransomware Protection] => C:\Program Files (x86)\Acronis\Ransomware Protection\ARPTray.exe [670752 2018-03-13] (Acronis International GmbH -> Acronis International GmbH)
HKLM\...\Policies\Explorer: [NoCustomizeThisFolder] 0
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\Run: [StartMenuX96] => C:\Program Files\Start Menu X\StartMenuX.exe [9005904 2018-07-27] (OrdinarySoft -> OrdinarySoft)
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [9005904 2018-07-27] (OrdinarySoft -> OrdinarySoft)
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] () [File not signed]
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [4126624 2016-01-22] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\Run: [DateInTray] => C:\Program Files (x86)\DateInTray\DateInTray.exe [95744 2010-03-04] (CrispyBytes Software) [File not signed]
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIRHE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe [1457664 2019-03-23] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\Policies\Explorer: [NoAddPrinter] 0
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
Startup: C:\Users\Zenith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Locate32 Autorun.lnk [2013-11-09]
ShortcutTarget: Locate32 Autorun.lnk -> C:\Program Files\locate32_x64-3.1.11.7100\locate32.exe () [File not signed]
Startup: C:\Users\Zenith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShellFolderFix.lnk [2013-11-02]
ShortcutTarget: ShellFolderFix.lnk -> C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{A5700D22-8339-45DD-88ED-6E7E2F0F48D8}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://signin1.bt.com/login/emailloginform
SearchScopes: HKU\S-1-5-21-3913852468-2856435769-1522613951-1000 -> DefaultScope {C3FB33FD-3450-4D75-9DFE-B984EBB1E04D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3913852468-2856435769-1522613951-1000 -> {C3FB33FD-3450-4D75-9DFE-B984EBB1E04D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-22] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-22] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1388023212684
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)

FireFox:
========
FF DefaultProfile: y9tvmfcb.default
FF ProfilePath: C:\Users\Zenith\AppData\Roaming\Mozilla\Firefox\Profiles\y9tvmfcb.default [2019-04-14]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Zenith\AppData\Roaming\Mozilla\Firefox\Profiles\y9tvmfcb.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2019-04-13]
FF Extension: (Menu Wizard) - C:\Users\Zenith\AppData\Roaming\Mozilla\Firefox\Profiles\y9tvmfcb.default\Extensions\s3menu@wizard.xpi [2017-10-06] [Legacy]
FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Zenith\AppData\Roaming\Mozilla\Firefox\Profiles\y9tvmfcb.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2017-12-09] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%]
FF Extension: (SaveLink) - C:\Users\Zenith\AppData\Roaming\Mozilla\Firefox\Profiles\y9tvmfcb.default\Extensions\{BAFDF624-6BFC-4179-BE0A-925BC15ECFBA}.xpi [2016-08-09] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_156.dll [2019-03-23] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_156.dll [2019-03-23] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3391520 2018-03-01] (Acronis International GmbH -> Acronis International GmbH)
R2 ARPApplicationService; C:\Program Files (x86)\Acronis\Ransomware Protection\Service\arp-cloudusage.exe [25120 2018-03-13] (Acronis International GmbH -> )
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2013-11-17] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2016-11-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-08-15] (Vishal Gupta -> Puran Software) [File not signed]
R2 wfcs; C:\Program Files\Malwarebytes\Windows Firewall Control\wfcs.exe [123600 2019-03-30] (Malwarebytes Corporation -> Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-17] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 2310_00; C:\Windows\system32\drivers\2310_00.sys [170528 2009-06-12] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 272x_1x; C:\Windows\system32\drivers\272x_1x.sys [612672 2012-04-24] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 274x_3x; C:\Windows\system32\drivers\274x_3x.sys [240960 2012-04-24] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [226616 2009-07-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc)
S3 amdhub30; C:\Windows\system32\drivers\amdhub30.sys [106664 2012-08-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
S3 amdide64; C:\Windows\system32\drivers\amdide64.sys [11904 2011-12-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
S3 amdxhc; C:\Windows\system32\drivers\amdxhc.sys [226984 2012-08-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
S3 amd_sata; C:\Windows\system32\drivers\amd_sata.sys [82560 2012-04-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [42624 2012-04-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [38320 2017-09-01] (CHENGDU AOMEI Tech Co., Ltd. -> )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2013-11-17] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 arcm_a64; C:\Windows\system32\drivers\arcm_a64.sys [52768 2009-11-09] (Areca Technology Corporation -> ARECA Technology Corporation)
S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [49048 2012-07-18] (ASMedia Technology Inc. -> Asmedia Technology)
S3 asmthub3; C:\Windows\system32\drivers\asmthub3.sys [138568 2012-08-20] (MCCI Corporation -> ASMedia Technology Inc)
S3 asmtxhci; C:\Windows\system32\drivers\asmtxhci.sys [416072 2012-08-20] (MCCI Corporation -> ASMedia Technology Inc)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation -> Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc. -> Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation -> Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation -> Broadcom Corporation)
S3 cbaf; C:\Windows\System32\Drivers\cbaf.sys [15872 2008-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corp.)
S3 DC133; C:\Windows\system32\drivers\DC133.sys [39320 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC150; C:\Windows\system32\drivers\DC150.sys [39832 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC154; C:\Windows\system32\drivers\DC154.sys [48136 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC300e; C:\Windows\system32\drivers\DC300e.sys [40344 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
R0 DC324e; C:\Windows\System32\drivers\DC324e.sys [49752 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
R0 DC3410; C:\Windows\System32\drivers\DC3410.sys [48328 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC4300; C:\Windows\system32\drivers\DC4300.sys [48360 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 DC600e; C:\Windows\system32\drivers\DC600e.sys [40744 2011-05-02] (Dawicontrol Computersysteme GmbH -> Dawicontrol GmbH)
S3 dfuuwb; C:\Windows\System32\Drivers\DfuUWB.sys [503296 2008-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corp.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3341904 2012-03-26] (Broadcom Corporation -> Broadcom Corporation)
S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [65152 2012-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [88832 2012-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Etron Technology Inc)
R2 file_protector; C:\Windows\System32\DRIVERS\file_protector.sys [570416 2018-03-13] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [77040 2012-11-02] (Fresco Logic Inc -> Fresco Logic)
S3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [75016 2012-04-13] (Future Technology Devices International Ltd -> FTDI Ltd.)
S3 FTSER2K; C:\Windows\system32\drivers\ftser2k.sys [85384 2012-04-13] (Future Technology Devices International Ltd -> FTDI Ltd.)
S3 hptiop; C:\Windows\system32\drivers\hptiop.sys [17440 2009-05-25] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 hptmv; C:\Windows\system32\drivers\hptmv.sys [93472 2006-09-18] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 hptmv6; C:\Windows\system32\drivers\hptmv6.sys [152096 2007-11-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 HWA; C:\Windows\System32\Drivers\HWA.sys [61440 2008-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corp.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-11-19] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [651224 2012-06-29] (Intel Corporation -> Intel Corporation)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10610400 2010-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [38680 2008-05-14] (ITE Tech. Inc. -> ITE Tech. Inc.)
S3 iteraid; C:\Windows\system32\drivers\iteraid.sys [32768 2007-05-02] (Microsoft Windows Hardware Compatibility Publisher -> ITE Tech. Inc.)
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [141152 2007-08-29] (LSI Corporation -> LSI Corporation)
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [133712 2010-12-20] (LSI Corporation -> LSI Corporation)
S3 megasas; C:\Windows\system32\drivers\megasas.sys [34824 2008-11-20] (LSI Corporation -> LSI Corporation)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [51496 2012-02-28] (LSI Corporation -> LSI Corporation)
S3 megasr1; C:\Windows\system32\drivers\MegaSR1.sys [461320 2009-04-16] (LSI Corporation -> LSI Corporation, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 mv61xx; C:\Windows\system32\drivers\mv61xx.sys [183144 2012-05-23] (Marvell Semiconductor -> Marvell Semiconductor, Inc.)
S3 mv91cons; C:\Windows\system32\drivers\mv91cons.sys [28008 2012-10-09] (Marvell Semiconductor -> Marvell Semiconductor Inc.)
S3 mvs91xx; C:\Windows\system32\drivers\mvs91xx.sys [322920 2012-10-09] (Marvell Semiconductor -> Marvell Semiconductor, Inc.)
S3 mvs94xx; C:\Windows\system32\drivers\mvs94xx.sys [367920 2010-12-01] (Marvell Semiconductor -> Marvell Semiconductor, Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [175720 2010-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ocz10xx; C:\Windows\system32\drivers\ocz10xx.sys [139056 2012-04-05] (OCZ Technology Group -> OCZ Technology Group, Inc.)
S3 ocz12xx; C:\Windows\system32\drivers\ocz12xx.sys [138544 2011-09-14] (OCZ Technology Group -> OCZ Technology Group, Inc.)
S3 Pnp680; C:\Windows\system32\drivers\pnp680.sys [80424 2007-11-13] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 rr172x; C:\Windows\system32\drivers\rr172x.sys [124448 2007-11-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr174x; C:\Windows\system32\drivers\rr174x.sys [159264 2007-11-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr2210; C:\Windows\system32\drivers\rr2210.sys [153632 2007-11-01] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr232x; C:\Windows\system32\drivers\rr232x.sys [152096 2008-05-05] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr2340; C:\Windows\system32\drivers\rr2340.sys [162400 2009-12-31] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr2522; C:\Windows\system32\drivers\rr2522.sys [168032 2009-12-31] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr276x; C:\Windows\system32\drivers\rr276x.sys [241472 2012-04-24] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr278x; C:\Windows\system32\drivers\rr278x.sys [240960 2012-04-24] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
S3 rr62x; C:\Windows\system32\drivers\rr62x.sys [156256 2010-06-16] (HighPoint Technologies, Inc. -> HighPoint Technologies, Inc.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Ser2pl; C:\Windows\system32\drivers\ser2pl64.sys [158720 2012-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
S3 SI3112r; C:\Windows\system32\drivers\SI3112r.sys [164656 2007-02-01] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 SI3114; C:\Windows\system32\drivers\SI3114.sys [99120 2006-11-10] (Silicon Image, Inc. -> Silicon Image, Inc.)
S3 SI3114r; C:\Windows\system32\drivers\SI3114R.sys [163632 2007-04-11] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 SI3124; C:\Windows\system32\drivers\SI3124.sys [113456 2006-11-02] (Silicon Image, Inc. -> Silicon Image, Inc.)
S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [340008 2010-04-13] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 SI3132; C:\Windows\system32\drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 Si3531; C:\Windows\system32\drivers\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc. -> Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc. -> Silicon Image, Inc)
S3 silabser; C:\Windows\system32\drivers\silabser.sys [73216 2012-12-11] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories)
R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc. -> Silicon Image, Inc)
R3 usbfilter; C:\Windows\system32\drivers\usbfilter.sys [58536 2012-08-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 uwbusb; C:\Windows\System32\Drivers\usbuwbmini.sys [13312 2008-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corp.)
S3 viamrx64; C:\Windows\system32\drivers\viamrx64.sys [161904 2010-12-02] (VIA Technologies Inc. -> VIA Technologies Inc.,Ltd)
S3 videX64; C:\Windows\system32\drivers\videX64.sys [15000 2010-02-11] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [210944 2012-05-30] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R0 xfiltx64; C:\Windows\System32\drivers\xfiltx64.sys [26776 2010-02-11] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [261120 2012-05-30] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-10-11] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-10-11] (Zemana Ltd. -> Zemana Ltd.)
U1 aswbdisk; no ImagePath
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-11 13:33 - 2019-04-13 01:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-03-30 21:24 - 2019-03-30 21:24 - 000001324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Malwarebytes Windows Firewall Control.lnk
2019-03-30 20:20 - 2019-03-30 20:35 - 000000000 ____D C:\Users\Zenith\AppData\Local\ElevatedDiagnostics
2019-03-17 03:29 - 2019-03-17 03:29 - 000001833 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2019-03-17 03:29 - 2019-03-17 03:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-14 02:18 - 2017-10-16 01:10 - 000651657 _____ C:\Windows\ZAM.krnl.trace
2019-04-14 02:18 - 2017-10-16 01:09 - 000171386 _____ C:\Windows\ZAM_Guard.krnl.trace
2019-04-14 02:16 - 2019-02-11 13:02 - 000000000 ____D C:\FRST
2019-04-14 02:10 - 2016-11-16 00:57 - 000000000 ____D C:\Users\Zenith\AppData\LocalLow\Mozilla
2019-04-14 02:09 - 2009-07-14 06:13 - 000831014 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-14 02:09 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-04-13 16:22 - 2013-12-05 00:37 - 000000000 ____D C:\Users\Zenith\AppData\Roaming\KeePass
2019-04-13 16:18 - 2017-10-24 12:10 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-04-13 15:34 - 2018-10-14 14:34 - 000000911 _____ C:\Windows\Tasks\EPSON XP-640 Series Update {76AFA25E-8169-4CD5-99AD-EC760BC482E9}.job
2019-04-13 15:27 - 2018-10-15 10:46 - 000000000 ____D C:\Users\Zenith\AppData\LocalLow\Adblock Plus for IE
2019-04-13 14:15 - 2009-07-14 05:45 - 000028528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-13 14:15 - 2009-07-14 05:45 - 000028528 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-13 01:34 - 2013-10-13 12:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-11 18:29 - 2017-09-28 01:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-10 22:10 - 2015-12-21 23:00 - 000000000 ____D C:\Users\Zenith\My Safes
2019-04-07 13:53 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-04 19:17 - 2009-07-14 06:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-04-01 00:42 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2019-03-30 21:23 - 2017-10-01 19:48 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-29 11:12 - 2018-04-05 23:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-03-26 01:54 - 2014-08-24 18:40 - 000000000 ____D C:\Users\Zenith\AppData\Local\Adobe
2019-03-26 01:53 - 2013-06-02 01:43 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-03-26 01:53 - 2013-06-02 01:43 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-26 01:53 - 2013-06-02 01:43 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-03-26 01:53 - 2013-06-02 01:43 - 000000000 ____D C:\Windows\system32\Macromed
2019-03-24 18:49 - 2018-10-10 09:14 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-03-23 22:59 - 2018-03-19 16:02 - 000004468 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-03-17 12:27 - 2013-11-17 22:11 - 000000000 ____D C:\Windows\system32\MRT
2019-03-17 12:02 - 2017-10-23 00:34 - 127411920 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2013-06-21 14:50 - 2013-06-21 14:50 - 000000020 ___SH () C:\Users\Zenith\AppData\Roaming\App4870.ConfCollection.bin
2018-10-06 16:03 - 2018-10-06 16:03 - 000000027 _____ () C:\Users\Zenith\AppData\Local\.sdpl-system-config4
2015-01-10 16:23 - 2018-06-28 01:19 - 000007623 _____ () C:\Users\Zenith\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2013-10-05 09:38 - 2013-10-05 09:38 - 000455328 _____ (Microsoft Corporation) C:\Users\Zenith\AppData\Local\Temp\msvcp120.dll
2013-10-05 09:38 - 2013-10-05 09:38 - 000970912 _____ (Microsoft Corporation) C:\Users\Zenith\AppData\Local\Temp\msvcr120.dll
2016-07-31 01:08 - 2016-07-31 01:08 - 003112960 _____ (Jason York) C:\Users\Zenith\AppData\Local\Temp\pc-decrapifier.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-04-03 15:58

==================== End of FRST.txt ============================

And now the content of Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Zenith (14-04-2019 02:19:24)
Running from E:\Toshiba\ZENITHfolders\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-26 23:59:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3913852468-2856435769-1522613951-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3913852468-2856435769-1522613951-501 - Limited - Disabled)
Zenith (S-1-5-21-3913852468-2856435769-1522613951-1000 - Administrator - Enabled) => C:\Users\Zenith

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
Acronis Ransomware Protection (HKLM-x32\...\{31037b5b-f556-4dab-a59c-a72d07e5b0ea}) (Version: 1.0.1470.0 - Acronis International GmbH)
Acronis Ransomware Protection (HKLM-x32\...\{EB388BFF-1784-4B8B-9392-27AF03F8CF28}) (Version: 1.0.1470 - Acronis International GmbH) Hidden
Acronis True Image Home 2012 (HKLM-x32\...\{DE9DDE76-B62E-49E9-B41F-510F83D7706D}) (Version: 15.0.7133 - Acronis) Hidden
Acronis True Image Home 2012 (HKLM-x32\...\{DE9DDE76-B62E-49E9-B41F-510F83D7706D}Visible) (Version: 15.0.7133 - Acronis)
Active Protection (HKLM-x32\...\{7C8D848E-4978-4B8D-88C9-14703DD3DA9F}) (Version: 1.0.899 - Acronis) Hidden
Active@ Boot Disk 13 (HKLM-x32\...\{9770BCC6-C50D-41D7-AE07-5B796D630052}_is1) (Version: 13 - LSoft Technologies Inc)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.156 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)
Adobe Reader 64-bit fixes (HKLM\...\{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1) (Version:  - Leo Davidson / Pretentious Name)
AOMEI Partition Assistant Standard Edition 7.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AOMEI PE Builder 2.0 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5566909D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
ApplicationServiceMSI (HKLM-x32\...\{173C967B-2720-4F83-A757-906FA95FE29C}) (Version: 1.0.1470 - Acronis International GmbH) Hidden
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
CoolUtils Mail Viewer (HKLM-x32\...\CoolUtils Mail Viewer_is1) (Version: 2.5 - Softplicity, Inc.)
DateInTray 1.6 (HKLM-x32\...\DateInTray) (Version: 1.6 - CrispyBytes Software)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.54.0.0 - Seiko Epson Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.50.00 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EPSON XP-640 Series Printer Uninstall (HKLM\...\EPSON XP-640 Series) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Free Countdown Timer (HKLM-x32\...\{404245D0-E836-4737-9C12-D4D0034540F5}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Handset WinDriver 1.03.02.00 (HKLM-x32\...\Handset WinDriver) (Version: 1.03.02.00 - Huawei technologies Co., Ltd.)
Hekasoft Backup & Restore 0.81 (HKLM\...\{PBR27112011-M1447-7KS6-C3E2-1X8374W715U4}_is1) (Version: 0.81 - Hekasoft)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
KeePass Password Safe 2.40 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.40 - Dominik Reichl)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Malwarebytes Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 6.0.2.0 - BiniSoft.org)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{D8D25854-D7F0-45C5-8702-D650A5A23E21}) (Version: 2.3.2208 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 66.0.3 (x64 en-GB) (HKLM\...\Mozilla Firefox 66.0.3 (x64 en-GB)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
Mozilla Thunderbird 60.6.1 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 60.6.1 (x86 en-GB)) (Version: 60.6.1 - Mozilla)
My Drives (HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\...\My Drives) (Version: 1.5 - Ventsislav Alexandriyski)
NTLite v1.2.0.4400 (HKLM\...\NTLite_is1) (Version: 1.2.0.4400 - Nlitesoft)
PowerTools Lite 2013 (HKLM-x32\...\PowerTools Lite 2011) (Version:  - Macecraft Software)
Puran Defrag 7.7.1 (HKLM\...\Puran Defrag_is1) (Version:  - Puran Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
ShellFolderFix 1.1.5 (HKLM\...\{3DD823AB-145A-4522-B9F6-A9566121F837}_is1) (Version:  - )
Skype version 8.23 (HKLM-x32\...\Skype_is1) (Version: 8.23 - Skype Technologies S.A.)
Start Menu X version 6.2 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 6.2 - OrdinarySoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1030 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.30C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.5 - TOSHIBA Corporation)
Tweaking.com - Registry Compressor (HKLM-x32\...\Tweaking.com - Registry Compressor) (Version: 1.1.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.3.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.2C - TOSHIBA) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.2C - TOSHIBA) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Wise Registry Cleaner 9.64 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 9.64 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3913852468-2856435769-1522613951-1000_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll (Microsoft Corporation) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01192C1E-4502-4F48-8E76-694C13884DAE} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe (Lespeed Technology Ltd. -> WiseCleaner.com)
Task: {08EA4503-67BC-40FC-BCFD-F084DE226C3E} - System32\Tasks\EPSON XP-640 Series Update {76AFA25E-8169-4CD5-99AD-EC760BC482E9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRHE.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {26C498B0-05AB-4B58-8B9C-37F70C0C4F69} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {31B1458C-C6C3-456E-BAF6-F798D29E2BBE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3FA6E1FC-31A7-457E-827C-B1916443E66E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5DD340E6-F6FD-41DE-BE19-C66763BC5E11} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6B850993-4155-4E7B-9E53-72C3BB5D36CE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {85DD4BB7-3DBF-42A4-AAC8-0F21818C1ED3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {87AFD18F-6424-4A7F-ACE6-3A0167C81CAE} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {880F592B-F21A-49C5-BE82-D8607C528BEB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {88E1DE6F-35B3-4F7C-B9AB-7DE44FD60DD2} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle America, Inc. -> Oracle Corporation)
Task: {9CBED3B8-F707-487E-867A-80496B2B0B11} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A41452F8-4ADE-4B12-9273-D21A22F7E676} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Windows -> Microsoft Corporation)
Task: {C318F28D-4991-44F0-951F-1617AA253B7C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DA459460-C200-4C4C-A79C-26AF551F91CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DCCF4BDB-2C12-47D7-9C08-265E807E4164} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F2072898-9606-4CA0-92C3-DE4A70A304B2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {FA0E802F-D389-4947-86D8-7D5867643ED9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON XP-640 Series Update {76AFA25E-8169-4CD5-99AD-EC760BC482E9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRHE.EXE:/EXE:{76AFA25E-8169-4CD5-99AD-EC760BC482E9} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-09-14 15:31 - 2016-09-14 15:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2015-12-11 17:14 - 2015-12-11 17:14 - 004968448 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files\EpsonNet\EpsonNet Print\ENSTRMAPIe.dll
2013-11-01 18:33 - 2018-03-28 02:04 - 000100864 _____ () [File not signed] C:\Program Files\ShellFolderFix\ShellFolderFix.dll
2015-02-24 14:49 - 2015-02-24 14:49 - 000236544 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll
2018-04-30 17:00 - 2018-04-30 17:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-03-26 13:07 - 2018-03-26 13:07 - 000126976 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2010-03-04 15:30 - 2010-03-04 15:30 - 000095744 _____ (CrispyBytes Software) [File not signed] C:\Program Files (x86)\DateInTray\DateInTray.exe
2011-07-10 20:40 - 2013-11-07 23:13 - 001966080 _____ () [File not signed] C:\Program Files\locate32_x64-3.1.11.7100\locate32.exe
2011-07-10 20:38 - 2013-11-07 23:13 - 000044544 _____ () [File not signed] C:\Program Files\locate32_x64-3.1.11.7100\keyhelper.dll
2011-07-10 20:39 - 2013-11-07 23:13 - 000122880 _____ () [File not signed] C:\Program Files\locate32_x64-3.1.11.7100\lan_en.dll
2013-11-01 18:33 - 2018-03-28 02:43 - 002630656 _____ () [File not signed] C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
2018-01-11 16:00 - 2018-01-11 16:00 - 000277538 _____ () [File not signed] C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll
2013-05-25 16:56 - 2014-12-22 14:54 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeCountdownTimer\bass.dll
2014-03-30 13:27 - 2014-10-20 15:08 - 000017733 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeCountdownTimer\basswma.dll
2014-03-30 13:27 - 2014-11-28 15:54 - 000021772 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeCountdownTimer\bassflac.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2015-12-17 12:11 - 2015-12-17 12:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2013-06-30 17:51 - 2010-03-03 13:32 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2013-06-30 17:51 - 2010-03-03 13:37 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2013-06-30 17:51 - 2010-03-03 13:37 - 000077824 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\DTMessageLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67046683.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67046683.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-08-11 19:42 - 000000855 ____N C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\ProgramData\Oracle\Java\javapath;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;%systemroot%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Acronis\SnapAPI;C:\Program Files (x86)\Acronis\TrueImageHome;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\
HKU\S-1-5-21-3913852468-2856435769-1522613951-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Zenith\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\startupreg: EPLTarget =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4B45ABC5-2BEA-413F-AE3D-273F148F02F5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3BD27CAB-F4D2-4A2B-ABF0-02A65071D94D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{BA5B9BA1-0201-40F6-9D87-4BABCBA19ED0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{F620FB0A-E80F-4129-95E9-0CD629F873E1}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{2519E7F9-651E-4FC2-9C30-7817A8BC40F0}] => (Allow) C:\Program Files\Malwarebytes\Windows Firewall Control\wfc.exe (Malwarebytes Corporation -> Malwarebytes)
FirewallRules: [{A8E2FEE9-EFB3-4252-BA53-E23E63E8DE3B}] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4CED1257-824B-4018-972E-D5DCD1937F96}] => (Allow) C:\program files\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1468D336-B628-4E66-8A38-C51FD51A0B13}] => (Allow) C:\windows\helppane.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CE194A08-E9B4-4ABE-86EE-8C202E45DBAB}] => (Allow) C:\program files (x86)\common files\acronis\activeprotection\anti_ransomware_service.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{85B5FB5B-B2EA-4AEA-AAC8-AFE8D25B8383}] => (Allow) C:\program files (x86)\mozilla thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{10026052-03A7-4DA3-BC75-6252E72F30C1}] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{16399FFE-A165-4447-BFE9-6F4B960C9A75}] => (Allow) C:\program files\common files\avast software\overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{F792A1A1-77C5-40A5-9A33-C0715FED8435}] => (Allow) C:\program files\microsoft security client\mpcmdrun.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E2C460D3-62B3-4E0D-8B03-6A9847733446}] => (Allow) C:\windows\syswow64\macromed\flash\flashutil32_32_0_0_156_plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{3486026B-81AE-4430-B72A-0BED69462EEF}] => (Block) C:\program files\ccleaner\ccupdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C61A0A01-397C-4081-964A-57C735A6EB74}] => (Block) C:\program files\ccleaner\ccleaner64.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{BC3E40B9-1E27-4B4E-91D4-DD2123CD34C7}] => (Allow) C:\program files (x86)\adobe\acrobat reader dc\reader\acrord32.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{48BD9E73-198F-49B8-83EA-CC6228CF68AD}] => (Allow) C:\program files (x86)\adobe\acrobat reader dc\reader\acrord32.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{1D5241E2-F5F8-4D4F-9484-8D5DFE2941EE}] => (Allow) C:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{A01F8931-1C56-4E33-AA6D-E2CA2E1A84A8}] => (Allow) C:\program files (x86)\acronis\ransomware protection\arptray.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{C1CC503B-23E2-4B19-8DA3-3E253CC87D13}] => (Allow) E:\toshiba\zenithfolders\desktop\frst64.exe (Farbar) [File not signed]
FirewallRules: [{4C216DF8-E8AB-4222-A054-C8710966343E}] => (Allow) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D2111039-A7AC-4198-8EE7-FC0B6BD8959C}] => (Allow) C:\program files\microsoft security client\msseces.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B57DD5D2-F92D-4D77-A26C-874F341503EC}] => (Allow) C:\program files\adblock plus for ie\adblockplusengine.exe (Eyeo GmbH -> Eyeo GmbH)
FirewallRules: [{35CCD245-5113-4FC2-854D-0C3071B9688D}] => (Allow) C:\windows\system32\spool\drivers\x64\3\e_yarnrhe.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [TCP Query User{2655E2C4-9C77-47F4-B38A-C89E94ACC162}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{C993E62D-8834-4402-B90F-71BE8A6A9142}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{3B7CC73E-DC34-40C5-9B14-F86BDC786B5E}] => (Allow) C:\program files (x86)\common files\java\java update\jusched.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{240C1EE1-2E7C-4408-9854-4C96875F26E9}] => (Allow) C:\program files (x86)\common files\java\java update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{961992E6-D147-455B-A977-E79609553853}] => (Allow) C:\windows\system32\compattelrunner.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0F5CFE2E-636F-4949-A8B3-EADEA3FED242}] => (Allow) C:\windows\system32\devicedisplayobjectprovider.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{34BC4DBB-F845-490D-B47B-8B0BF7EED5D6}] => (Allow) C:\program files (x86)\epson\epson scan 2\core\es2launcher.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{F2ED2E71-0637-446E-87F4-234A26606B6C}] => (Allow) I:\18a14585f0b64c7790\checksur.exe No File
FirewallRules: [{EF841B3F-401E-40B5-ADA1-B0B996A24D4B}] => (Allow) C:\program files (x86)\adobe\acrobat reader dc\reader\adobecollabsync.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{C82FFDEA-EC6B-4AE3-83E3-4BDD2AE13D30}] => (Allow) C:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{CB826BD4-4F1F-4F70-B8E7-B260D3451384}] => (Allow) I:\d08cd823699ba4a868\checksur.exe No File
FirewallRules: [{49084406-2EF1-4B13-BD34-7CD454F0C464}] => (Allow) C:\windows\system32\consent.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{45D3DBA9-10E8-420A-B635-19F9341D6E5F}] => (Allow) C:\program files (x86)\keepass password safe 2\keepass.exe (Open Source Developer, Dominik Reichl -> Dominik Reichl)
FirewallRules: [{8BBA1930-D5EB-4CA1-B2FB-CBFF794B7787}] => (Allow) C:\program files (x86)\mozilla maintenance service\maintenanceservice.exe (Mozilla Corporation -> Mozilla Foundation)
FirewallRules: [{04A04247-F079-426B-A050-3617DE83A52E}] => (Allow) I:\8bbc6f788331276524f9e750\checksur.exe No File
FirewallRules: [{C3D45DFB-1E2D-4FFD-9A66-D000CDA205B6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{41823EF9-50C0-43C0-9942-E8FB952451F5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (04/13/2019 03:06:37 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.291.1815.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.15800.1

    Error code: 0x80072efd

    Error description: A connection with the server could not be established

Error: (04/13/2019 03:04:52 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.291.1757.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.15800.1

    Error code: 0x80072efd

    Error description: A connection with the server could not be established

Error: (04/13/2019 12:51:45 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.291.1646.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.15800.1

    Error code: 0x80072efd

    Error description: A connection with the server could not be established

Error: (04/11/2019 01:35:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.291.1560.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.15800.1

    Error code: 0x80072efd

    Error description: A connection with the server could not be established

Error: (04/10/2019 12:15:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.291.1373.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.15800.1

    Error code: 0x80072efd

    Error description: A connection with the server could not be established

Error: (04/08/2019 10:17:24 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.291.1314.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.15800.1

    Error code: 0x80072efd

    Error description: A connection with the server could not be established


CodeIntegrity:
===================================

Date: 2017-10-21 18:15:02.015
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-21 18:15:01.859
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 60%
Total physical RAM: 5938.67 MB
Available physical RAM: 2371.4 MB
Total Virtual: 13436.82 MB
Available Virtual: 9831.49 MB

==================== Drives ================================

Drive c: (  !  Win 7  Local Disk  !) (Fixed) (Total:75 GB) (Free:26.68 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (  !  Win 7 Images  !) (Fixed) (Total:110 GB) (Free:8.38 GB) NTFS
Drive e: (DATA) (Fixed) (Total:45 GB) (Free:17.8 GB) NTFS
Drive f: (MISC) (Fixed) (Total:65.01 GB) (Free:42.12 GB) NTFS
Drive g: (  !  XP  Local Disk  !) (Fixed) (Total:55 GB) (Free:37.05 GB) NTFS
Drive h: (  !  XP  Images  !) (Fixed) (Total:75 GB) (Free:49.03 GB) NTFS
Drive i: (SPARE) (Fixed) (Total:171.15 GB) (Free:128.54 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 4D621CDE)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=521.2 GB) - (Type=05)

==================== End of Addition.txt ============================

Many Thanks.

 

[bruce1270]

Hi Midcareer

Please do the following

Step #1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Step#2 - Update Install
Please try windows update again and install KB4493472 only and attach CBS log if it fails.