Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How do I remove Go.Redirectro.com malware?

Go.Redirectro.com in.search.yahoo.com malware

  • Please log in to reply

#1
Kayesh

Kayesh

    New Member

  • Member
  • Pip
  • 6 posts

Hi there,

 

I read below topic and I have the same problem. Unfortunately a part of the solution is 'custom-made' for the person who posted it.

 

http://www.geekstogo...ing-redirected/

 

Can I get the same help? 

 

Or is there another way to remove this malware?

 

Thanks for helping

 

Kayesh


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,598 posts
  • MVP
 
[*]Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
[*]Check the Addition.txt box
[*]Press Scan button. 
[*]It will produce a log called FRST.txt in the same directory the tool is run from.  
[*]Please copy and paste log back here. 
[*]It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

  • 0

#3
Kayesh

Kayesh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hello RKinner, thanks for your time and help ...

 

I scanned with the settings which were there when I started the program.

 

In 'Whitelist' section all options were checked and in 'Optional Scan' the 'Addition.txt' was checked when I did the scan.

 

I attach the requested files to this reply.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by user (administrator) on USER-PC (04-08-2017 09:23:58)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\Program Files (x86)\MMX353G 3G USB Manager\Driver\ChgService.exe
(Avid Technology, Inc.) C:\Program Files\Avid\Pro Tools\MMERefresh.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\xampp\mysql\bin\mysqld.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(SDL) C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
() C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA1000M\WPSService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\AirPrint\airprint.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(eVenture Limited) C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
(Adobe Systems Incorporated ) C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS6\dynamiclinkmanager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Users\user\Downloads\SkypePortable\App\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(None) C:\Program Files (x86)\Classic PDF Editor\PDFVPrinter.exe
(Red Software) C:\Program Files\PDFescape Desktop\creator-ws.exe
(Red Software) C:\Program Files\PDFescape Desktop\ws.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-20] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2016-02-03] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4514304 2014-08-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144184 2016-12-13] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5779232 2017-07-18] (IObit)
HKLM-x32\...\Run: [PDFVPrinter] => C:\Program Files (x86)\Classic PDF Editor\PDFVPrinter.exe [28672 2011-07-26] (None)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {11cf0da2-bcb9-11e3-b981-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {1b83ef7b-1a9f-11e3-91f2-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {255175e2-6afa-11e2-9860-50465d8d7f0d} - F:\.\ShowModem.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {26b46e00-6a2c-11e2-9ce3-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {3893a4d8-a14d-11e3-a18f-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {6637c49b-c839-11e6-9296-50465d8d7f0d} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {6b0e6f57-890b-11e3-907a-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {933163ad-827c-11e4-984b-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {a7a86924-9cf9-11e6-b52c-50465d8d7f0d} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {a7a86936-9cf9-11e6-b52c-50465d8d7f0d} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {a7a86944-9cf9-11e6-b52c-50465d8d7f0d} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {abcb8a2a-6783-11e2-83dd-806e6f6e6963} - E:\shellexec.exe rom\index.html
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {b9c07f58-215e-11e4-b017-50465d8d7f0d} - I:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {bdb0f44e-695a-11e2-904f-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {d9e665ff-5044-11e3-9820-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {de5f0cb2-8935-11e4-b215-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {e34c13ef-6aa8-11e2-97c4-50465d8d7f0d} - G:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2017-02-20] (Microsoft Corporation)
CHR HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B1D85646-49F0-4752-A37A-94AD17479C8B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E7E8DB1C-03DA-469C-9FB7-7C2A3F641AD7}: [DhcpNameServer] 192.168.9.1 192.168.9.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com/?fr=fp-comodo&type=19_25050030005_52.15.25.664_u_hp
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3599117210-139940529-1983179741-1000 -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=19_25050030005_52.15.25.664_u_ds&p={searchTerms}&rlz=1I7SAVJ_enIN527
SearchScopes: HKU\S-1-5-21-3599117210-139940529-1983179741-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=19_25050030005_52.15.25.664_u_ds&p={searchTerms}&rlz=1I7SAVJ_enIN527
BHO: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-04] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-15] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-04] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files (x86)\PDFescape Desktop\creator-ie-helper.dll [2017-07-13] (Red Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-15] (Oracle Corporation)
BHO-x32: Aimersoft YouTube Downloader 4.9.0 -> {DED5B67D-3E39-4432-BD75-6A1434E09472} -> C:\ProgramData\Aimersoft\YouTube Downloader\WSBrowserAppMgr.dll [2016-08-08] ()
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH)
Toolbar: HKLM-x32 - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files (x86)\PDFescape Desktop\creator-ie-plugin.dll [2017-07-13] (Red Software)
Toolbar: HKU\S-1-5-21-3599117210-139940529-1983179741-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-3599117210-139940529-1983179741-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-3599117210-139940529-1983179741-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r8s5bbdm.default [2017-08-03]
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r8s5bbdm.default\user.js [2017-06-29]
FF NewTab: Mozilla\Firefox\Profiles\r8s5bbdm.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r8s5bbdm.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\r8s5bbdm.default -> hxxps://www.google.com/search?bcutc=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\r8s5bbdm.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\r8s5bbdm.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\r8s5bbdm.default -> hxxps://www.google.com/?bcutc=sp-006
FF Keyword.URL: Mozilla\Firefox\Profiles\r8s5bbdm.default -> hxxps://www.google.com/search?bcutc=sp-006
FF Extension: (UploadProgress) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r8s5bbdm.default\Extensions\[email protected] [2016-06-29]
FF Extension: (Avast SafePrice) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r8s5bbdm.default\Extensions\[email protected] [2017-06-03]
FF Extension: (Avast Online Security) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r8s5bbdm.default\Extensions\[email protected] [2017-06-03]
FF Extension: (Video DownloadHelper) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r8s5bbdm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-07-15]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r8s5bbdm.default\searchplugins\google-avast.xml [2016-12-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2017-01-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-09-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Aimersoft\YouTube Downloader\[email protected]_xpi
FF Extension: (Aimersoft YouTube Downloader) - C:\ProgramData\Aimersoft\YouTube Downloader\[email protected]_xpi [2016-10-02]
FF HKLM-x32\...\Firefox\Extensions: [{73B03417-517F-4ABC-A430-33518B96A552}] - C:\Program Files (x86)\Aimersoft\YouTube Downloader\SVRFirefoxExt
FF Extension: (No Name) - C:\Program Files (x86)\Aimersoft\YouTube Downloader\SVRFirefoxExt [2014-06-04] [not signed]
FF HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 => not found
FF HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\Firefox\Extensions: [{73B03417-517F-4ABC-A430-33518B96A552}] - C:\Program Files (x86)\Aimersoft\YouTube Downloader\SVRFirefoxExt
FF HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-15] ()
FF Plugin: @alternatiff.com/AlternaTIFF -> C:\Program Files\MIE\AlternaTIFF\npatif64.dll [2015-01-16] (Medical Informatics Engineering, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll [2013-01-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-03-25] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)
FF Plugin-x32: PDFescape Desktop -> C:\Program Files (x86)\PDFescape Desktop\np-previewer.dll [2017-07-13] (Red Software)
FF Plugin HKU\S-1-5-21-3599117210-139940529-1983179741-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3599117210-139940529-1983179741-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\user\AppData\Roaming\Zoom\bin_00\npzoomplugin.dll [2017-07-18] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://encrypted.google.com
CHR StartupUrls: Default -> "hxxps://encrypted.google.com"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/yhs/search?p={searchTerms}&hspart=comodo&hsimp=yhs-ccs&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-08-04]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-29]
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2017-04-07]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-29]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-29]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]
CHR Extension: (Dropbox for Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-05-10]
CHR Extension: (XV — XML Viewer) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocglpgjdpaefaedpblffpeebgmgddk [2017-07-13]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-04]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-29]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-04]
CHR Extension: (Zoom) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbjbjdpkobdjplfobhljndfdfdipjhg [2017-07-27]
CHR Extension: (Grammarly for Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-29]
CHR Extension: (Zoom Scheduler) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2017-06-29]
CHR Extension: (Yesware Reports) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamkjnolhg [2015-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-15]
CHR Extension: (Streak CRM for Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2017-06-19]
CHR HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mffeojddidkjekjfdhipjldikhhohipn] - C:\Program Files (x86)\Aimersoft\YouTube Downloader\SVRChromePlugin.crx <not found>
 
Opera: 
=======
OPR Extension: (Fast search) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-08-02]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-28] (Adobe Systems) [File not signed]
R2 AirPrint; C:\Program Files (x86)\AirPrint\airprint.exe [234784 2016-09-17] (Apple Inc.)
R2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [82384 2016-02-25] (American Megatrends Inc.)
R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2014-07-17] (Apache Software Foundation) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-20] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-20] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [311592 2017-07-20] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-10-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-10-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-10-21] (BlueStack Systems, Inc.)
R2 Change Modem Device Service; C:\Program Files (x86)\MMX353G 3G USB Manager\Driver\ChgService.exe [135168 2012-10-23] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-09] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-08-02] (Dropbox, Inc.)
R2 DigiRefresh; C:\Program Files\Avid\Pro Tools\MMERefresh.exe [117760 2017-07-24] (Avid Technology, Inc.) [File not signed]
S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools\digisptiservice64.exe [197632 2017-07-24] (Avid Technology, Inc.) [File not signed]
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2272904 2016-09-29] (Comodo)
R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [138912 2017-07-24] (eVenture Limited)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-06-04] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1768736 2017-07-18] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 mysql; C:\xampp\mysql\bin\mysqld.exe [10982912 2014-07-18] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (© pdfforge GmbH.)
R3 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2343728 2017-07-13] (Red Software)
R2 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator-ws.exe [757552 2017-07-13] (Red Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2012-12-04] (PostgreSQL Global Development Group) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 Sdl.ProductTelemetrics.v1; C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe [12288 2016-02-29] (SDL) [File not signed]
R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S2 Tomcat7; C:\xampp\tomcat\bin\tomcat7.exe [80896 2013-07-02] (Apache Software Foundation) [File not signed]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] () [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4087568 2016-12-13] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 WPSService; C:\Program Files (x86)\NETGEAR\WNA1000M\WPSService.exe [287448 2013-04-03] ()
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1040184 2016-12-13] (Check Point Software Technologies Ltd.)
U4 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Agpproiovs; no ImagePath
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-20] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-20] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-20] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-20] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-20] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-07-04] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [554528 2017-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-04] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-10-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-10-07] (Bluestack System Inc. )
S2 CXIR; C:\Windows\System32\drivers\cxcir64.sys [44032 2011-05-04] (Conexant Systems, Inc.)
S3 CXPOLARIS; C:\Windows\System32\drivers\cxpolar64.sys [428288 2011-05-04] (Conexant Systems, Inc.)
S3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2746624 2010-07-14] (Hewlett-Packard)
R1 DuoVMDrv; C:\Windows\System32\DRIVERS\DuoVMDrv.sys [239536 2015-11-04] (American Megatrends Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R1 IMFCameraProtect; C:\Windows\system32\drivers\IMFCameraProtect.sys [26272 2017-03-17] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [21360 2017-03-08] (IObit.com)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22440 2017-01-06] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [16216 2017-06-30] (IObit.com)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-08-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [180560 2016-08-02] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [292176 2016-08-02] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1015120 2016-08-02] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-08-02] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-08-03] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-03] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-08-04] (Malwarebytes)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 PHYMEM; C:\Windows\system32\ami_ipower.sys [15992 2016-05-18] ()
S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [18528 2014-10-23] ()
S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [15456 2014-10-23] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-05-01] (Corel Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34752 2016-12-15] (IObit.com)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\WNA1000M.sys [855144 2011-01-31] (Realtek Semiconductor Corporation                           )
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-03-19] (Duplex Secure Ltd.)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [34512 2015-06-23] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-25] (Anchorfree Inc.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-03-16] (Check Point Software Technologies Ltd.)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-09-03] (Wondershare)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-04 09:23 - 2017-08-04 09:26 - 000043197 _____ C:\Users\user\Desktop\FRST.txt
2017-08-04 09:22 - 2017-08-04 09:23 - 000000000 ____D C:\FRST
2017-08-04 02:05 - 2017-08-04 02:14 - 000000000 ____D C:\Users\user\AppData\Roaming\PDFescape Desktop
2017-08-04 02:05 - 2017-08-04 02:05 - 000000792 _____ C:\Users\Public\Desktop\PDFescape Desktop.lnk
2017-08-04 02:03 - 2017-08-04 02:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFescape Desktop
2017-08-04 02:02 - 2017-08-04 02:11 - 000000000 ____D C:\Program Files\PDFescape Desktop
2017-08-04 02:02 - 2017-08-04 02:04 - 000000000 ____D C:\Program Files (x86)\PDFescape Desktop
2017-08-04 02:02 - 2017-08-04 02:02 - 000000000 ____D C:\Users\user\Documents\PDFescape Desktop
2017-08-04 01:56 - 2017-08-04 01:56 - 000000000 ____D C:\ProgramData\PDFescape Desktop
2017-08-04 01:54 - 2017-08-04 01:55 - 006483816 _____ (© RedSoftware) C:\Users\user\Desktop\PDFescape_Desktop_Installer.exe
2017-08-04 01:18 - 2017-08-04 01:18 - 000000000 ____D C:\Users\user\Classic PDF Editor Files
2017-08-04 01:15 - 2017-08-04 01:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic PDF Editor
2017-08-04 01:15 - 2017-08-04 01:15 - 000000000 ____D C:\Program Files (x86)\Classic PDF Editor
2017-08-04 01:10 - 2017-08-04 01:12 - 017600050 _____ ( ) C:\Users\user\Desktop\ClassicPDFSetup.exe
2017-08-03 14:37 - 2017-08-03 14:40 - 002381312 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-08-03 08:10 - 2017-08-03 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-03 07:16 - 2017-08-03 07:16 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-02 23:01 - 2017-08-02 23:01 - 000000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-08-02 22:08 - 2017-08-02 22:08 - 000602216 _____ C:\Users\user\Desktop\News&Notes 5th August  2017 [709].pdf
2017-08-02 21:48 - 2017-08-03 14:35 - 000000000 ____D C:\Users\user\AppData\LocalLow\IObit
2017-08-02 21:48 - 2017-08-02 22:16 - 000000000 ____D C:\ProgramData\ProductData
2017-08-02 21:48 - 2017-08-02 21:48 - 000001172 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-08-02 21:48 - 2017-08-02 21:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-08-02 21:48 - 2017-03-17 12:31 - 000026272 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2017-08-02 21:47 - 2017-08-02 21:48 - 008185288 _____ (Malwarebytes) C:\Users\user\Desktop\adwcleaner_7.0.1.0.exe
2017-08-02 21:45 - 2017-08-02 21:47 - 040996152 _____ (IObit ) C:\Users\user\Desktop\IObit-Malware-Fighter-Setup.exe
2017-08-02 20:43 - 2017-08-02 20:43 - 000001566 _____ C:\Windows\Tasks\MsF to Iwares Starter Edition.job
2017-08-02 20:02 - 2017-08-04 07:29 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-02 20:02 - 2017-08-03 07:19 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-02 20:02 - 2017-08-03 07:18 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-02 20:02 - 2017-08-02 20:03 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-02 20:02 - 2017-08-02 20:02 - 000001866 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-02 20:02 - 2017-08-02 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-02 20:02 - 2017-08-02 20:02 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-02 20:02 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-08-02 12:54 - 2017-08-02 12:54 - 000000004 _____ C:\ProgramData\_lg.3sap
2017-08-02 12:49 - 2017-08-03 07:16 - 000000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2017-08-02 04:44 - 2017-08-02 04:44 - 000000000 ___HD C:\$AV_ASW
2017-08-02 02:56 - 2017-08-02 23:23 - 004049016 _____ (Google) C:\Users\user\Desktop\chrome_cleanup_tool.exe
2017-08-02 02:49 - 2017-08-02 20:43 - 000016780 _____ C:\Windows\System32\Tasks\MsF to Iwares Starter Edition
2017-08-02 00:23 - 2017-08-02 00:23 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-08-02 00:23 - 2017-08-02 00:23 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-08-02 00:23 - 2017-08-02 00:23 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-08-02 00:23 - 2017-08-02 00:23 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-08-01 15:33 - 2017-08-01 16:09 - 000715789 _____ C:\Users\user\Desktop\USB-card-drive-order-sheet.xlsx
2017-07-31 01:59 - 2017-08-01 15:32 - 000715831 _____ C:\Users\user\Desktop\audio-bundles-order-form.xlsx
2017-07-30 15:13 - 2017-08-02 14:45 - 000002209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2017-07-30 15:13 - 2017-08-02 14:44 - 000002165 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-07-27 22:45 - 2017-07-27 22:45 - 000049135 _____ C:\Users\user\Downloads\trid_w32.zip
2017-07-27 22:45 - 2017-07-27 22:45 - 000000000 ____D C:\Users\user\Downloads\trid_w32
2017-07-24 20:52 - 2017-07-24 21:06 - 000000000 ____D C:\Users\user\Documents\Untitled
2017-07-24 20:42 - 2017-07-24 21:25 - 000000000 ____D C:\Users\user\Documents\Podcasting
2017-07-24 20:31 - 2017-07-24 21:07 - 000000000 ____D C:\Users\user\Documents\Pro Tools
2017-07-24 20:30 - 2017-07-24 21:25 - 000000000 ____D C:\Users\Public\Pro Tools
2017-07-24 20:29 - 2017-07-24 20:29 - 000000000 ____D C:\Users\user\AppData\Local\Avid
2017-07-24 17:21 - 2017-08-02 14:44 - 000001936 _____ C:\Users\Public\Desktop\Pro Tools 12.lnk
2017-07-24 17:21 - 2017-07-24 17:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
2017-07-24 16:42 - 2017-07-24 16:51 - 000000000 ____D C:\Users\Public\Documents\Avid Video Engine
2017-07-24 16:42 - 2017-07-24 16:50 - 000000000 ____D C:\Program Files\Avid
2017-07-24 16:42 - 2017-07-24 16:42 - 000000000 ____D C:\Users\user\AppData\Roaming\Avid
2017-07-24 16:42 - 2017-07-24 16:42 - 000000000 ____D C:\Program Files (x86)\Avid
2017-07-24 15:19 - 2017-07-24 15:19 - 000762120 _____ (Avid Technology, Inc.) C:\Windows\system32\AvOmfToolkit.dll
2017-07-24 15:19 - 2017-07-24 15:19 - 000318464 _____ (Propellerhead Software AB) C:\Windows\system32\REX Shared Library.dll
2017-07-24 15:19 - 2017-07-24 15:19 - 000072968 _____ (Avid Technology, Inc.) C:\Windows\system32\libjpegV4.dll
2017-07-24 15:19 - 2017-07-24 15:19 - 000066560 _____ C:\Windows\system32\ntrights.exe
2017-07-24 13:32 - 2017-07-24 13:32 - 000630784 _____ (PACE Anti-Piracy) C:\Windows\SysWOW64\ilinet.dll
2017-07-24 13:09 - 2017-07-24 13:09 - 001459872 _____ C:\Users\user\Documents\3359_Avid-Pro_Tools_.torrent
2017-07-22 00:35 - 2017-07-22 00:35 - 000000132 _____ C:\Users\user\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2017-07-21 12:55 - 2017-07-21 12:55 - 000025130 _____ C:\Users\user\Desktop\digital-publications_cd+app+usb-drive_2017-07-21.xlsx
2017-07-20 11:53 - 2017-07-20 12:11 - 000012472 _____ C:\Users\user\Desktop\all-bundles-comparison.xlsx
2017-07-20 11:52 - 2017-07-20 12:10 - 000012579 _____ C:\Users\user\Desktop\5-bundles-with-better-revenue-for-ashram.xlsx
2017-07-20 11:04 - 2017-07-20 12:10 - 000012691 _____ C:\Users\user\Desktop\about-avrpt-usb-card-drives.xlsx
2017-07-20 02:00 - 2017-07-20 02:00 - 000400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-19 21:56 - 2015-10-14 09:58 - 001431552 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2017-07-19 21:55 - 2017-07-19 21:55 - 000000000 ____D C:\Users\user\Desktop\iZotope_Nectar_v2_03_Production_Suite
2017-07-19 21:53 - 2017-07-19 21:53 - 000000000 ____D C:\Program Files\Soundspot
2017-07-18 13:58 - 2017-07-18 13:58 - 000000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2017-07-17 21:21 - 2017-07-17 21:21 - 000165193 _____ C:\Users\user\Desktop\Crash Mats.xlsx
2017-07-16 21:01 - 2017-07-16 21:01 - 000000000 ____D C:\MagicPlusMini
2017-07-15 21:30 - 2017-07-15 21:30 - 000000000 _____ C:\Users\user\AppData\Local\{ECB12073-E17B-4A30-AA00-0AF50361E40A}
2017-07-15 21:29 - 2017-07-16 17:58 - 000000000 ____D C:\Users\user\Desktop\torrent
2017-07-15 14:17 - 2017-07-28 07:02 - 000000000 ____D C:\ProgramData\xml_param
2017-07-15 12:50 - 2017-07-17 21:06 - 000000000 ____D C:\Users\user\Desktop\sonia-yoga-nidra
2017-07-13 23:00 - 2017-07-13 23:00 - 000000000 ___SD C:\Users\user\Documents\My Data Sources
2017-07-13 15:59 - 2017-07-13 15:59 - 000633144 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2017-07-13 15:59 - 2017-07-13 15:59 - 000395592 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2017-07-13 15:59 - 2017-07-13 15:59 - 000333632 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2017-07-13 15:59 - 2017-07-13 15:59 - 000087880 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2017-07-13 12:32 - 2017-07-19 21:56 - 000000000 ____D C:\Program Files\VSTPlugIns
2017-07-13 12:32 - 2017-07-13 12:33 - 000000000 ___SD C:\Program Files (x86)\Waves
2017-07-13 12:32 - 2017-07-13 12:32 - 000000000 ____D C:\Program Files\Common Files\Digidesign
2017-07-13 12:21 - 2017-07-13 12:21 - 000000000 ____D C:\Users\user\AppData\Local\Waves Audio
2017-07-13 12:20 - 2017-07-13 12:34 - 000000000 ___SD C:\ProgramData\Waves Audio
2017-07-13 12:20 - 2017-07-13 12:20 - 000000000 ____D C:\Users\user\.Waves Central
2017-07-13 12:20 - 2017-07-13 12:20 - 000000000 ____D C:\Users\user\.QtWebEngineProcess
2017-07-13 12:19 - 2017-07-24 21:07 - 000000000 ____D C:\Users\user\AppData\Roaming\Waves Audio
2017-07-13 12:12 - 2017-07-13 12:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2017-07-13 12:11 - 2017-07-13 12:33 - 000000000 ___SD C:\Users\Public\Waves Audio
2017-07-13 12:11 - 2017-07-13 12:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves
2017-07-13 12:10 - 2017-08-02 14:44 - 000001226 _____ C:\Users\Public\Desktop\Waves Central.lnk
2017-07-13 12:10 - 2017-07-13 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves Central
2017-07-13 12:09 - 2017-07-13 12:09 - 000000000 ____D C:\Program Files (x86)\Waves Central
2017-07-12 16:29 - 2017-06-30 09:45 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 16:29 - 2017-06-30 09:02 - 000346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-12 16:29 - 2017-06-30 08:27 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 16:29 - 2017-06-30 08:27 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 16:29 - 2017-06-30 08:09 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 16:29 - 2017-06-30 08:08 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-12 16:29 - 2017-06-29 11:57 - 025734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 16:29 - 2017-06-29 11:34 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-12 16:29 - 2017-06-29 11:33 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-12 16:29 - 2017-06-29 11:32 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 16:29 - 2017-06-29 11:32 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 16:29 - 2017-06-29 11:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-12 16:29 - 2017-06-29 11:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 16:29 - 2017-06-29 11:20 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 16:29 - 2017-06-29 11:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 16:29 - 2017-06-29 11:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-12 16:29 - 2017-06-29 11:14 - 005975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 16:29 - 2017-06-29 11:13 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 16:29 - 2017-06-29 11:09 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-12 16:29 - 2017-06-29 11:01 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-12 16:29 - 2017-06-29 11:01 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 16:29 - 2017-06-29 11:00 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-12 16:29 - 2017-06-29 10:57 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-12 16:29 - 2017-06-29 10:56 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 16:29 - 2017-06-29 10:53 - 020270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-12 16:29 - 2017-06-29 10:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-12 16:29 - 2017-06-29 10:53 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 16:29 - 2017-06-29 10:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-12 16:29 - 2017-06-29 10:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-12 16:29 - 2017-06-29 10:52 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-12 16:29 - 2017-06-29 10:49 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-12 16:29 - 2017-06-29 10:46 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-12 16:29 - 2017-06-29 10:44 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-12 16:29 - 2017-06-29 10:43 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-12 16:29 - 2017-06-29 10:43 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-12 16:29 - 2017-06-29 10:41 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-12 16:29 - 2017-06-29 10:39 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 16:29 - 2017-06-29 10:39 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-12 16:29 - 2017-06-29 10:38 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-12 16:29 - 2017-06-29 10:37 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 16:29 - 2017-06-29 10:35 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-12 16:29 - 2017-06-29 10:31 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-12 16:29 - 2017-06-29 10:30 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-12 16:29 - 2017-06-29 10:30 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-12 16:29 - 2017-06-29 10:28 - 015253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 16:29 - 2017-06-29 10:28 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-12 16:29 - 2017-06-29 10:26 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-12 16:29 - 2017-06-29 10:26 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-12 16:29 - 2017-06-29 10:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-12 16:29 - 2017-06-29 10:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 16:29 - 2017-06-29 10:22 - 004549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-12 16:29 - 2017-06-29 10:18 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-12 16:29 - 2017-06-29 10:17 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-12 16:29 - 2017-06-29 10:16 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-12 16:29 - 2017-06-29 10:16 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-12 16:29 - 2017-06-29 10:13 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-12 16:29 - 2017-06-29 10:11 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 16:29 - 2017-06-29 09:58 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-12 16:29 - 2017-06-29 09:54 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-12 16:29 - 2017-06-22 20:28 - 003223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 16:29 - 2017-06-16 01:53 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 16:29 - 2017-06-13 04:24 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 16:29 - 2017-06-13 04:24 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 16:29 - 2017-06-13 04:24 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 16:29 - 2017-06-13 04:19 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 16:29 - 2017-06-13 04:19 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 16:29 - 2017-06-13 04:19 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 16:29 - 2017-06-13 04:19 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 16:29 - 2017-06-13 04:19 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 16:29 - 2017-06-13 04:19 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 16:29 - 2017-06-13 03:59 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 16:29 - 2017-06-13 03:59 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 16:29 - 2017-06-13 03:59 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 16:29 - 2017-06-13 03:58 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 16:29 - 2017-06-13 03:58 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 16:29 - 2017-06-13 03:58 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-12 16:29 - 2017-06-13 03:44 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 16:29 - 2017-06-13 03:44 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 16:29 - 2017-06-13 03:44 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 16:29 - 2017-06-13 03:36 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 16:29 - 2017-06-13 03:36 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-12 16:29 - 2017-06-13 03:36 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-12 16:29 - 2017-06-10 21:29 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 16:29 - 2017-06-10 21:09 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 16:29 - 2017-06-09 21:03 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 16:29 - 2017-06-06 21:00 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 16:29 - 2017-06-06 20:42 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 16:29 - 2017-05-30 10:26 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 16:29 - 2017-05-30 10:26 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 16:29 - 2017-05-30 10:26 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 16:29 - 2017-05-16 21:05 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 16:29 - 2017-05-16 21:05 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 16:29 - 2017-05-03 21:04 - 000094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-12 16:29 - 2017-05-03 20:59 - 001206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-12 16:29 - 2017-05-03 18:35 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-12 16:29 - 2017-05-03 18:35 - 000620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-12 16:29 - 2017-05-03 18:35 - 000535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-12 16:29 - 2017-05-03 18:35 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-12 16:29 - 2017-05-03 18:35 - 000311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-12 16:29 - 2017-05-03 18:35 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-12 16:29 - 2017-05-03 18:35 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-12 16:29 - 2017-03-23 07:36 - 001691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-12 16:28 - 2017-06-30 08:27 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 16:28 - 2017-06-30 08:27 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 16:28 - 2017-06-30 08:27 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 16:28 - 2017-06-30 08:27 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 16:28 - 2017-06-30 08:27 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 16:28 - 2017-06-30 08:27 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 16:28 - 2017-06-30 08:27 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 16:28 - 2017-06-30 08:27 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 16:28 - 2017-06-30 08:10 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 16:28 - 2017-06-30 08:10 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 16:28 - 2017-06-30 08:09 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 16:28 - 2017-06-30 08:08 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 16:28 - 2017-06-30 08:08 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-12 16:28 - 2017-06-30 08:08 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-12 16:28 - 2017-06-30 08:08 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-12 16:28 - 2017-06-30 08:08 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-12 16:28 - 2017-06-30 08:08 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-12 16:28 - 2017-06-30 08:08 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-12 16:28 - 2017-06-30 07:57 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-12 16:28 - 2017-06-30 07:57 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-12 16:28 - 2017-06-30 07:56 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-12 16:28 - 2017-06-30 07:56 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-12 16:28 - 2017-06-29 11:49 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-12 16:28 - 2017-06-29 11:48 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 16:28 - 2017-06-29 11:33 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-12 16:28 - 2017-06-29 11:32 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 16:28 - 2017-06-29 11:25 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-12 16:28 - 2017-06-29 11:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-12 16:28 - 2017-06-29 11:05 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-12 16:28 - 2017-06-29 10:53 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-12 16:28 - 2017-06-29 10:52 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-12 16:28 - 2017-06-29 10:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-12 16:28 - 2017-06-29 10:43 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-12 16:28 - 2017-06-29 09:59 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 16:28 - 2017-06-29 09:53 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 16:28 - 2017-06-13 04:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 16:28 - 2017-06-13 03:59 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 16:28 - 2017-06-13 03:59 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-12 16:28 - 2017-06-13 03:59 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-12 16:28 - 2017-06-13 03:59 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-12 16:28 - 2017-06-13 03:59 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-12 16:28 - 2017-06-13 03:58 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-12 16:28 - 2017-06-13 03:58 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 16:28 - 2017-06-13 03:58 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-12 16:28 - 2017-06-13 03:58 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-12 16:28 - 2017-06-13 03:58 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-12 16:28 - 2017-06-13 03:58 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 16:28 - 2017-06-13 03:58 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-12 16:28 - 2017-06-13 03:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-12 16:28 - 2017-06-13 03:58 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-12 16:28 - 2017-06-13 03:49 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 16:28 - 2017-06-13 03:42 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 16:28 - 2017-06-13 03:42 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 16:28 - 2017-06-13 03:42 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 16:28 - 2017-06-13 03:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 16:28 - 2017-06-13 03:39 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-12 16:28 - 2017-06-13 03:35 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-12 16:28 - 2017-05-21 09:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 16:28 - 2017-05-21 09:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-12 16:28 - 2017-05-16 21:00 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-12 10:37 - 2017-07-12 10:37 - 000003190 _____ C:\Windows\System32\Tasks\{EB7D89F4-994B-4A40-8D86-35A2CEB78D99}
2017-07-12 09:40 - 2017-07-12 09:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klanghelm
2017-07-12 09:40 - 2017-07-12 09:40 - 000000000 ____D C:\Program Files\Klanghelm
2017-07-12 09:39 - 2017-07-12 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plugin Alliance
2017-07-10 16:56 - 2017-07-12 15:39 - 000000000 ____D C:\Program Files\Plugin Alliance
2017-07-10 16:46 - 2017-07-10 16:56 - 000000000 ____D C:\Users\user\AppData\Roaming\Plugin Alliance Installation Manager
2017-07-10 11:55 - 2017-07-12 18:02 - 000000000 ____D C:\Users\user\Desktop\1999-daksinamurti-stotram-128kbps
2017-07-10 09:35 - 2017-07-10 09:36 - 000000000 ____D C:\Users\user\Documents\newsletter-inspiration
2017-07-07 11:21 - 2017-07-07 14:27 - 000000000 ____D C:\Users\user\Desktop\alphabet-isha
2017-07-05 11:47 - 2017-08-02 01:08 - 000000000 ____D C:\Users\user\Desktop\ukele-songs
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-04 09:19 - 2013-01-30 22:28 - 000000000 ____D C:\Users\user\AppData\Roaming\Skype
2017-08-04 09:03 - 2017-05-09 09:58 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-08-04 06:55 - 2013-12-16 21:50 - 000000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3599117210-139940529-1983179741-1000UA.job
2017-08-04 02:57 - 2009-07-14 10:15 - 000009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-04 02:57 - 2009-07-14 10:15 - 000009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-04 02:03 - 2013-01-30 13:40 - 000000000 ____D C:\Users\user\AppData\Local\Adobe
2017-08-04 01:45 - 2009-07-14 10:43 - 000800998 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-04 01:45 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2017-08-04 00:40 - 2013-06-05 09:53 - 000388096 ___SH C:\Users\user\Documents\Thumbs.db
2017-08-04 00:36 - 2016-08-30 14:45 - 000000000 ____D C:\Users\user\AppData\Roaming\Mp3tag
2017-08-03 21:55 - 2013-12-16 21:50 - 000000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3599117210-139940529-1983179741-1000Core.job
2017-08-03 20:01 - 2017-05-17 00:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LameXP v4.14
2017-08-03 17:59 - 2013-11-07 14:45 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-08-03 17:28 - 2013-11-29 10:47 - 000001456 _____ C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-08-03 16:46 - 2015-12-26 08:56 - 000000000 ____D C:\Program Files (x86)\Opera
2017-08-03 15:35 - 2013-03-14 22:29 - 000000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2017-08-03 14:43 - 2015-11-16 22:50 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-08-03 14:35 - 2016-12-06 21:11 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-08-03 12:44 - 2016-09-08 15:34 - 000007887 _____ C:\Windows\BRRBCOM.INI
2017-08-03 10:02 - 2017-05-09 09:57 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-08-03 08:10 - 2017-05-09 09:57 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-03 07:22 - 2017-04-30 09:27 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-08-03 07:18 - 2016-05-18 10:14 - 000000000 __SHD C:\Users\user\IntelGraphicsProfiles
2017-08-03 07:17 - 2014-04-11 10:09 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-03 07:13 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-02 23:15 - 2015-03-07 12:13 - 000000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2017-08-02 23:15 - 2015-03-07 12:08 - 000000000 ____D C:\Program Files\Common Files\Sony Shared
2017-08-02 23:15 - 2013-03-13 23:29 - 000000000 ____D C:\Program Files (x86)\Sony
2017-08-02 23:11 - 2013-04-22 14:55 - 000000000 ____D C:\ProgramData\SmartSound Software Inc
2017-08-02 23:11 - 2013-01-25 22:54 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-02 22:53 - 2013-11-17 12:26 - 000000000 ____D C:\AdwCleaner
2017-08-02 22:06 - 2016-08-22 12:05 - 000000000 ____D C:\Users\user\Desktop\Kayesh
2017-08-02 21:56 - 2013-04-23 12:22 - 000000000 ____D C:\Users\user\AppData\Roaming\IObit
2017-08-02 21:56 - 2013-04-23 12:22 - 000000000 ____D C:\ProgramData\IObit
2017-08-02 21:48 - 2013-04-23 12:21 - 000000000 ____D C:\Program Files (x86)\IObit
2017-08-02 20:43 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\security
2017-08-02 20:43 - 2009-07-14 08:50 - 000000000 ____D C:\Program Files\MsF to Iwares Starter Edition
2017-08-02 20:02 - 2014-04-11 10:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-02 20:02 - 2014-04-11 10:08 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-08-02 15:39 - 2017-01-04 22:40 - 000000000 ____D C:\Users\user\Desktop\AVRPT_2017
2017-08-02 14:45 - 2017-06-14 12:41 - 000001373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-08-02 14:45 - 2017-06-14 12:40 - 000001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-08-02 14:45 - 2017-05-05 16:02 - 000001320 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProtectUSB Software.lnk
2017-08-02 14:45 - 2017-05-05 15:54 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-02 14:45 - 2017-04-30 10:11 - 000001176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-08-02 14:45 - 2017-03-14 23:34 - 000000868 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIRiPad.lnk
2017-08-02 14:45 - 2017-01-21 23:12 - 000000972 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2017-08-02 14:45 - 2017-01-11 22:35 - 000000754 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2017-08-02 14:45 - 2016-11-05 23:07 - 000002056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk
2017-08-02 14:45 - 2016-08-15 18:11 - 000001569 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-08-02 14:45 - 2016-08-15 13:39 - 000002657 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo to Cartoon.lnk
2017-08-02 14:45 - 2016-08-03 20:58 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2017-08-02 14:45 - 2016-06-21 21:20 - 000001193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe Transcription Software.lnk
2017-08-02 14:45 - 2016-06-21 21:17 - 000001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk
2017-08-02 14:45 - 2016-06-21 21:14 - 000001743 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CafeTran Espresso.lnk
2017-08-02 14:45 - 2015-12-26 09:02 - 000001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-08-02 14:45 - 2015-11-29 12:14 - 000002194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-02 14:45 - 2015-11-21 22:41 - 000000970 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FastCopy.lnk
2017-08-02 14:45 - 2015-11-09 00:13 - 000001010 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2017-08-02 14:45 - 2015-06-23 00:16 - 000001209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTap Streaming Audio Recorder.lnk
2017-08-02 14:45 - 2013-11-29 00:24 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2017-08-02 14:45 - 2013-11-29 00:24 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2017-08-02 14:45 - 2013-11-29 00:17 - 000001036 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2017-08-02 14:45 - 2013-11-01 04:20 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-02 14:45 - 2013-05-13 00:07 - 000001211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2017-08-02 14:45 - 2013-05-13 00:07 - 000001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2017-08-02 14:45 - 2013-05-13 00:06 - 000001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2017-08-02 14:45 - 2013-05-13 00:06 - 000001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2017-08-02 14:45 - 2013-05-13 00:04 - 000001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2017-08-02 14:45 - 2013-05-13 00:04 - 000001357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.exe.lnk
2017-08-02 14:45 - 2013-05-09 19:42 - 000002062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS.lnk
2017-08-02 14:45 - 2013-04-14 22:59 - 000002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
2017-08-02 14:45 - 2013-03-28 21:16 - 000002045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk
2017-08-02 14:45 - 2013-03-16 15:07 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-08-02 14:45 - 2013-02-01 07:52 - 000001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.5.lnk
2017-08-02 14:45 - 2013-02-01 07:50 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
2017-08-02 14:45 - 2013-02-01 07:50 - 000001101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2017-08-02 14:45 - 2013-01-30 14:51 - 000001342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2017-08-02 14:45 - 2013-01-26 12:15 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-08-02 14:45 - 2013-01-26 12:15 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-08-02 14:45 - 2013-01-25 22:48 - 000001284 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-08-02 14:45 - 2009-07-14 10:27 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-08-02 14:45 - 2009-07-14 10:27 - 000001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2017-08-02 14:45 - 2009-07-14 10:27 - 000001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2017-08-02 14:45 - 2009-07-14 10:24 - 000001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2017-08-02 14:44 - 2016-10-26 22:11 - 000001894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-08-02 14:44 - 2013-01-30 14:49 - 000001325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2017-08-02 14:44 - 2009-07-14 10:31 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2017-08-02 14:44 - 2009-07-14 10:19 - 000001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2017-08-02 14:43 - 2016-03-26 00:02 - 000001944 _____ C:\Users\user\Desktop\iLanguage.lnk
2017-08-02 14:43 - 2015-11-18 11:53 - 000001465 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Free Video To Audio Converter 2015.lnk
2017-08-02 14:43 - 2014-05-21 13:43 - 000000833 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-08-02 14:41 - 2015-12-02 11:56 - 000000000 ____D C:\Program Files (x86)\Aktiv MP3 Recorder
2017-08-02 14:41 - 2014-02-13 00:56 - 000000000 ____D C:\Program Files\COMODO
2017-08-02 13:24 - 2017-03-21 22:19 - 000000000 ____D C:\Users\user\Documents\2017-bundle-content
2017-08-02 12:14 - 2014-08-11 20:16 - 000000000 ____D C:\Program Files (x86)\Mobile Partner
2017-08-02 12:10 - 2013-11-01 04:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-08-02 12:07 - 2014-12-12 22:00 - 000000000 ____D C:\Users\user\AppData\Roaming\DigitalVolcano
2017-08-02 12:06 - 2014-12-07 23:14 - 000000000 ____D C:\Program Files (x86)\AviSynth 2.5
2017-08-02 12:01 - 2013-12-11 01:07 - 000000000 ____D C:\ProgramData\MAGIX
2017-08-02 12:00 - 2017-05-05 16:02 - 000000000 ____D C:\Program Files (x86)\Protect Software ProtectUSB Software
2017-08-02 12:00 - 2013-01-30 22:01 - 000000000 ____D C:\Program Files (x86)\MMX353G 3G USB Manager
2017-08-02 03:25 - 2017-07-02 13:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-02 03:25 - 2017-02-08 20:51 - 000000000 ____D C:\Users\user\AppData\Roaming\Hide.me
2017-08-02 03:25 - 2016-10-26 22:11 - 000000000 ____D C:\Program Files (x86)\Bluestacks
2017-08-02 03:25 - 2015-12-04 17:33 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-08-02 03:25 - 2014-05-22 16:59 - 000000000 ____D C:\Program Files (x86)\kBilling
2017-08-02 03:25 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\registration
2017-08-02 03:14 - 2016-08-23 22:30 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-08-01 13:06 - 2017-06-06 12:10 - 000000000 ____D C:\Users\user\Desktop\swamini-BG-2010-meta
2017-07-31 10:18 - 2016-03-05 15:15 - 000000000 ____D C:\Users\user\Desktop\AVRPT-main-files
2017-07-31 08:54 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\system32\NDF
2017-07-30 15:13 - 2013-01-30 14:04 - 000000000 ____D C:\Program Files (x86)\Google
2017-07-28 01:12 - 2014-03-02 02:29 - 000000000 ____D C:\ProgramData\Aimersoft YouTube Downloader
2017-07-27 21:25 - 2016-11-27 20:49 - 000000000 ____D C:\Users\user\Desktop\rakesh-yoga
2017-07-27 00:56 - 2017-06-26 13:37 - 000000000 ____D C:\Users\user\Desktop\sonia-web
2017-07-25 22:52 - 2016-12-20 11:05 - 000000000 ____D C:\Users\user\Desktop\rakesh-web
2017-07-24 20:21 - 2013-01-29 16:12 - 000236608 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-24 18:07 - 2009-07-14 10:15 - 006210736 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-24 16:42 - 2016-11-05 23:00 - 000000000 ____D C:\Program Files\Common Files\Avid
2017-07-24 12:15 - 2017-02-08 20:50 - 000000000 ____D C:\Program Files (x86)\hide.me VPN
2017-07-24 02:40 - 2013-05-25 11:33 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-07-23 22:53 - 2016-11-19 10:43 - 000000000 ____D C:\Users\user\Documents\addresses
2017-07-22 12:31 - 2017-01-08 22:46 - 000000000 ____D C:\Users\user\Desktop\sonia-2017
2017-07-21 16:46 - 2015-12-26 09:03 - 000003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1451100758
2017-07-20 06:52 - 2014-02-20 13:46 - 000000000 ____D C:\Users\user\AppData\Roaming\iZotope
2017-07-20 02:02 - 2017-04-30 10:11 - 000003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1493527308
2017-07-20 02:01 - 2017-04-30 09:27 - 000146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-20 02:00 - 2017-04-30 09:27 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150049628225003
2017-07-20 01:59 - 2017-04-30 09:27 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-20 01:59 - 2017-04-30 09:27 - 000320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-20 01:59 - 2017-04-30 09:27 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-20 01:59 - 2017-04-30 09:27 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-19 21:59 - 2013-05-24 14:03 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-19 21:56 - 2016-11-05 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2017-07-19 21:56 - 2016-11-05 23:00 - 000000000 ____D C:\Users\user\Documents\iZotope
2017-07-19 21:56 - 2016-11-05 23:00 - 000000000 ____D C:\Program Files (x86)\iZotope
2017-07-19 21:56 - 2013-03-25 14:41 - 000000000 ____D C:\Program Files (x86)\VSTplugins
2017-07-19 21:53 - 2016-11-05 23:01 - 000000000 ____D C:\Program Files\Common Files\VST3
2017-07-18 20:20 - 2015-11-13 15:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Find and Mount
2017-07-18 20:20 - 2015-03-13 23:14 - 000000000 ____D C:\Program Files\A-FF Find and Mount
2017-07-18 17:42 - 2015-11-28 23:31 - 000000000 ____D C:\Users\user\Desktop\Diwan-iyengaryoga.co.in
2017-07-18 16:29 - 2016-11-02 21:19 - 000000000 ____D C:\Users\user\Desktop\joy-web+more
2017-07-18 13:59 - 2017-01-11 23:57 - 000000000 ____D C:\Users\user\AppData\Roaming\Zoom
2017-07-15 21:47 - 2015-10-09 08:39 - 000571656 _____ C:\Windows\ntbtlog.txt
2017-07-15 06:55 - 2015-11-21 16:07 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-15 06:55 - 2013-11-01 04:27 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-15 06:55 - 2013-11-01 04:27 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-15 06:55 - 2013-11-01 04:27 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-15 06:55 - 2013-01-30 14:49 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-14 16:15 - 2017-06-13 14:02 - 000000000 ____D C:\Users\user\Desktop\sonia-meta-2017
2017-07-14 12:19 - 2014-06-24 17:13 - 000000372 ____H C:\Users\user\Desktop\.BridgeLabelsAndRatings
2017-07-13 04:07 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\rescache
2017-07-13 03:26 - 2017-05-20 06:18 - 000000000 ____D C:\Windows\system32\appraiser
2017-07-11 00:33 - 2013-01-30 13:06 - 000000000 ____D C:\Users\user\AppData\Roaming\Adobe
2017-07-09 03:34 - 2013-04-01 07:34 - 000000000 ____D C:\Users\user\AppData\Roaming\FileZilla
2017-07-07 16:04 - 2013-05-22 21:21 - 000000000 ____D C:\Users\user\Documents\pujabook-michika
2017-07-07 01:19 - 2014-01-20 22:43 - 000000000 ____D C:\Users\user\Desktop\AVRPT-accounts
 
==================== Files in the root of some directories =======
 
2013-02-17 08:57 - 2013-02-17 08:57 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2017-07-22 00:35 - 2017-07-22 00:35 - 000000132 _____ () C:\Users\user\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2013-12-27 00:01 - 2017-02-03 23:15 - 000000132 _____ () C:\Users\user\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-05-19 20:19 - 2013-05-19 20:19 - 000000132 _____ () C:\Users\user\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-12-26 23:22 - 2017-03-31 10:02 - 000000132 _____ () C:\Users\user\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-12-26 22:42 - 2016-08-05 23:43 - 000000132 _____ () C:\Users\user\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2013-12-26 22:46 - 2017-06-20 21:12 - 000000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-01-16 00:59 - 2014-01-16 00:59 - 000000049 ____H () C:\Users\user\AppData\Roaming\Bounce Mail Handler.ini
2015-02-16 22:15 - 2015-02-16 23:03 - 000000659 _____ () C:\Users\user\AppData\Roaming\droid4xinstaller.log
2014-03-01 18:27 - 2014-03-01 18:31 - 000022472 _____ () C:\Users\user\AppData\Roaming\net.telestream.producer.xml
2014-03-01 18:31 - 2014-03-01 18:31 - 000000110 _____ () C:\Users\user\AppData\Roaming\net.telestream.wirecast.webstream.xml
2014-05-22 20:18 - 2014-05-22 20:18 - 000000409 _____ () C:\Users\user\AppData\Roaming\repmand.ini
2014-05-22 20:18 - 2014-05-22 20:18 - 000000033 _____ () C:\Users\user\AppData\Roaming\repmandlib.ini
2015-06-23 00:16 - 2015-06-23 00:16 - 000001167 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2015-06-23 00:16 - 2015-06-23 00:16 - 000000000 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-01-15 04:22 - 2017-02-23 23:10 - 000088842 _____ () C:\Users\user\AppData\Roaming\unins000.dat
2017-02-23 22:10 - 2017-02-23 22:09 - 000715253 _____ () C:\Users\user\AppData\Roaming\unins000.exe
2014-01-10 14:24 - 2014-01-10 14:31 - 142848334 _____ () C:\Users\user\AppData\Local\ACCCx2_3_0_322.zip.aamdownload
2014-01-10 14:24 - 2014-01-10 14:25 - 000001796 _____ () C:\Users\user\AppData\Local\ACCCx2_3_0_322.zip.aamdownload.aamd
2015-12-07 14:46 - 2015-12-07 15:46 - 229845839 _____ () C:\Users\user\AppData\Local\ACCCx3_4_1_181.zip.aamdownload
2015-12-07 14:46 - 2015-12-07 15:46 - 000002657 _____ () C:\Users\user\AppData\Local\ACCCx3_4_1_181.zip.aamdownload.aamd
2016-08-15 15:15 - 2016-08-15 15:37 - 302675591 _____ () C:\Users\user\AppData\Local\ACCCx3_7_5_291.zip.aamdownload
2016-08-15 15:15 - 2016-08-15 15:37 - 000003392 _____ () C:\Users\user\AppData\Local\ACCCx3_7_5_291.zip.aamdownload.aamd
2013-05-13 14:20 - 2016-02-13 11:03 - 000001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-11-29 10:47 - 2017-08-03 17:28 - 000001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-05-13 14:49 - 2017-05-13 14:49 - 000000000 ____H () C:\Users\user\AppData\Local\BITFD13.tmp
2013-10-02 12:52 - 2014-07-06 12:18 - 000009728 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-10 11:15 - 2017-03-10 11:15 - 000000092 _____ () C:\Users\user\AppData\Local\fusioncache.dat
2014-05-19 08:37 - 2014-05-19 08:57 - 000007609 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2015-04-03 20:36 - 2015-04-03 20:36 - 000000052 _____ () C:\Users\user\AppData\Local\vmrWorkAround.log
2017-05-13 14:48 - 2017-05-13 14:49 - 000000000 _____ () C:\Users\user\AppData\Local\{2F8851E9-3400-425F-AD29-F4975B9AB53C}
2014-06-28 10:20 - 2014-06-28 10:20 - 000000000 _____ () C:\Users\user\AppData\Local\{8A038322-92C6-4051-A95F-064E7D15ABE3}
2017-07-15 21:30 - 2017-07-15 21:30 - 000000000 _____ () C:\Users\user\AppData\Local\{ECB12073-E17B-4A30-AA00-0AF50361E40A}
2017-05-13 14:47 - 2017-05-13 14:47 - 000000000 _____ () C:\Users\user\AppData\Local\{EE3266C0-654E-4527-82F5-A08B6BC36423}
2014-05-22 17:01 - 2014-05-22 17:01 - 000005024 _____ () C:\ProgramData\dbvvomjc.bpt
2013-01-30 14:44 - 2014-01-17 02:54 - 000001766 _____ () C:\ProgramData\hpzinstall.log
2014-06-19 21:39 - 2014-06-19 21:39 - 000010375 _____ () C:\ProgramData\regid.2008-04.com.caricaturesoft_4ECD9E60-F79E-481F-B428-F04A7E9EF846.swidtag
2017-08-02 12:54 - 2017-08-02 12:54 - 000000004 _____ () C:\ProgramData\_lg.3sap
 
Some files in TEMP:
====================
2017-02-19 13:43 - 2017-02-19 13:45 - 000004096 _____ () C:\Users\user\AppData\Local\Temp\bk4jaotl.dll
2016-06-21 21:17 - 2016-06-21 21:17 - 000864528 _____ (NCH Software) C:\Users\user\AppData\Local\Temp\burnsetup.exe
2016-06-26 00:17 - 2016-06-26 00:17 - 000739904 _____ (Oracle Corporation) C:\Users\user\AppData\Local\Temp\jre-8u91-windows-au.exe
2017-03-10 11:19 - 2006-12-02 04:56 - 001101824 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\mfc80.dll
2017-03-10 11:19 - 2006-12-02 04:56 - 001093120 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\mfc80u.dll
2017-03-10 11:19 - 2006-12-02 10:48 - 000069632 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\mfcm80.dll
2017-03-10 11:19 - 2006-12-02 10:52 - 000057856 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\mfcm80u.dll
2012-10-26 15:20 - 2012-10-26 15:20 - 002497897 ____R (Mobile                                                      ) C:\Users\user\AppData\Local\Temp\Modem_installation.exe
2017-03-10 11:19 - 2006-12-02 10:52 - 000479232 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\msvcm80.dll
2017-03-10 11:19 - 2006-12-02 02:33 - 000548864 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\msvcp80.dll
2017-03-10 11:19 - 2006-12-02 02:33 - 000626688 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\msvcr80.dll
2017-03-10 11:19 - 2011-09-13 13:46 - 000420808 _____ () C:\Users\user\AppData\Local\Temp\OSU.exe
2016-12-16 11:58 - 2016-12-16 11:58 - 000003072 _____ () C:\Users\user\AppData\Local\Temp\p1o4yvd3.dll
2016-12-16 12:00 - 2016-12-16 12:01 - 000003072 _____ () C:\Users\user\AppData\Local\Temp\qgflc51f.dll
2016-11-25 21:26 - 2017-07-22 11:59 - 058740704 _____ (Skype Technologies S.A.) C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
2016-06-21 21:34 - 2016-06-21 21:34 - 000684032 ____N () C:\Users\user\AppData\Local\Temp\sqlite-3.8.7-443ab486-4d09-4c57-a722-ba07dfc63722-sqlitejdbc.dll
2017-04-07 00:51 - 2017-04-07 00:58 - 005958864 _____ (eVenture Limited                                            ) C:\Users\user\AppData\Local\Temp\tmpBE36.exe
2017-03-16 22:01 - 2017-03-16 22:01 - 014456872 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\vc_redist.x86.exe
2017-02-24 22:11 - 2017-03-10 12:21 - 030533688 _____ () C:\Users\user\AppData\Local\Temp\vlc-2.2.4-win32.exe
2016-10-23 16:40 - 2016-10-23 16:41 - 005241568 _____ (NCH Software) C:\Users\user\AppData\Local\Temp\vpsetup.exe
2017-03-10 11:19 - 2011-09-13 13:41 - 000012800 _____ () C:\Users\user\AppData\Local\Temp\WtgDriverInstallX.dll
2017-03-10 11:19 - 2011-09-13 13:45 - 000606208 _____ () C:\Users\user\AppData\Local\Temp\WTGXMLUtil.dll
2015-04-21 15:17 - 2015-04-21 15:17 - 000455600 ____R (Macrovision Corporation) C:\Users\user\AppData\Local\Temp\_is8D98.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-02 04:20
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by user (04-08-2017 09:27:21)
Running from C:\Users\user\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-01-25 17:17:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
788B5E4B02E649F0AEFF (S-1-5-21-3599117210-139940529-1983179741-1010 - Limited - Enabled)
9A3542F65C084D47BE6C (S-1-5-21-3599117210-139940529-1983179741-1009 - Limited - Enabled)
Administrator (S-1-5-21-3599117210-139940529-1983179741-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3599117210-139940529-1983179741-1002 - Limited - Enabled)
Guest (S-1-5-21-3599117210-139940529-1983179741-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3599117210-139940529-1983179741-1007 - Limited - Enabled)
user (S-1-5-21-3599117210-139940529-1983179741-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Data Recovery Suite version 3.2.0 (HKLM-x32\...\{02386A56-080B-485c-941D-AF96B29140DD}_is1) (Version: 3.2.0 - SharpNight Co,Ltd)
7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.11 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 Vista Compatibility (HKLM\...\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb) (Version:  - )
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 Functional Content (HKLM-x32\...\{614020C8-2E16-4E16-A5F0-04DE2AB96097}) (Version: 6.0.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Advanced Font Viewer 5.1 (HKLM-x32\...\Advanced Font Viewer_is1) (Version:  - Alexander G Styopkin)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.64 - Hulubulu Software)
Aimersoft Helper Compact 2.5.1 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.1 - Aimersoft)
Aimersoft YouTube Downloader(Build 4.9.2.0) (HKLM-x32\...\Aimersoft YouTube Downloader_is1) (Version: 4.9.2.0 - Aimersoft Software)
AIR iPad (HKLM-x32\...\{EA09B356-31B5-3C6F-5B23-AE3FE0A29E99}) (Version: 01 - UNKNOWN) Hidden
AIR iPad (HKLM-x32\...\AIRiPad.2F5B6419AD1E468138DDD0B435CF5E716FC9F465.1) (Version: v.01 - UNKNOWN)
All File Email Extractor v2.4 (HKLM-x32\...\All File Email Extractor v2.4) (Version:  - AlgoLogic)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
Aostsoft Image to Word OCR Converter 3.8.2 (HKLM-x32\...\Aostsoft Image to Word OCR Converter_is1) (Version:  - Aostsoft,Inc.)
Apache Tomcat 7.0 Tomcat7 (remove only) (HKLM\...\Apache Tomcat 7.0 Tomcat7) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.2.6 - ASUSTeK Computer Inc.)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Avid Pro Tools (HKLM\...\{440A8FC5-DF1F-49F2-8936-227247138A34}) (Version: 12.5.0.395 - Avid Technology, Inc.)
B110 (HKLM-x32\...\{9F9A2D22-7E30-4546-B817-10644FFB9935}) (Version: 140.0.283.000 - Hewlett-Packard) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.70.6309 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Brother MFL-Pro Suite DCP-T300 (HKLM-x32\...\{BA07A125-6AC7-4293-89D6-391676FFD041}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Canon LBP7200C (HKLM\...\Canon LBP7200C) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CGS17_Setup_x64 (HKLM\...\{83646B67-A878-4E95-BB4B-AF4A6E61F28C}) (Version: 17.0 - Corel Corporation) Hidden
Classic PDF Editor 12.0 (HKLM-x32\...\Classic PDF Editor_is1) (Version:  - )
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 52.15.25.664 - Comodo)
CopyTrans Suite Remove Only (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{FD4A43CE-ABAE-4161-83AC-314A3C804F42}) (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (HKLM\...\{1967EF95-E00B-4669-8B1C-A589BE8BF24F}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (HKLM\...\{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (HKLM\...\{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (HKLM\...\{7386B5FA-8715-481D-821F-7785110506DF}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (HKLM\...\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (HKLM\...\{BB65D262-3EBC-4F10-89D9-67A320E94EAA}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (HKLM\...\{E699230D-4B5E-411E-9F45-FF50789B18DD}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (HKLM\...\{3933C06C-8239-432B-87FC-F2BDC5B49A10}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (HKLM\...\{B6DF7031-2843-44FD-9CAB-DECAB4257456}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (HKLM\...\{D7C2687D-924E-4485-B367-C7D95CBF8DDD}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (HKLM\...\{2C72B5E4-AA34-4F1A-8C7E-468530F9F6A3}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (HKLM\...\{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (HKLM\...\{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (HKLM\...\{10762393-1B90-4AC2-AF1A-4C0C04AE303F}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (HKLM\...\{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (HKLM\...\{1E3A578C-0A7D-4820-990F-B7545C0B2303}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (HKLM\...\{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}) (Version: 16.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (HKLM\...\{CCE7423E-1D84-4CD3-9E32-220EC9358D97}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (HKLM\...\{2C91CB9D-323D-43E5-A433-229B71CFB773}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (HKLM\...\{9178F0A8-B6F6-4DA7-AD63-317CC4875F4B}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (HKLM\...\{BD036E95-A9CD-4DED-B744-95AB1DCAFF0C}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (HKLM\...\{5162E418-BB43-4C8F-ACD6-069645EF98C3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (HKLM\...\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (HKLM\...\{3BB8EB77-737B-4B32-BAB9-08C7110C46BD}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (HKLM\...\{D10A5CFA-FE33-4F06-AE37-554604F00A52}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (HKLM\...\{5406029B-67AD-4F8E-9F2D-F1959CD9CD86}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (HKLM\...\{C922F325-DD52-4E22-B204-431A06E63E51}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (HKLM\...\{1A73168F-5983-46A6-AAAB-FD83BC231E02}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (HKLM\...\{C57EDB5A-AC8E-4E03-9F1A-DC013A2BB9B2}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (HKLM\...\{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (HKLM\...\{5672E0DC-7489-4EAC-8CFD-E01B3868FCB5}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (HKLM\...\{966996DC-D67C-40E3-8BD4-31FA0F093571}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
cssSlider (HKLM-x32\...\cssSlider_is1) (Version:  - )
CyberLink PowerDirector 11 (HKLM\...\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DC1A2 version 2.1.0 (HKLM\...\DC1A2_is1) (Version: 2.1.0 - )
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
D-Link DWA-131 Wireless N Nano USB Adapter (HKLM-x32\...\{D9198056-A296-4583-A790-C0E73694CFE8}) (Version:  - D-Link)
Dropbox (HKLM-x32\...\Dropbox) (Version: 31.4.24 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
DuOS (HKLM\...\{D642C486-5337-4882-A7F3-91A4C797ABFA}) (Version: 2.0.6.8063 - American Megatrends Inc.)
DVD Architect Pro 6.0 (HKLM-x32\...\{E0E531A2-17C1-11E2-984D-1040F3E7010F}) (Version: 6.0.237 - Sony)
DVD Audio Extractor 7.2.0 (HKLM-x32\...\DVD Audio Extractor_is1) (Version:  - Computer Application Studio)
EaseUS Data Recovery Wizard 8.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 8.0_is1) (Version:  - EaseUS)
EaseUS Partition Master 10.8 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
EaseUS Partition Recovery 8.5 (HKLM-x32\...\EaseUS Partition Recovery_is1) (Version:  - EaseUS)
Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.9 - Poikosoft)
eMail Bounce Handler 3.8.2 (HKLM-x32\...\eMail Bounce Handler_is1) (Version:  - Max Programming LLC)
Email Extractor Files (HKLM-x32\...\{4D970F49-9840-446A-A33F-0146752D3499}) (Version: 5.0 - Technocom Solutions)
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 5.06 - NCH Software)
Express Scribe Transcription Software (HKLM-x32\...\Scribe) (Version: 5.85 - NCH Software)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
ffdshow v1.1.3572 [2010-09-13] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3572.0 - )
FileZilla Client 3.26.2 (HKLM-x32\...\FileZilla Client) (Version: 3.26.2 - Tim Kosse)
Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery)
FlippingBook PDF Publisher (HKLM-x32\...\{5DB38141-CCA8-4870-8EC1-FB06871AF278}) (Version: 0.5.8 - Mediaparts Interactive)
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
Free Audio Converter 1.0.2 (HKLM-x32\...\Free Audio Converter) (Version: 1.0.2 - 1Focus, Org.)
Free Audio Converter version 5.0.52.1122 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.52.1122 - DVDVideoSoft Ltd.)
Free Video To Audio Converter 2015 6.5.8 (HKLM-x32\...\Free Video To Audio Converter 2015_is1) (Version:  - FAEMedia Co., Ltd.)
Free Video to Flash Converter version 5.0.37.327 (HKLM-x32\...\Free Video to Flash Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GetFLV 9.6.2.1 (HKLM-x32\...\GetFLV_is1) (Version:  - GetFLV, Inc.)
gImageReader (HKLM-x32\...\gImageReader) (Version: 3.1.91 - Sandro Mani)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{09A8EA8A-9C9D-45E4-B20C-3F13C2CCD32C}) (Version: 7.3.0.3830 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPAC (remove only) (HKLM-x32\...\GPAC) (Version:  - )
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
GroupMail :: Personal Edition (HKLM-x32\...\{72FC0445-FE6D-4E12-815B-3A8C5E3704DA}_is1) (Version: 5.3.0.125 - Infacta Ltd.)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HD Video Converter Factory 11.1 (HKLM-x32\...\HD Video Converter Factory) (Version: 11.1 - WonderFox Soft, Inc.)
HD Video Converter Factory Pro 13.1 (HKLM-x32\...\HD Video Converter Factory Pro) (Version: 13.1 - WonderFox Soft, Inc.)
HDD Regenerator (HKLM-x32\...\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}) (Version: 1.71.0012 - Abstradrome)
hide.me VPN 1.2.14 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.2.14 - eVenture Limited)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{59C83C08-63F4-4AEC-81D6-392C5E23B843}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (HKLM-x32\...\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}) (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
iBall Claro TV T18 Device (HKLM-x32\...\TVCONDrv) (Version:  - )
IBP 12.0.2 (HKLM-x32\...\IBP12_is1) (Version: 12.0.2 - Axandra GmbH)
IconViewer (HKLM\...\{C6F34AE0-0576-11d4-82FE-4491FCC00000}) (Version: 3.2.147 - Bot Productions)
ID3-TagIT 3 (HKLM-x32\...\ID3-TagIT 3_is1) (Version: 3 - Michael Pluemper)
IDTE-ID3 Tag Editor (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\IDTE-ID3 Tag Editor) (Version: 02.80.00.00 - Team IDTE)
iLanguage (HKLM-x32\...\iLanguage) (Version: 2.2 - doIT)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4226 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.2 - IObit)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
Itranslator 2003 Beta (HKLM-x32\...\Itranslator 2003 Beta_is1) (Version:  - Omkarananda Ashram Himalayas)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.03 - iZotope, Inc.)
iZotope RX 4 (HKLM-x32\...\iZotope RX 4_is1) (Version: 4.00 - iZotope, Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
join.me (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\JoinMe) (Version: 3.0.0.4238 - LogMeIn, Inc.)
JPG to PDF Converter 1.1 (HKLM-x32\...\JPG to PDF Converter) (Version: 1.1 - )
kBilling Invoicing Software (HKLM-x32\...\{B38A9B1A-DAEF-4ECC-AC7D-FDB12EAE5663}_is1) (Version:  - K Software)
Kindle Previewer (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\KindlePreviewer) (Version: 2.92 - Amazon)
LameXP v4.15 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.15 Final-1 [Build #2002] - LoRd_MuldeR <[email protected]>)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Manager (HKLM-x32\...\{38251B9A-C44B-42D9-9A6A-0697986E334A}) (Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
mediAvatar DAT Converter (HKLM-x32\...\mediAvatar DAT Converter) (Version: 6.8.0.1101 - mediAvatar)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7916 - Memeo Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Expression SuperPreview 4 Trial (HKLM-x32\...\SuperPreview_4.0.1241.0) (Version: 4.0.1241.0 - Microsoft Corporation)
Microsoft Junk E-mail Reporting Add-in (HKLM-x32\...\{B72B06E0-0C54-495F-896F-E3ED2905624B}) (Version: 10.1.207.1 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Moyea Importer for Adobe Premiere version: 3.0.1.504 (HKLM-x32\...\{4AC19FB6-9020-4539-B681-28BF301AC38F}_is1) (Version:  - )
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
mp3Tag Pro 9.5 (HKLM-x32\...\mp3Tag Pro_is1) (Version:  - ManiacTools.com)
Mp3tag v2.83 (HKLM-x32\...\Mp3tag) (Version: 2.83 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR WNA1000M Wireless USB 2.0 Adapter (HKLM-x32\...\{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}) (Version: 1.01.10 - NETGEAR) Hidden
NETGEAR WNA1000M Wireless USB 2.0 Adapter (HKLM-x32\...\InstallShield_{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}) (Version: 1.01.10 - NETGEAR)
Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
Nitro Pro 8 (HKLM\...\{8995F47C-B7E7-466F-8FCD-3AD3340662C6}) (Version: 8.5.2.10 - Nitro)
Noveltech Vocal Enhancer 1.6.1 (HKLM\...\Noveltech Vocal Enhancer_is1) (Version: 1.6.1 - Plugin Alliance)
Opcion Font Viewer (HKLM-x32\...\{B86688D9-0F85-458B-AFB1-5B3B4C8CE541}) (Version: 1.1.1 - Chiu Software Systems)
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation)
Opera Stable 46.0.2597.57 (HKLM-x32\...\Opera 46.0.2597.57) (Version: 46.0.2597.57 - Opera Software)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.5.0812 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.5.0812 - PACE Anti-Piracy, Inc.)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.1 - pdfforge GmbH)
PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 2.0.35.34126 - RedSoftware)
PDFescape Desktop Create Module (HKLM\...\{1494D0BD-6284-43C2-87A1-5B2F7A5CA5C1}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Edit Module (HKLM\...\{37E3FFCA-6A24-4762-826F-4F43F0A97C2E}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Forms Module (HKLM\...\{6F3B51B6-B27B-4D14-96C5-4B1C1D1149B7}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Insert Module (HKLM\...\{2F895ED2-6998-4C39-8668-7117804D127A}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Secure Module (HKLM\...\{D20659F5-61A5-4385-A267-77CF442C1CB0}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop View Module (HKLM\...\{EC492F74-CD9C-419A-8FFA-C49319F59955}) (Version: 2.0.36.34130 - Red Software) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Photo to Cartoon (HKLM-x32\...\{2302FD51-7033-48DE-A302-039649DE4AE8}) (Version: 7.0 - Caricature Software Inc.)
PS_AIO_07_B110_SW_Min (HKLM-x32\...\{F88E2E04-7EF5-488C-8E38-C94EB808458E}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
QuickTransfer (HKLM-x32\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Rename-It! (HKLM-x32\...\Rename-It!) (Version: 3.32 - Beroux)
Report Manager 2.9b (HKLM-x32\...\Report Manager_is1) (Version: 2.9b - Toni Martir)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SDL Trados 2015 SR2 - Remove suite of products (HKLM-x32\...\TranslationStudio2015) (Version: 4.2.5082 - SDL)
SDL Trados Legacy Compatibility Module (HKLM-x32\...\{7F8F4AF6-0CE2-46E9-BA14-C55F19968926}) (Version: 2.1.128 - SDL)
SDL Trados Studio 2015 SR2 (HKLM-x32\...\{47A9C592-6A0F-4E70-8057-74DA01D28EDA}) (Version: 4.2.5082 - SDL)
SDL WorldServer Components (HKLM-x32\...\{791F1B1C-BF90-4145-95B6-0150FAC6BB6E}) (Version: 4.2.5082 - SDL)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1548 - Memeo Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 2.31 - NCH Software)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 6.0.0.0 - Stellar Information Systems Ltd)
Streaming Audio Recorder version 3.4.5 (HKLM-x32\...\{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1) (Version: 3.4.5 - APOWERSOFT LIMITED)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
TurboMailer 2 (HKLM-x32\...\{9E156899-D3A1-4F10-8323-364A095FCFDB}}_is1) (Version:  - Xellsoft.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voxbox version 1.0.1 (HKLM\...\Voxbox_is1) (Version: 1.0.1 - )
Waves Central 1.3.2.4 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}_is1) (Version: 1.3.2 - Waves, Inc.)
Web Photo Album 1.1 (HKLM-x32\...\Web Photo Album_is1) (Version:  - )
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Intel Corporation (igfx) Display  (05/25/2015 10.18.10.4226) (HKLM\...\9BE1E70D477FC0A2AF08E2AA3EED5EDA155145B7) (Version: 05/25/2015 10.18.10.4226 - Intel Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-5 - Bitnami)
Xilisoft HD Video Converter (HKLM-x32\...\Xilisoft HD Video Converter) (Version: 5.1.37.0416 - Xilisoft)
ZoneAlarm Antivirus (HKLM-x32\...\{889B79B2-EB50-4A5D-A22A-65CAB29C46F4}) (Version: 15.0.159.17147 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{C83E68B7-0DDA-462C-89C0-68DFA0A90F9D}) (Version: 15.0.159.17147 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 15.0.159.17147 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{B25B23E6-0FC6-45B4-8755-437F45F5CB82}) (Version: 15.0.159.17147 - Check Point Software Technologies Ltd.) Hidden
Zoom (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Portable\Internet Download Manager 6.15\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2014-05-08] (Adobe Systems Inc.)
ContextMenuHandlers1: [Advanced SystemCare] -> {9486A9B2-D787-4eca-A25C-4A0086BB4154} =>  -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-06-23] (Florian Heidenreich)
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ContextMenuHandlers1: [PDFescapeDesktop_ManagerExt] -> {D3C28D54-72B8-4B8D-B204-157EFA9BF3E7} => C:\Program Files\PDFescape Desktop\context-menu.dll [2017-07-13] (Red Software)
ContextMenuHandlers1-x32: [Rename-It!] -> {A64BBF5F-1250-4083-924C-B79661B75AAE} => C:\Program Files (x86)\Rename-It!\SimpleExt.dll [2004-10-06] ()
ContextMenuHandlers1-x32-x32: [TranslationStudioShlExt2011] -> {F6C08E19-DCE1-45B5-A225-E94FADB585DD} => C:\Program Files (x86)\SDL\SDL Trados Studio\Studio4\TranslationStudioExt.dll [2016-03-02] (TODO: <Company name>)
ContextMenuHandlers1-x32-x32-x32: [WebAlbum3D] -> {5C3CA950-420D-439E-A8C1-37F2196C48B2} => C:\Program Files (x86)\Web Photo Album\webalbumcontext.dll [2007-06-04] (VicMan Software)
ContextMenuHandlers1-x32-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32-x32-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2016-12-13] (Check Point Software Technologies Ltd.)
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-06-23] (Florian Heidenreich)
ContextMenuHandlers2-x32: [WebAlbum3D] -> {5C3CA950-420D-439E-A8C1-37F2196C48B2} => C:\Program Files (x86)\Web Photo Album\webalbumcontext.dll [2007-06-04] (VicMan Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-06-23] (Florian Heidenreich)
ContextMenuHandlers4-x32: [Rename-It!] -> {A64BBF5F-1250-4083-924C-B79661B75AAE} => C:\Program Files (x86)\Rename-It!\SimpleExt.dll [2004-10-06] ()
ContextMenuHandlers4-x32-x32: [WebAlbum3D] -> {5C3CA950-420D-439E-A8C1-37F2196C48B2} => C:\Program Files (x86)\Web Photo Album\webalbumcontext.dll [2007-06-04] (VicMan Software)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-02] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-06-04] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2014-05-08] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers6-x32: [SxContextMenuPro] -> {AE0FB986-4A9D-45B5-B434-112DB79BF518} => C:\Program Files (x86)\mp3Tag Pro 8\tag_menu.dll [2008-12-23] ()
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32-x32-x32: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2016-12-13] (Check Point Software Technologies Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01EE37C1-FAC3-4473-92B2-F47E44AEB5AE} - System32\Tasks\{5CB279D8-29BE-4330-9F8C-35428777570B} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Documents\software\gm5p_setup_3.exe -d C:\Users\user\Documents\software
Task: {105C583D-6278-4FFC-ADB6-61D193D3F19A} - System32\Tasks\{FD32F0ED-2BB3-46DB-B8B1-48B7EF0BE094} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {110030CE-C740-4BE3-9AF5-69485EF8504E} - System32\Tasks\{93368B05-8C1F-458C-B0C4-6EE3844A0EE1} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\airprint_installer.exe -d C:\Users\user\Downloads
Task: {12B5F3A2-108C-4CA1-956F-4DFB0001A193} - System32\Tasks\{EB7D89F4-994B-4A40-8D86-35A2CEB78D99} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_installation_manager_win_1_0_1.zip\PA-InstallationManager.exe <==== ATTENTION
Task: {15FF4588-8B3A-4652-B4A7-A5C868BA2A0A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-15] (AVAST Software)
Task: {1C265897-379D-4D6C-8E79-B48807743038} - System32\Tasks\{3BE6BDAA-AB23-419D-8418-07168B94ABA7} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Aimersoft\YouTube Downloader\PluginInstallForExe.exe" -d C:\Windows\SysWOW64 -c 1 0 0 1
Task: {2286F8B2-89DC-4729-8320-1E65DF829733} - System32\Tasks\{560CA622-9B91-4A2E-933E-381805697AF0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Aimersoft\YouTube Downloader\PluginInstallForExe.exe" -d C:\Windows\SysWOW64 -c 1 0 1 0
Task: {2E51EF13-4168-40CD-BB8E-5097C53A2900} - System32\Tasks\{9A487F7F-4BAE-4EE2-A305-8F16D3DB692B} => C:\Program Files (x86)\Primera Technology\PTPublisher\PTPublisher.exe
Task: {3264EEA6-19A6-4D8E-AD52-0ABDD8947531} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {3E844A4D-E087-4D69-8475-C84D2218F08B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-15] (Adobe Systems Incorporated)
Task: {4198F86B-CCF6-4B77-B749-FF6CFB466B02} - System32\Tasks\{EB70110D-7621-4AE6-ADA7-20A233D8EE0A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\kBilling\unins000.exe"
Task: {42714F76-A6E9-4BF6-BE2B-63E1C19E6CC8} - System32\Tasks\{DFB9B07F-FE99-44CF-A3E4-584EC36F38AC} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {4C66EE94-64F2-4CC6-A87E-3C45DDBE52B0} - System32\Tasks\{31750143-ADEB-407D-882E-B8B37A9D70AE} => C:\Windows\system32\pcalua.exe -a E:\Install.exe -d E:\
Task: {4C6CF0FB-A44C-4FFC-9DCD-080B11C47255} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {4EC11064-740F-476D-B3A6-742AFBFF8805} - System32\Tasks\SafeZone scheduled Autoupdate 1493527308 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {5106500E-6325-4EAF-BD73-D8DD818639B0} - System32\Tasks\MsF to Iwares Starter Edition => C:\Windows\system32\rundll32.exe "C:\Program Files\MsF to Iwares Starter Edition\MsF to Iwares Starter Edition.dll",WmkHanDOGHEb <==== ATTENTION
Task: {5ECFAFD6-964C-41F0-B1CF-E593E8E73FD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {69BC2748-B776-42EF-9CB8-4A2E8799575C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3599117210-139940529-1983179741-1000UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16] (Facebook Inc.)
Task: {6F6CC83E-47B9-4A3C-9528-52B07BDA19FA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3599117210-139940529-1983179741-1000Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16] (Facebook Inc.)
Task: {81A8C23D-16D2-4D3C-8DB4-AF49C1DF75F6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-20] (AVAST Software)
Task: {83A6D604-E639-45AD-9028-D28842EA070E} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis1B4.exe <==== ATTENTION
Task: {8E2ECF92-EB17-498A-BE79-5CA14642331A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-09] (Dropbox, Inc.)
Task: {98E18818-2FE7-401A-A7CC-379608D13F14} - System32\Tasks\{3A4D8D08-2196-4A54-B7A9-B75EA93B3D43} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {9AB938C3-37AD-476A-AEBB-4618AE4D32B9} - System32\Tasks\{4BD45BD6-4372-43A7-A83E-643E8D194755} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {9F4435DE-A4A6-44C0-9FDD-839BAEA64B1B} - System32\Tasks\{025EFD6D-C172-4A4E-92B4-87B5FADDEB9F} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {A428F7C5-1B11-4944-B4DB-00C791335084} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-09] (Dropbox, Inc.)
Task: {AD27E602-5846-47E7-9773-2945DBF28025} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {B2CB9B5E-61A4-46B1-8AF6-F259C156CF6C} - System32\Tasks\{7AAF8906-23BA-4267-BB92-E65EB5EF77A8} => C:\Program Files (x86)\Primera Technology\PTPublisher\PTPublisher.exe
Task: {BA31057A-304C-4755-ACC0-B780DFAF7B85} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_user => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
Task: {C3120D31-34D5-4918-AE21-C60D261ADECE} - System32\Tasks\{D7F9F977-9B77-4EC7-BFC5-D8564E32B520} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.33.0.104/en/abandoninstall?source=lightinstaller&page=tsBing
Task: {C7D05EAF-91FC-480F-AA6A-448B13F97789} - System32\Tasks\Opera scheduled Autoupdate 1451100758 => C:\Program Files (x86)\Opera\launcher.exe [2017-07-18] (Opera Software)
Task: {C8936B4C-60D8-42B6-9326-09022B708205} - System32\Tasks\{548B6018-E7E4-41AD-BDD8-3A64186E4F2D} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {CC4AEA42-5AB6-4B7F-A055-B713048FE1AF} - System32\Tasks\{F754823A-14D8-44DD-93B1-E6DFB0443492} => C:\Windows\system32\pcalua.exe -a "C:\Users\user\Documents\software\Sony SoundForge v8.0 build 53\soundforge80.exe" -d "C:\Users\user\Documents\software\Sony SoundForge v8.0 build 53"
Task: {CDC2F808-ADB5-4650-BD92-CB24BB1844D2} - System32\Tasks\{F39E99C2-BAD8-4F84-BC48-CD2B90F11A2A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {D1D33AC4-867E-4985-AEBD-0EFBB231A349} - System32\Tasks\{3192821A-23FB-4CD6-B5C1-31231C7F6118} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\vkaraoke.exe -d C:\Users\user\Downloads
Task: {D2C8D071-FE43-4320-962F-2EE3B6E175A4} - System32\Tasks\AdobeAAMUpdater-1.0-user-PC-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {D35A34F9-1889-4266-B5F3-DCE3F64A4EA8} - System32\Tasks\{E18EB61C-406F-4295-B395-FD961776D36E} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {D3FD566F-170B-458D-A1F1-ED0824903DA5} - System32\Tasks\{1EE7218E-4F1A-4907-AF10-4CB43BD88E26} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Documents\software\DP4100_WinDriver_108\Setup\PostSetup\Win32\WinDriverInstaller32.exe -d C:\Users\user\Documents\software\DP4100_WinDriver_108\Setup\PostSetup\Win32
Task: {D884A3C3-FBF2-4B59-A8EE-E9AD74B1D90A} - System32\Tasks\{1169BD85-CCCD-4DF7-B609-DB133965B0A6} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {ED18C1A2-1678-452E-9652-8A9E008D034E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
Task: {F8766863-EA11-48A6-91F0-CD9801E40D50} - System32\Tasks\{F362C98C-1806-4933-B966-667E9E7D774C} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3599117210-139940529-1983179741-1000Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3599117210-139940529-1983179741-1000UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\MsF to Iwares Starter Edition.job => rundll32.exe  C:\Program Files\MsF to Iwares Starter Edition\MsF to Iwares Starter Edition.dll
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-31 09:29 - 2012-10-23 11:13 - 000135168 _____ () C:\Program Files (x86)\MMX353G 3G USB Manager\Driver\ChgService.exe
2014-09-12 17:07 - 2014-07-18 21:54 - 010982912 _____ () C:\xampp\mysql\bin\mysqld.exe
2013-01-30 16:32 - 2012-12-04 15:25 - 000176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2013-04-22 14:55 - 2012-09-11 23:14 - 000390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-04-30 09:17 - 2013-04-30 09:17 - 000248704 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2013-05-25 11:19 - 2008-06-26 19:09 - 000167936 _____ () C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
2017-06-12 23:18 - 2017-06-12 23:18 - 000052392 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-04-03 19:28 - 2013-04-03 19:28 - 000287448 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WPSService.exe
2017-08-02 20:02 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2013-01-30 16:32 - 2012-08-14 19:01 - 001328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000162032 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-07-20 02:00 - 2017-07-20 02:00 - 000831664 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000276808 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-06-28 01:32 - 2017-06-23 08:51 - 003807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 01:32 - 2017-06-23 08:51 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2016-08-02 01:24 - 2016-08-02 01:24 - 000865232 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-08-02 23:01 - 2017-08-02 23:01 - 005891448 _____ () C:\Program Files\AVAST Software\Avast\defs\17080206\algo.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-08-03 15:17 - 2017-08-03 15:17 - 005891448 _____ () C:\Program Files\AVAST Software\Avast\defs\17080302\algo.dll
2017-08-03 23:21 - 2017-08-03 23:21 - 005891448 _____ () C:\Program Files\AVAST Software\Avast\defs\17080308\algo.dll
2014-09-12 17:07 - 2014-07-17 16:48 - 000219648 _____ () C:\xampp\apache\bin\pcre.dll
2014-09-12 17:08 - 2014-07-24 03:54 - 000128512 _____ () C:\xampp\php\libpq.dll
2017-07-20 02:00 - 2017-07-20 02:00 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-04 10:10 - 2017-07-04 10:10 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-09-08 15:29 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2011-12-13 11:10 - 2011-12-13 11:10 - 000413696 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WlanDll.dll
2017-08-02 21:48 - 2016-08-10 17:13 - 000188704 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2017-08-02 21:48 - 2016-08-10 17:13 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll
2017-08-02 21:48 - 2016-08-10 17:13 - 000151840 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2017-08-02 21:48 - 2017-05-09 10:59 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2017-06-12 23:18 - 2017-06-12 23:18 - 000048296 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2017-08-02 21:48 - 2016-12-12 16:52 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2017-08-02 21:48 - 2016-12-12 16:52 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2017-08-02 21:48 - 2016-12-12 16:52 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2013-01-25 23:00 - 2012-06-25 10:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-03-09 16:26 - 2012-03-09 16:26 - 000100352 _____ () C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [514]
AlternateDataStreams: C:\ProgramData\TEMP:1493A0EF [134]
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [127]
AlternateDataStreams: C:\ProgramData\TEMP:89FAC91C [246]
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [180]
AlternateDataStreams: C:\Users\user\Local Settings:7esI4uoB2hMrxMNjQcu [1922]
AlternateDataStreams: C:\Users\user\AppData\Local:7esI4uoB2hMrxMNjQcu [1922]
AlternateDataStreams: C:\Users\user\AppData\Local\Application Data:7esI4uoB2hMrxMNjQcu [1922]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-02-09 21:18 - 2017-02-22 12:06 - 000000000 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk => C:\Windows\pss\Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Remote Control.lnk => C:\Windows\pss\Remote Control.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: Andy => C:\Program Files\Andy\HandyAndy.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: BrHelp => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Aimersoft\YouTube Downloader\BrowserPlugInHelper.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CNAP2 Launcher => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Aimersoft\YouTube Downloader\DelayPluginI.exe
MSCONFIG\startupreg: DigidesignMMERefresh => C:\Program Files\Avid\Pro Tools\MMERefresh.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Free Download Manager => "C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
MSCONFIG\startupreg: OCCAgent => C:\Program Files (x86)\OCCAgent\OCCAgent.exe
MSCONFIG\startupreg: PATHPILOT => C:\Program Files (x86)\Aktiv MP3 Recorder\Aktiv MP3 Recorder.lnk
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDP => C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto 
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TiVme Agent => C:\Program Files (x86)\iBall Claro TV\iBall Claro TV\ScheduleAgent.exe srec
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: uTorrent => "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VmbNotifier => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
MSCONFIG\startupreg: WhatPulse => "C:\Program Files (x86)\WhatPulse2\whatpulse.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CED53D76-181C-484F-B8CA-494BD44F3DE5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{1299B49D-98C1-44B9-910D-17B07832C6F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{797BEC01-5C95-4757-AF6D-12D298B063E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{7DF70F8D-DB66-4A61-BE57-128AE64F0A80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{2F53632B-2536-4C2B-89CD-C6930E9CA992}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{B82A5848-20D6-4ECB-A771-4D666A3F59CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{C26B893D-3DCF-4054-AB6A-BBFE4B704998}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{264DD373-AE2D-4CED-B9C2-C6333F47A460}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{90C1F44B-2CC7-42BE-A35F-C9793E4859B5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4B6F036D-71F6-4000-95BF-274ECDCD2779}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{BCD49DCC-20E9-44EB-B696-6091DF79BD19}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B74661B6-B4CD-449D-991F-C8BA154F18FC}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{0D5E8FB6-A25A-4400-9C57-4A4CF5CA641B}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{47F4B93B-DC07-4CD0-B838-BFC292CD096C}] => (Allow) LPort=5353
FirewallRules: [{F9B44D1A-E69F-4236-9380-87D5A2A6928D}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{EFD3074D-96C9-420F-88E7-DB849AE196FF}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{C0A3E674-2A78-4417-B33E-2E03841A75EC}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{887EB605-6F96-4CC8-B2B8-5DC31F871F9E}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{B27515C4-8769-4AAE-9A2C-282A7B3919E6}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [TCP Query User{39E86D47-1D17-467A-BB8E-62D5D2910E10}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{C7FC367F-A845-4EAD-8269-9A13007E2E75}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{8D3E0551-F490-46A6-A5EF-AB98C9681BEF}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{023A1B46-6284-42F9-85BB-EE7586B774CA}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E370996B-C7F9-4D2F-BE55-C23D09D0FEA4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F3D126D-77D2-447B-96FD-5BEC3574E2DA}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{84161983-E912-4734-9439-DEE045847760}] => (Allow) C:\Users\user\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{FF318F77-CA37-4BB1-9CBE-D10049F58663}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{EA9AC15D-5206-44B7-B627-DCF914E4B1A0}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{3CDF5802-8728-4EB9-B4E5-128D9D243944}] => (Block) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{982AB8FE-4058-43C8-A8AF-04EA408A735B}] => (Block) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{F0AA214F-B38C-434E-A099-0F364CA1081B}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{97F0EF08-B570-4750-9786-CFFC903F43E8}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{CDD0534B-2086-461B-8283-46F305A1AA78}C:\program files (x86)\aimersoft\youtube downloader\urlreqservice.exe] => (Allow) C:\program files (x86)\aimersoft\youtube downloader\urlreqservice.exe
FirewallRules: [UDP Query User{929D35CE-07FA-4F56-9C23-BCC877973012}C:\program files (x86)\aimersoft\youtube downloader\urlreqservice.exe] => (Allow) C:\program files (x86)\aimersoft\youtube downloader\urlreqservice.exe
FirewallRules: [{FACE4521-D643-420E-8A33-32E8F86273E0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{3137A315-D97E-4B86-BBF8-4F9A6810BF7D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{1DD16A3E-D151-46D9-B8A1-28341E92F0BB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{39275637-5DE8-49DE-B8AF-C4351AC851BC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{8B5A40E8-97B4-4EBB-B163-1CED77951058}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{0AEC1FE6-8473-4015-833E-CF89F20E8129}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [TCP Query User{AB547EC7-8B47-4D6F-A752-7E2C6A597BF7}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe
FirewallRules: [UDP Query User{21BDB955-DE1B-4C54-A218-1E58FF8A9A52}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe
FirewallRules: [{41426EE5-A14E-4B26-A795-E264780669F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8024CE2D-147F-4B84-AC3D-86CBE251E032}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{09709BFB-A3B5-483E-8908-0A687ED715A3}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [UDP Query User{5E688DFF-A262-4554-BA24-A1D1DE4573C8}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [{F5647487-D6AE-4A88-9386-6A0F557C5013}] => (Allow) C:\Program Files (x86)\Droid4X\Droid4X.exe
FirewallRules: [{682FAEA6-E84C-4C43-B95D-235E85AAED6E}] => (Allow) C:\Program Files\Oracle\VirtualBox\vboxheadless.exe
FirewallRules: [{BF9F3838-739D-47BF-BBBC-EA21059F497F}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{633F6CE0-075C-46AC-B74A-13E23689C228}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [TCP Query User{316B23B8-30A7-4203-A685-2226100102B3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9B1BF3DA-5D3F-4C01-B593-AF2BCA14C9F0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7C81A35A-CB51-4400-AEF6-A7FC6C08E4B0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{181C2D77-E590-4E7E-9C72-1CF9FB6559E3}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{FD04AC89-094E-4F63-8972-A4A222F76C5A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{97CF3095-07C3-40A5-ADF8-61B69A5F2160}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{BF56F7E2-652C-48B9-805F-173B48CCBB73}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [TCP Query User{ABA9F6BA-8527-4384-AF2A-A2CD1BCF43C0}C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe
FirewallRules: [UDP Query User{C70B38A3-D463-412B-A7DF-DA8997F5D7F9}C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe
FirewallRules: [{36662E86-30B8-4949-BBD6-A47EF35E5503}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0938B98-73C0-4229-A926-46C26112D79A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B14B8023-E11C-41FE-B652-F22167A0B4AB}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{60CFAEE1-900D-401A-9CAE-74C483A040AC}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{DE7B4EB3-FDE5-4B61-8705-EB7641B5D721}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FAE5AB1F-240A-4870-A1F5-C9D228384939}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5ECB844B-8084-4A96-97E7-A64ABC82A284}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0212A282-06AE-4488-B950-5C7B2E2B1060}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{381EA27B-CBCC-4DCF-8137-215804AEFDA2}] => (Allow) C:\Program Files (x86)\X-Mirage\x-mirage.exe
FirewallRules: [{C2C4C5AA-E1F4-475B-AB8D-0019F9CA3141}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
FirewallRules: [{572AB3C1-6BFF-4F1C-B51D-D8EBC77CC9D6}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
FirewallRules: [{5F9F91BF-FA47-4971-8939-A9CA77D1F169}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
FirewallRules: [{A4670802-8756-4187-AF3E-4B9562565ACB}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
FirewallRules: [{86ECBE5D-3151-415A-BBFC-01DFAB70C90E}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
FirewallRules: [{55DF995A-ED92-4BD7-BB37-777530C8C575}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
FirewallRules: [{7D216E68-2D55-4A6F-9879-9F2C3A977BEE}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
FirewallRules: [{F055A3F9-F660-4FC0-864D-C91E92BD90C9}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
FirewallRules: [{722725A4-125F-4FF0-9E77-9207BCB7081F}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
FirewallRules: [{9E3EB905-0CAB-4716-A353-0131329F88E3}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
FirewallRules: [{5BEC2607-C315-4B4A-A5EA-22B2B8945744}] => (Allow) C:\Program Files\AMI\DuOS\CamProvider.exe
FirewallRules: [{9885A463-8C80-4C34-9681-62B939C934D0}] => (Allow) C:\Program Files\AMI\DuOS\CamProvider.exe
FirewallRules: [{F579AA21-B342-40E4-83D5-3FB267F236C3}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
FirewallRules: [{0D2B7C7D-C37E-4D5C-83E7-FD95F38EB5B3}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
FirewallRules: [{8F8CCF8C-2BB5-4603-A3B2-2C22E5C32900}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
FirewallRules: [{49C274BC-A654-4380-AB38-EFAE35902532}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
FirewallRules: [{442E8BC8-0368-48B9-970A-886F069736FD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CFA44FBE-55E3-4B4D-BE61-22683AA662DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AA036C15-69CB-421A-927F-812D9B2E1A68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7D980DA6-5FD2-45B3-8E9E-B346339F970E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9191462F-D6AF-4A1E-BAB8-F4DA3FB2E808}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C82D0BF8-6142-4ACC-BC86-25DC33B162E2}] => (Allow) C:\Program Files (x86)\AirPrint\airprint.exe
FirewallRules: [TCP Query User{A2887B37-AAE3-4525-A13F-17695DBABF77}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{AF52BF24-E5C2-4224-A71B-2B1285DAE1C7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{5F9876F2-8B0B-449B-9FD6-3066CD9559B2}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{8970C5F7-E7C3-4724-99CE-97446B02F09C}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{B47DA446-FA4E-4A66-9EC5-7DDF018F0316}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4E900C73-895D-4BB1-9454-AFBADB85A470}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F24A1E51-45FB-432C-9BD8-E7E6CAA1468A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F6B3D542-0B3A-49A7-9749-29A18DCEADDD}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{C4CB19A6-096B-4E78-BF53-075B91F86BB9}] => (Allow) C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{3C8A5212-CDEE-4A5F-B6FD-2F9484CE4C73}] => (Allow) C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{EB1793CB-481B-46D4-98A2-E44B103EF084}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4A6DAE3F-7378-4F7D-BE91-7FE6C9F1AE48}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{7D9796F0-3E95-4D88-A1C6-45F040EF6198}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.46\opera.exe
FirewallRules: [{06E9D18C-3943-45BF-82AE-24FD1C8F1524}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
FirewallRules: [{A955704E-F179-4475-AA1F-D032F57F5F20}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.57\opera.exe
FirewallRules: [{76ADB3DD-1BD6-4873-BC6E-ECE55D7CB6CF}] => (Allow) C:\Program Files\Avid\Pro Tools\AvidVideoEngine.exe
FirewallRules: [{8BB003BF-256B-4BAD-ABEE-044EAF1962A2}] => (Allow) C:\Program Files\Avid\Pro Tools\ProTools.exe
FirewallRules: [{C680D199-3119-4458-B098-BAF9F6A5085E}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{3030B1AD-C307-4279-99E9-EAE5D8BE5FEB}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{1ABAC347-D0D0-435F-AB55-8F81FF8F7BDA}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{8A60BFE6-3512-49EB-B2AB-BFAED0AA62F3}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{EE259837-ADAC-44D6-98EE-C84466379FF2}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{C17F0F78-CD10-4547-B777-758311A4D94B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
04-08-2017 02:00:59 Installed PDFescape Desktop View Module
04-08-2017 02:03:59 Installed PDFescape Desktop Create Module
04-08-2017 02:07:04 Installed PDFescape Desktop Insert Module
04-08-2017 02:07:29 Installed PDFescape Desktop Secure Module
04-08-2017 02:08:37 Installed PDFescape Desktop Forms Module
04-08-2017 02:09:45 Installed PDFescape Desktop Edit Module
04-08-2017 02:11:10 Installed PDFescape Desktop Review Module
 
==================== Faulty Device Manager Devices =============
 
Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/04/2017 06:55:06 AM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
Error: (08/04/2017 03:55:06 AM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
Error: (08/04/2017 12:55:07 AM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
Error: (08/03/2017 09:55:07 PM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
Error: (08/03/2017 06:55:06 PM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
Error: (08/03/2017 03:55:06 PM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
Error: (08/03/2017 02:43:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: localization-service.dll_unloaded, version: 0.0.0.0, time stamp: 0x57a49211
Exception code: 0xc0000005
Fault offset: 0x000007fed56f66d1
Faulting process id: 0xedc
Faulting application start time: 0x01d30bfa2f3f4c80
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: localization-service.dll
Report Id: 05cd7b62-782c-11e7-b40d-50465d8d7f0d
 
Error: (08/03/2017 12:55:07 PM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
Error: (08/03/2017 09:55:06 AM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
Error: (08/03/2017 06:55:05 AM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
 
System errors:
=============
Error: (08/04/2017 07:10:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (08/04/2017 07:10:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (08/04/2017 07:10:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (08/04/2017 07:10:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (08/04/2017 07:10:28 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (08/04/2017 07:10:28 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (08/04/2017 02:51:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (08/04/2017 02:51:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (08/04/2017 02:51:12 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (08/04/2017 02:11:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-06 01:38:55.723
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplusrec.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:38:55.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplusrec.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:38:55.477
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:38:55.465
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:35:17.995
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplusrec.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:35:17.985
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplusrec.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:35:17.298
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:35:17.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:15:12.278
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplusrec.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:15:12.271
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplusrec.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 87%
Total physical RAM: 7882.99 MB
Available physical RAM: 1015.11 MB
Total Virtual: 15764.17 MB
Available Virtual: 5215.76 MB
 
==================== Drives ================================
 
Drive c: (Win7) (Fixed) (Total:488.18 GB) (Free:13.85 GB) NTFS
Drive d: (Data) (Fixed) (Total:443.23 GB) (Free:38.71 GB) NTFS
Drive f: (SDS-BG  ) (Removable) (Total:7.48 GB) (Free:0.05 GB) FAT32
Drive g: (SDS-BG  ) (Removable) (Total:7.48 GB) (Free:0.05 GB) FAT32
Drive h: (SDS-BG  ) (Removable) (Total:7.49 GB) (Free:0.05 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 425BDDB2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 6928BD7A)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)
 
========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 7A1E1612)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)
 
========================================================
Disk: 3 (Size: 7.5 GB) (Disk ID: 021BCEEB)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)
 
==================== End of Addition.txt ============================

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,598 posts
  • MVP

Uninstall:

 

Aimersoft Helper Compact 2.5.1 
Aimersoft YouTube Downloader
IObit Malware Fighter 5
Java 8 Update 101 
Java 8 Update 71 
ZoneAlarm Free Antivirus + Firewall (You can reinstall it if you feel you need it but make sure it just installs the Firewall and does not install its anti-virus)
 
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   20.06KB   9 downloads
 
Run FRST and press Fix  (PC will reboot) 
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.  Are you still getting the ads?
 
 
 
 

  • 0

#5
Kayesh

Kayesh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hi,

 

Avast blocked FRST.exe and reported it as a virus and removed it from my desktop ... probably it is now in AVAST quarantine.

 

Then, almost immediately after that, my internet provider informed me through a web page that opened that ...

"You have reached this page because your computer / system / device is probably infected with malware called 'Bot' and could become a part of a botnet."

(http://www.cyberswachhtakendra.gov.in/)

 

I'm currently running the 'Quickheal' tool.

 

After that I can download the FRST.exe file again, do you suggest to disable AVAST while running? You think it was a false positive?

 

Thanks for helping


  • 0

#6
Kayesh

Kayesh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hello,

 

Thanks so much for your awesome support. I have been struggling and trying for days to get rid of this malware.

 

Now everything is good again here and I'm really grateful for this help. 

 

Regarding the bot warning message that I got: Quickheal Bot removal tool found two infected files and removed them.

 

Then I downloaded FRST64.exe again, disabled AVAST and started the fix again ... and now the previously hijacked Chrome browser is back to normal again.

 

--------------------------------------------------

Here is the Fixlog.txt - 

--------------------------------------------------

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by user (05-08-2017 00:08:29) Run:2
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {11cf0da2-bcb9-11e3-b981-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {1b83ef7b-1a9f-11e3-91f2-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {255175e2-6afa-11e2-9860-50465d8d7f0d} - F:\.\ShowModem.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {26b46e00-6a2c-11e2-9ce3-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {3893a4d8-a14d-11e3-a18f-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {6637c49b-c839-11e6-9296-50465d8d7f0d} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {6b0e6f57-890b-11e3-907a-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {933163ad-827c-11e4-984b-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {a7a86924-9cf9-11e6-b52c-50465d8d7f0d} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {a7a86936-9cf9-11e6-b52c-50465d8d7f0d} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {a7a86944-9cf9-11e6-b52c-50465d8d7f0d} - F:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {abcb8a2a-6783-11e2-83dd-806e6f6e6963} - E:\shellexec.exe rom\index.html
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {b9c07f58-215e-11e4-b017-50465d8d7f0d} - I:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {bdb0f44e-695a-11e2-904f-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {d9e665ff-5044-11e3-9820-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {de5f0cb2-8935-11e4-b215-50465d8d7f0d} - F:\AutoRun.exe
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\MountPoints2: {e34c13ef-6aa8-11e2-97c4-50465d8d7f0d} - G:\AutoRun.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com/?fr=fp-comodo&type=19_25050030005_52.15.25.664_u_hp
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3599117210-139940529-1983179741-1000 -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=19_25050030005_52.15.25.664_u_ds&p={searchTerms}&rlz=1I7SAVJ_enIN527
SearchScopes: HKU\S-1-5-21-3599117210-139940529-1983179741-1000 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxps://search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=19_25050030005_52.15.25.664_u_ds&p={searchTerms}&rlz=1I7SAVJ_enIN527
BHO: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> No File
BHO-x32: Aimersoft YouTube Downloader 4.9.0 -> {DED5B67D-3E39-4432-BD75-6A1434E09472} -> C:\ProgramData\Aimersoft\YouTube Downloader\WSBrowserAppMgr.dll [2016-08-08] ()
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3599117210-139940529-1983179741-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKU\S-1-5-21-3599117210-139940529-1983179741-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: WSAMAllMyTubechrome - {C985F516-9C03-4F90 -  No File
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r8s5bbdm.default\user.js [2017-06-29]
FF NewTab: Mozilla\Firefox\Profiles\r8s5bbdm.default -> about:newtab
FF Extension: (Video DownloadHelper) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r8s5bbdm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-07-15] 
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Aimersoft\YouTube Downloader\[email protected]_xpi
FF Extension: (Aimersoft YouTube Downloader) - C:\ProgramData\Aimersoft\YouTube Downloader\[email protected]_xpi [2016-10-02]
FF HKLM-x32\...\Firefox\Extensions: [{73B03417-517F-4ABC-A430-33518B96A552}] - C:\Program Files (x86)\Aimersoft\YouTube Downloader\SVRFirefoxExt
FF Extension: (No Name) - C:\Program Files (x86)\Aimersoft\YouTube Downloader\SVRFirefoxExt [2014-06-04] [not signed]
FF HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 => not found
FF HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\Firefox\Extensions: [{73B03417-517F-4ABC-A430-33518B96A552}] - C:\Program Files (x86)\Aimersoft\YouTube Downloader\SVRFirefoxExt
FF HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 => not found
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/yhs/search?p={searchTerms}&hspart=comodo&hsimp=yhs-ccs&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2017-04-07]
CHR HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2272904 2016-09-29] (Comodo)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1768736 2017-07-18] (IObit)
U4 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X]
S4 Agpproiovs; no ImagePath
2017-07-15 21:30 - 2017-07-15 21:30 - 000000000 _____ C:\Users\user\AppData\Local\{ECB12073-E17B-4A30-AA00-0AF50361E40A}
2017-07-12 10:37 - 2017-07-12 10:37 - 000003190 _____ C:\Windows\System32\Tasks\{EB7D89F4-994B-4A40-8D86-35A2CEB78D99}
2017-07-28 01:12 - 2014-03-02 02:29 - 000000000 ____D C:\ProgramData\Aimersoft YouTube Downloader
2014-05-22 17:01 - 2014-05-22 17:01 - 000005024 _____ () C:\ProgramData\dbvvomjc.bpt
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\ChromeHTML: ->  <==== ATTENTION
ContextMenuHandlers1: [Advanced SystemCare] -> {9486A9B2-D787-4eca-A25C-4A0086BB4154} =>  -> No File
Task: {1C265897-379D-4D6C-8E79-B48807743038} - System32\Tasks\{3BE6BDAA-AB23-419D-8418-07168B94ABA7} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Aimersoft\YouTube Downloader\PluginInstallForExe.exe" -d C:\Windows\SysWOW64 -c 1 0 0 1
Task: {2286F8B2-89DC-4729-8320-1E65DF829733} - System32\Tasks\{560CA622-9B91-4A2E-933E-381805697AF0} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Aimersoft\YouTube Downloader\PluginInstallForExe.exe" -d C:\Windows\SysWOW64 -c 1 0 1 0
Task: {5106500E-6325-4EAF-BD73-D8DD818639B0} - System32\Tasks\MsF to Iwares Starter Edition => C:\Windows\system32\rundll32.exe "C:\Program Files\MsF to Iwares Starter Edition\MsF to Iwares Starter Edition.dll",WmkHanDOGHEb <==== ATTENTION
Task: {83A6D604-E639-45AD-9028-D28842EA070E} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis1B4.exe <==== ATTENTION
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
Task: {01EE37C1-FAC3-4473-92B2-F47E44AEB5AE} - System32\Tasks\{5CB279D8-29BE-4330-9F8C-35428777570B} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Documents\software\gm5p_setup_3.exe -d C:\Users\user\Documents\software
Task: {12B5F3A2-108C-4CA1-956F-4DFB0001A193} - System32\Tasks\{EB7D89F4-994B-4A40-8D86-35A2CEB78D99} => C:\Windows\system32\pcalua.exe -a C:\Users\user\AppData\Local\Temp\Temp1_installation_manager_win_1_0_1.zip\PA-InstallationManager.exe <==== ATTENTION
Task: {4C66EE94-64F2-4CC6-A87E-3C45DDBE52B0} - System32\Tasks\{31750143-ADEB-407D-882E-B8B37A9D70AE} => C:\Windows\system32\pcalua.exe -a E:\Install.exe -d E:\
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3599117210-139940529-1983179741-1000Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3599117210-139940529-1983179741-1000UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\MsF to Iwares Starter Edition.job => rundll32.exe  C:\Program Files\MsF to Iwares Starter Edition\MsF to Iwares Starter Edition.dll
AlternateDataStreams: C:\Windows:nlsPreferences [514]
AlternateDataStreams: C:\ProgramData\TEMP:1493A0EF [134]
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [127]
AlternateDataStreams: C:\ProgramData\TEMP:89FAC91C [246]
AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [180]
AlternateDataStreams: C:\Users\user\Local Settings:7esI4uoB2hMrxMNjQcu [1922]
AlternateDataStreams: C:\Users\user\AppData\Local:7esI4uoB2hMrxMNjQcu [1922]
AlternateDataStreams: C:\Users\user\AppData\Local\Application Data:7esI4uoB2hMrxMNjQcu [1922]
CMD: sc delete BAPIDRV
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\idstore.sst
EmptyTemp:
FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
 
 
*****************
 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11cf0da2-bcb9-11e3-b981-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{11cf0da2-bcb9-11e3-b981-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b83ef7b-1a9f-11e3-91f2-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{1b83ef7b-1a9f-11e3-91f2-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{255175e2-6afa-11e2-9860-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{255175e2-6afa-11e2-9860-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26b46e00-6a2c-11e2-9ce3-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{26b46e00-6a2c-11e2-9ce3-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3893a4d8-a14d-11e3-a18f-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{3893a4d8-a14d-11e3-a18f-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6637c49b-c839-11e6-9296-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{6637c49b-c839-11e6-9296-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b0e6f57-890b-11e3-907a-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{6b0e6f57-890b-11e3-907a-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{933163ad-827c-11e4-984b-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{933163ad-827c-11e4-984b-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7a86924-9cf9-11e6-b52c-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{a7a86924-9cf9-11e6-b52c-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7a86936-9cf9-11e6-b52c-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{a7a86936-9cf9-11e6-b52c-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7a86944-9cf9-11e6-b52c-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{a7a86944-9cf9-11e6-b52c-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abcb8a2a-6783-11e2-83dd-806e6f6e6963} => key removed successfully
HKLM\Software\Classes\CLSID\{abcb8a2a-6783-11e2-83dd-806e6f6e6963} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9c07f58-215e-11e4-b017-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{b9c07f58-215e-11e4-b017-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdb0f44e-695a-11e2-904f-806e6f6e6963} => key not found. 
HKLM\Software\Classes\CLSID\{bdb0f44e-695a-11e2-904f-806e6f6e6963} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9e665ff-5044-11e3-9820-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{d9e665ff-5044-11e3-9820-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de5f0cb2-8935-11e4-b215-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{de5f0cb2-8935-11e4-b215-50465d8d7f0d} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e34c13ef-6aa8-11e2-97c4-50465d8d7f0d} => key not found. 
HKLM\Software\Classes\CLSID\{e34c13ef-6aa8-11e2-97c4-50465d8d7f0d} => key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} => key not found. 
HKLM\Software\Classes\CLSID\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} => key not found. 
HKLM\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DED5B67D-3E39-4432-BD75-6A1434E09472} => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{DED5B67D-3E39-4432-BD75-6A1434E09472} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value not found.
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value not found.
HKLM\Software\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => key not found. 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value not found.
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => key not found. 
HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\WSAMAllMyTubechrome => key removed successfully
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r8s5bbdm.default\user.js => moved successfully
Firefox "newtab" removed successfully
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r8s5bbdm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value not found.
C:\ProgramData\Aimersoft\YouTube Downloader\[email protected]_xpi => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{73B03417-517F-4ABC-A430-33518B96A552} => value not found.
C:\Program Files (x86)\Aimersoft\YouTube Downloader\SVRFirefoxExt => not found.
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\Software\Mozilla\Firefox\Extensions\\{73B03417-517F-4ABC-A430-33518B96A552} => value not found.
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\Software\Mozilla\SeaMonkey\Extensions\\[email protected] => value removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2017-04-07] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\SOFTWARE\Google\Chrome\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm => key removed successfully
DragonUpdater => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\DragonUpdater => key removed successfully
DragonUpdater => service removed successfully
IMFservice => service not found.
HKLM\System\CurrentControlSet\Services\cmdAgent => key removed successfully
cmdAgent => service removed successfully
HKLM\System\CurrentControlSet\Services\Agpproiovs => key removed successfully
Agpproiovs => service removed successfully
C:\Users\user\AppData\Local\{ECB12073-E17B-4A30-AA00-0AF50361E40A} => moved successfully
C:\Windows\System32\Tasks\{EB7D89F4-994B-4A40-8D86-35A2CEB78D99} => moved successfully
C:\ProgramData\Aimersoft YouTube Downloader => moved successfully
C:\ProgramData\dbvvomjc.bpt => moved successfully
HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\ChromeHTML => key removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Advanced SystemCare => key removed successfully
HKLM\Software\Classes\CLSID\{9486A9B2-D787-4eca-A25C-4A0086BB4154} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C265897-379D-4D6C-8E79-B48807743038} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C265897-379D-4D6C-8E79-B48807743038} => key removed successfully
C:\Windows\System32\Tasks\{3BE6BDAA-AB23-419D-8418-07168B94ABA7} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3BE6BDAA-AB23-419D-8418-07168B94ABA7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2286F8B2-89DC-4729-8320-1E65DF829733} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2286F8B2-89DC-4729-8320-1E65DF829733} => key removed successfully
C:\Windows\System32\Tasks\{560CA622-9B91-4A2E-933E-381805697AF0} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{560CA622-9B91-4A2E-933E-381805697AF0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5106500E-6325-4EAF-BD73-D8DD818639B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5106500E-6325-4EAF-BD73-D8DD818639B0} => key removed successfully
C:\Windows\System32\Tasks\MsF to Iwares Starter Edition => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MsF to Iwares Starter Edition => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83A6D604-E639-45AD-9028-D28842EA070E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83A6D604-E639-45AD-9028-D28842EA070E} => key removed successfully
C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aimersoft Helper Compact.exe => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01EE37C1-FAC3-4473-92B2-F47E44AEB5AE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01EE37C1-FAC3-4473-92B2-F47E44AEB5AE} => key removed successfully
C:\Windows\System32\Tasks\{5CB279D8-29BE-4330-9F8C-35428777570B} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5CB279D8-29BE-4330-9F8C-35428777570B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12B5F3A2-108C-4CA1-956F-4DFB0001A193} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12B5F3A2-108C-4CA1-956F-4DFB0001A193} => key removed successfully
C:\Windows\System32\Tasks\{EB7D89F4-994B-4A40-8D86-35A2CEB78D99} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EB7D89F4-994B-4A40-8D86-35A2CEB78D99} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C66EE94-64F2-4CC6-A87E-3C45DDBE52B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C66EE94-64F2-4CC6-A87E-3C45DDBE52B0} => key removed successfully
C:\Windows\System32\Tasks\{31750143-ADEB-407D-882E-B8B37A9D70AE} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31750143-ADEB-407D-882E-B8B37A9D70AE} => key removed successfully
C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3599117210-139940529-1983179741-1000Core.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3599117210-139940529-1983179741-1000UA.job => moved successfully
C:\Windows\Tasks\MsF to Iwares Starter Edition.job => moved successfully
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\TEMP => ":1493A0EF" ADS removed successfully.
C:\ProgramData\TEMP => ":1AAB2E68" ADS removed successfully.
C:\ProgramData\TEMP => ":89FAC91C" ADS removed successfully.
C:\ProgramData\TEMP => ":D5FBE8F9" ADS removed successfully.
C:\Users\user\Local Settings => ":7esI4uoB2hMrxMNjQcu" ADS removed successfully.
"C:\Users\user\AppData\Local" => ":7esI4uoB2hMrxMNjQcu" ADS not found.
"C:\Users\user\AppData\Local\Application Data" => ":7esI4uoB2hMrxMNjQcu" ADS not found.
 
========= sc delete BAPIDRV =========
 
[SC] DeleteService SUCCESS
 
========= End of CMD: =========
 
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\idstore.sst => moved successfully
FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 219183019 B
Java, Flash, Steam htmlcache => 740 B
Windows/system/drivers => 461806313 B
Edge => 0 B
Chrome => 360895864 B
Firefox => 380830697 B
Opera => 246094806 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 60341169 B
systemprofile32 => 262696 B
LocalService => 146735 B
NetworkService => 470244 B
user => 71320188095 B
 
RecycleBin => 1202940433 B
EmptyTemp: => 69.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 00:13:
 
 
-------------------------------------------------------------------------------------
 
Again, I thank you and geekstogo.com so much for your help.
 
No money asked, no subscription, nothing ... just professional custom support to the point. 
 
This is almost too good to be true.
 
Thanks so much, I'll be around.  :wave:

  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,598 posts
  • MVP

Best to do a new FRST scan so I can see if this quickheal stuff was legit.  Definitely an oops on Avast's part that it ate FRST


  • 0

#8
Kayesh

Kayesh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Ok, I did that and FRST.txt looks good ...

 

 
LastRegBack: 2017-08-02 04:20
 
==================== End of FRST.txt ============================
 
and here the Addition.txt ----------------
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by user (05-08-2017 11:04:44)
Running from C:\Users\user\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-01-25 17:17:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
788B5E4B02E649F0AEFF (S-1-5-21-3599117210-139940529-1983179741-1010 - Limited - Enabled)
9A3542F65C084D47BE6C (S-1-5-21-3599117210-139940529-1983179741-1009 - Limited - Enabled)
Administrator (S-1-5-21-3599117210-139940529-1983179741-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3599117210-139940529-1983179741-1002 - Limited - Enabled)
Guest (S-1-5-21-3599117210-139940529-1983179741-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3599117210-139940529-1983179741-1007 - Limited - Enabled)
user (S-1-5-21-3599117210-139940529-1983179741-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Data Recovery Suite version 3.2.0 (HKLM-x32\...\{02386A56-080B-485c-941D-AF96B29140DD}_is1) (Version: 3.2.0 - SharpNight Co,Ltd)
7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.11 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 Vista Compatibility (HKLM\...\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb) (Version:  - )
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 Functional Content (HKLM-x32\...\{614020C8-2E16-4E16-A5F0-04DE2AB96097}) (Version: 6.0.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Advanced Font Viewer 5.1 (HKLM-x32\...\Advanced Font Viewer_is1) (Version:  - Alexander G Styopkin)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.64 - Hulubulu Software)
AIR iPad (HKLM-x32\...\{EA09B356-31B5-3C6F-5B23-AE3FE0A29E99}) (Version: 01 - UNKNOWN) Hidden
AIR iPad (HKLM-x32\...\AIRiPad.2F5B6419AD1E468138DDD0B435CF5E716FC9F465.1) (Version: v.01 - UNKNOWN)
All File Email Extractor v2.4 (HKLM-x32\...\All File Email Extractor v2.4) (Version:  - AlgoLogic)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
Aostsoft Image to Word OCR Converter 3.8.2 (HKLM-x32\...\Aostsoft Image to Word OCR Converter_is1) (Version:  - Aostsoft,Inc.)
Apache Tomcat 7.0 Tomcat7 (remove only) (HKLM\...\Apache Tomcat 7.0 Tomcat7) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.2.6 - ASUSTeK Computer Inc.)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Avid Pro Tools (HKLM\...\{440A8FC5-DF1F-49F2-8936-227247138A34}) (Version: 12.5.0.395 - Avid Technology, Inc.)
B110 (HKLM-x32\...\{9F9A2D22-7E30-4546-B817-10644FFB9935}) (Version: 140.0.283.000 - Hewlett-Packard) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.70.6309 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Brother MFL-Pro Suite DCP-T300 (HKLM-x32\...\{BA07A125-6AC7-4293-89D6-391676FFD041}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Canon LBP7200C (HKLM\...\Canon LBP7200C) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CGS17_Setup_x64 (HKLM\...\{83646B67-A878-4E95-BB4B-AF4A6E61F28C}) (Version: 17.0 - Corel Corporation) Hidden
Classic PDF Editor 12.0 (HKLM-x32\...\Classic PDF Editor_is1) (Version:  - )
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 52.15.25.664 - Comodo)
CopyTrans Suite Remove Only (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{FD4A43CE-ABAE-4161-83AC-314A3C804F42}) (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (HKLM\...\{1967EF95-E00B-4669-8B1C-A589BE8BF24F}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (HKLM\...\{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (HKLM\...\{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (HKLM\...\{7386B5FA-8715-481D-821F-7785110506DF}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (HKLM\...\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (HKLM\...\{BB65D262-3EBC-4F10-89D9-67A320E94EAA}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (HKLM\...\{E699230D-4B5E-411E-9F45-FF50789B18DD}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (HKLM\...\{3933C06C-8239-432B-87FC-F2BDC5B49A10}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (HKLM\...\{B6DF7031-2843-44FD-9CAB-DECAB4257456}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (HKLM\...\{D7C2687D-924E-4485-B367-C7D95CBF8DDD}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (HKLM\...\{2C72B5E4-AA34-4F1A-8C7E-468530F9F6A3}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (HKLM\...\{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (HKLM\...\{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (HKLM\...\{10762393-1B90-4AC2-AF1A-4C0C04AE303F}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (HKLM\...\{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (HKLM\...\{1E3A578C-0A7D-4820-990F-B7545C0B2303}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (HKLM\...\{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}) (Version: 16.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (HKLM\...\{CCE7423E-1D84-4CD3-9E32-220EC9358D97}) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (HKLM\...\{2C91CB9D-323D-43E5-A433-229B71CFB773}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (HKLM\...\{9178F0A8-B6F6-4DA7-AD63-317CC4875F4B}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (HKLM\...\{BD036E95-A9CD-4DED-B744-95AB1DCAFF0C}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (HKLM\...\{5162E418-BB43-4C8F-ACD6-069645EF98C3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (HKLM\...\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (HKLM\...\{3BB8EB77-737B-4B32-BAB9-08C7110C46BD}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (HKLM\...\{D10A5CFA-FE33-4F06-AE37-554604F00A52}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (HKLM\...\{5406029B-67AD-4F8E-9F2D-F1959CD9CD86}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (HKLM\...\{C922F325-DD52-4E22-B204-431A06E63E51}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (HKLM\...\{1A73168F-5983-46A6-AAAB-FD83BC231E02}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (HKLM\...\{C57EDB5A-AC8E-4E03-9F1A-DC013A2BB9B2}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (HKLM\...\{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (HKLM\...\{5672E0DC-7489-4EAC-8CFD-E01B3868FCB5}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (HKLM\...\{966996DC-D67C-40E3-8BD4-31FA0F093571}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
cssSlider (HKLM-x32\...\cssSlider_is1) (Version:  - )
CyberLink PowerDirector 11 (HKLM\...\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DC1A2 version 2.1.0 (HKLM\...\DC1A2_is1) (Version: 2.1.0 - )
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
D-Link DWA-131 Wireless N Nano USB Adapter (HKLM-x32\...\{D9198056-A296-4583-A790-C0E73694CFE8}) (Version:  - D-Link)
Dropbox (HKLM-x32\...\Dropbox) (Version: 31.4.25 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
DuOS (HKLM\...\{D642C486-5337-4882-A7F3-91A4C797ABFA}) (Version: 2.0.6.8063 - American Megatrends Inc.)
DVD Architect Pro 6.0 (HKLM-x32\...\{E0E531A2-17C1-11E2-984D-1040F3E7010F}) (Version: 6.0.237 - Sony)
DVD Audio Extractor 7.2.0 (HKLM-x32\...\DVD Audio Extractor_is1) (Version:  - Computer Application Studio)
EaseUS Data Recovery Wizard 8.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 8.0_is1) (Version:  - EaseUS)
EaseUS Partition Master 10.8 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
EaseUS Partition Recovery 8.5 (HKLM-x32\...\EaseUS Partition Recovery_is1) (Version:  - EaseUS)
Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.9 - Poikosoft)
eMail Bounce Handler 3.8.2 (HKLM-x32\...\eMail Bounce Handler_is1) (Version:  - Max Programming LLC)
Email Extractor Files (HKLM-x32\...\{4D970F49-9840-446A-A33F-0146752D3499}) (Version: 5.0 - Technocom Solutions)
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 5.06 - NCH Software)
Express Scribe Transcription Software (HKLM-x32\...\Scribe) (Version: 5.85 - NCH Software)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
ffdshow v1.1.3572 [2010-09-13] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3572.0 - )
FileZilla Client 3.26.2 (HKLM-x32\...\FileZilla Client) (Version: 3.26.2 - Tim Kosse)
Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery)
FlippingBook PDF Publisher (HKLM-x32\...\{5DB38141-CCA8-4870-8EC1-FB06871AF278}) (Version: 0.5.8 - Mediaparts Interactive)
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
Free Audio Converter 1.0.2 (HKLM-x32\...\Free Audio Converter) (Version: 1.0.2 - 1Focus, Org.)
Free Audio Converter version 5.0.52.1122 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.52.1122 - DVDVideoSoft Ltd.)
Free Video To Audio Converter 2015 6.5.8 (HKLM-x32\...\Free Video To Audio Converter 2015_is1) (Version:  - FAEMedia Co., Ltd.)
Free Video to Flash Converter version 5.0.37.327 (HKLM-x32\...\Free Video to Flash Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GetFLV 9.6.2.1 (HKLM-x32\...\GetFLV_is1) (Version:  - GetFLV, Inc.)
gImageReader (HKLM-x32\...\gImageReader) (Version: 3.1.91 - Sandro Mani)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{09A8EA8A-9C9D-45E4-B20C-3F13C2CCD32C}) (Version: 7.3.0.3830 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPAC (remove only) (HKLM-x32\...\GPAC) (Version:  - )
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
GroupMail :: Personal Edition (HKLM-x32\...\{72FC0445-FE6D-4E12-815B-3A8C5E3704DA}_is1) (Version: 5.3.0.125 - Infacta Ltd.)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HD Video Converter Factory 11.1 (HKLM-x32\...\HD Video Converter Factory) (Version: 11.1 - WonderFox Soft, Inc.)
HD Video Converter Factory Pro 13.1 (HKLM-x32\...\HD Video Converter Factory Pro) (Version: 13.1 - WonderFox Soft, Inc.)
HDD Regenerator (HKLM-x32\...\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}) (Version: 1.71.0012 - Abstradrome)
hide.me VPN 1.2.14 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.2.14 - eVenture Limited)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{59C83C08-63F4-4AEC-81D6-392C5E23B843}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (HKLM-x32\...\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}) (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
iBall Claro TV T18 Device (HKLM-x32\...\TVCONDrv) (Version:  - )
IBP 12.0.2 (HKLM-x32\...\IBP12_is1) (Version: 12.0.2 - Axandra GmbH)
IconViewer (HKLM\...\{C6F34AE0-0576-11d4-82FE-4491FCC00000}) (Version: 3.2.147 - Bot Productions)
ID3-TagIT 3 (HKLM-x32\...\ID3-TagIT 3_is1) (Version: 3 - Michael Pluemper)
IDTE-ID3 Tag Editor (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\IDTE-ID3 Tag Editor) (Version: 02.80.00.00 - Team IDTE)
iLanguage (HKLM-x32\...\iLanguage) (Version: 2.2 - doIT)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4226 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
Itranslator 2003 Beta (HKLM-x32\...\Itranslator 2003 Beta_is1) (Version:  - Omkarananda Ashram Himalayas)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.03 - iZotope, Inc.)
iZotope RX 4 (HKLM-x32\...\iZotope RX 4_is1) (Version: 4.00 - iZotope, Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
join.me (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\JoinMe) (Version: 3.0.0.4238 - LogMeIn, Inc.)
kBilling Invoicing Software (HKLM-x32\...\{B38A9B1A-DAEF-4ECC-AC7D-FDB12EAE5663}_is1) (Version:  - K Software)
Kindle Previewer (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\KindlePreviewer) (Version: 2.92 - Amazon)
LameXP v4.15 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.15 Final-1 [Build #2002] - LoRd_MuldeR <[email protected]>)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Manager (HKLM-x32\...\{38251B9A-C44B-42D9-9A6A-0697986E334A}) (Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
mediAvatar DAT Converter (HKLM-x32\...\mediAvatar DAT Converter) (Version: 6.8.0.1101 - mediAvatar)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7916 - Memeo Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Expression SuperPreview 4 Trial (HKLM-x32\...\SuperPreview_4.0.1241.0) (Version: 4.0.1241.0 - Microsoft Corporation)
Microsoft Junk E-mail Reporting Add-in (HKLM-x32\...\{B72B06E0-0C54-495F-896F-E3ED2905624B}) (Version: 10.1.207.1 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Moyea Importer for Adobe Premiere version: 3.0.1.504 (HKLM-x32\...\{4AC19FB6-9020-4539-B681-28BF301AC38F}_is1) (Version:  - )
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
mp3Tag Pro 9.5 (HKLM-x32\...\mp3Tag Pro_is1) (Version:  - ManiacTools.com)
Mp3tag v2.83 (HKLM-x32\...\Mp3tag) (Version: 2.83 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR WNA1000M Wireless USB 2.0 Adapter (HKLM-x32\...\{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}) (Version: 1.01.10 - NETGEAR) Hidden
NETGEAR WNA1000M Wireless USB 2.0 Adapter (HKLM-x32\...\InstallShield_{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}) (Version: 1.01.10 - NETGEAR)
Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nitro Pro 8 (HKLM\...\{8995F47C-B7E7-466F-8FCD-3AD3340662C6}) (Version: 8.5.2.10 - Nitro)
Noveltech Vocal Enhancer 1.6.1 (HKLM\...\Noveltech Vocal Enhancer_is1) (Version: 1.6.1 - Plugin Alliance)
Opcion Font Viewer (HKLM-x32\...\{B86688D9-0F85-458B-AFB1-5B3B4C8CE541}) (Version: 1.1.1 - Chiu Software Systems)
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation)
Opera Stable 46.0.2597.57 (HKLM-x32\...\Opera 46.0.2597.57) (Version: 46.0.2597.57 - Opera Software)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.5.0812 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.5.0812 - PACE Anti-Piracy, Inc.)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.4.1 - pdfforge GmbH)
PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 2.0.35.34126 - RedSoftware)
PDFescape Desktop Create Module (HKLM\...\{1494D0BD-6284-43C2-87A1-5B2F7A5CA5C1}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Edit Module (HKLM\...\{37E3FFCA-6A24-4762-826F-4F43F0A97C2E}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Forms Module (HKLM\...\{6F3B51B6-B27B-4D14-96C5-4B1C1D1149B7}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Insert Module (HKLM\...\{2F895ED2-6998-4C39-8668-7117804D127A}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Secure Module (HKLM\...\{D20659F5-61A5-4385-A267-77CF442C1CB0}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop View Module (HKLM\...\{EC492F74-CD9C-419A-8FFA-C49319F59955}) (Version: 2.0.36.34130 - Red Software) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Photo to Cartoon (HKLM-x32\...\{2302FD51-7033-48DE-A302-039649DE4AE8}) (Version: 7.0 - Caricature Software Inc.)
PS_AIO_07_B110_SW_Min (HKLM-x32\...\{F88E2E04-7EF5-488C-8E38-C94EB808458E}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
QuickTransfer (HKLM-x32\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Rename-It! (HKLM-x32\...\Rename-It!) (Version: 3.32 - Beroux)
Report Manager 2.9b (HKLM-x32\...\Report Manager_is1) (Version: 2.9b - Toni Martir)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SDL Trados 2015 SR2 - Remove suite of products (HKLM-x32\...\TranslationStudio2015) (Version: 4.2.5082 - SDL)
SDL Trados Legacy Compatibility Module (HKLM-x32\...\{7F8F4AF6-0CE2-46E9-BA14-C55F19968926}) (Version: 2.1.128 - SDL)
SDL Trados Studio 2015 SR2 (HKLM-x32\...\{47A9C592-6A0F-4E70-8057-74DA01D28EDA}) (Version: 4.2.5082 - SDL)
SDL WorldServer Components (HKLM-x32\...\{791F1B1C-BF90-4145-95B6-0150FAC6BB6E}) (Version: 4.2.5082 - SDL)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1548 - Memeo Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 2.31 - NCH Software)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 6.0.0.0 - Stellar Information Systems Ltd)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
TurboMailer 2 (HKLM-x32\...\{9E156899-D3A1-4F10-8323-364A095FCFDB}}_is1) (Version:  - Xellsoft.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voxbox version 1.0.1 (HKLM\...\Voxbox_is1) (Version: 1.0.1 - )
Waves Central 1.3.2.4 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}_is1) (Version: 1.3.2 - Waves, Inc.)
Web Photo Album 1.1 (HKLM-x32\...\Web Photo Album_is1) (Version:  - )
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Intel Corporation (igfx) Display  (05/25/2015 10.18.10.4226) (HKLM\...\9BE1E70D477FC0A2AF08E2AA3EED5EDA155145B7) (Version: 05/25/2015 10.18.10.4226 - Intel Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-5 - Bitnami)
Xilisoft HD Video Converter (HKLM-x32\...\Xilisoft HD Video Converter) (Version: 5.1.37.0416 - Xilisoft)
Zoom (HKU\S-1-5-21-3599117210-139940529-1983179741-1000\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3599117210-139940529-1983179741-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Portable\Internet Download Manager 6.15\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2014-05-08] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-06-23] (Florian Heidenreich)
ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ContextMenuHandlers1: [PDFescapeDesktop_ManagerExt] -> {D3C28D54-72B8-4B8D-B204-157EFA9BF3E7} => C:\Program Files\PDFescape Desktop\context-menu.dll [2017-07-13] (Red Software)
ContextMenuHandlers1-x32: [Rename-It!] -> {A64BBF5F-1250-4083-924C-B79661B75AAE} => C:\Program Files (x86)\Rename-It!\SimpleExt.dll [2004-10-06] ()
ContextMenuHandlers1-x32-x32: [TranslationStudioShlExt2011] -> {F6C08E19-DCE1-45B5-A225-E94FADB585DD} => C:\Program Files (x86)\SDL\SDL Trados Studio\Studio4\TranslationStudioExt.dll [2016-03-02] (TODO: <Company name>)
ContextMenuHandlers1-x32-x32-x32: [WebAlbum3D] -> {5C3CA950-420D-439E-A8C1-37F2196C48B2} => C:\Program Files (x86)\Web Photo Album\webalbumcontext.dll [2007-06-04] (VicMan Software)
ContextMenuHandlers1-x32-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-06-23] (Florian Heidenreich)
ContextMenuHandlers2-x32: [WebAlbum3D] -> {5C3CA950-420D-439E-A8C1-37F2196C48B2} => C:\Program Files (x86)\Web Photo Album\webalbumcontext.dll [2007-06-04] (VicMan Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2010-06-20] (Bulk Rename Utility)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2017-06-23] (Florian Heidenreich)
ContextMenuHandlers4-x32: [Rename-It!] -> {A64BBF5F-1250-4083-924C-B79661B75AAE} => C:\Program Files (x86)\Rename-It!\SimpleExt.dll [2004-10-06] ()
ContextMenuHandlers4-x32-x32: [WebAlbum3D] -> {5C3CA950-420D-439E-A8C1-37F2196C48B2} => C:\Program Files (x86)\Web Photo Album\webalbumcontext.dll [2007-06-04] (VicMan Software)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-08-04] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-06-04] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2014-05-08] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers6-x32: [SxContextMenuPro] -> {AE0FB986-4A9D-45B5-B434-112DB79BF518} => C:\Program Files (x86)\mp3Tag Pro 8\tag_menu.dll [2008-12-23] ()
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {105C583D-6278-4FFC-ADB6-61D193D3F19A} - System32\Tasks\{FD32F0ED-2BB3-46DB-B8B1-48B7EF0BE094} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {110030CE-C740-4BE3-9AF5-69485EF8504E} - System32\Tasks\{93368B05-8C1F-458C-B0C4-6EE3844A0EE1} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\airprint_installer.exe -d C:\Users\user\Downloads
Task: {15FF4588-8B3A-4652-B4A7-A5C868BA2A0A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-15] (AVAST Software)
Task: {2E51EF13-4168-40CD-BB8E-5097C53A2900} - System32\Tasks\{9A487F7F-4BAE-4EE2-A305-8F16D3DB692B} => C:\Program Files (x86)\Primera Technology\PTPublisher\PTPublisher.exe
Task: {3264EEA6-19A6-4D8E-AD52-0ABDD8947531} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {3E844A4D-E087-4D69-8475-C84D2218F08B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-15] (Adobe Systems Incorporated)
Task: {4198F86B-CCF6-4B77-B749-FF6CFB466B02} - System32\Tasks\{EB70110D-7621-4AE6-ADA7-20A233D8EE0A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\kBilling\unins000.exe"
Task: {42714F76-A6E9-4BF6-BE2B-63E1C19E6CC8} - System32\Tasks\{DFB9B07F-FE99-44CF-A3E4-584EC36F38AC} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {4EC11064-740F-476D-B3A6-742AFBFF8805} - System32\Tasks\SafeZone scheduled Autoupdate 1493527308 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {5ECFAFD6-964C-41F0-B1CF-E593E8E73FD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {69BC2748-B776-42EF-9CB8-4A2E8799575C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3599117210-139940529-1983179741-1000UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16] (Facebook Inc.)
Task: {6F6CC83E-47B9-4A3C-9528-52B07BDA19FA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3599117210-139940529-1983179741-1000Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16] (Facebook Inc.)
Task: {78FAFEF2-E5B4-488B-95B7-C54D53B2F6F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {81A8C23D-16D2-4D3C-8DB4-AF49C1DF75F6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-20] (AVAST Software)
Task: {8E2ECF92-EB17-498A-BE79-5CA14642331A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-09] (Dropbox, Inc.)
Task: {98E18818-2FE7-401A-A7CC-379608D13F14} - System32\Tasks\{3A4D8D08-2196-4A54-B7A9-B75EA93B3D43} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {9AB938C3-37AD-476A-AEBB-4618AE4D32B9} - System32\Tasks\{4BD45BD6-4372-43A7-A83E-643E8D194755} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {9F4435DE-A4A6-44C0-9FDD-839BAEA64B1B} - System32\Tasks\{025EFD6D-C172-4A4E-92B4-87B5FADDEB9F} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {A428F7C5-1B11-4944-B4DB-00C791335084} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-05-09] (Dropbox, Inc.)
Task: {AD27E602-5846-47E7-9773-2945DBF28025} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29] (Google Inc.)
Task: {B2CB9B5E-61A4-46B1-8AF6-F259C156CF6C} - System32\Tasks\{7AAF8906-23BA-4267-BB92-E65EB5EF77A8} => C:\Program Files (x86)\Primera Technology\PTPublisher\PTPublisher.exe
Task: {BA31057A-304C-4755-ACC0-B780DFAF7B85} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_user => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
Task: {C3120D31-34D5-4918-AE21-C60D261ADECE} - System32\Tasks\{D7F9F977-9B77-4EC7-BFC5-D8564E32B520} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.33.0.104/en/abandoninstall?source=lightinstaller&page=tsBing
Task: {C7D05EAF-91FC-480F-AA6A-448B13F97789} - System32\Tasks\Opera scheduled Autoupdate 1451100758 => C:\Program Files (x86)\Opera\launcher.exe [2017-07-18] (Opera Software)
Task: {C8936B4C-60D8-42B6-9326-09022B708205} - System32\Tasks\{548B6018-E7E4-41AD-BDD8-3A64186E4F2D} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {CC4AEA42-5AB6-4B7F-A055-B713048FE1AF} - System32\Tasks\{F754823A-14D8-44DD-93B1-E6DFB0443492} => C:\Windows\system32\pcalua.exe -a "C:\Users\user\Documents\software\Sony SoundForge v8.0 build 53\soundforge80.exe" -d "C:\Users\user\Documents\software\Sony SoundForge v8.0 build 53"
Task: {CDC2F808-ADB5-4650-BD92-CB24BB1844D2} - System32\Tasks\{F39E99C2-BAD8-4F84-BC48-CD2B90F11A2A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {D1D33AC4-867E-4985-AEBD-0EFBB231A349} - System32\Tasks\{3192821A-23FB-4CD6-B5C1-31231C7F6118} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Downloads\vkaraoke.exe -d C:\Users\user\Downloads
Task: {D2C8D071-FE43-4320-962F-2EE3B6E175A4} - System32\Tasks\AdobeAAMUpdater-1.0-user-PC-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {D35A34F9-1889-4266-B5F3-DCE3F64A4EA8} - System32\Tasks\{E18EB61C-406F-4295-B395-FD961776D36E} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {D3FD566F-170B-458D-A1F1-ED0824903DA5} - System32\Tasks\{1EE7218E-4F1A-4907-AF10-4CB43BD88E26} => C:\Windows\system32\pcalua.exe -a C:\Users\user\Documents\software\DP4100_WinDriver_108\Setup\PostSetup\Win32\WinDriverInstaller32.exe -d C:\Users\user\Documents\software\DP4100_WinDriver_108\Setup\PostSetup\Win32
Task: {D884A3C3-FBF2-4B59-A8EE-E9AD74B1D90A} - System32\Tasks\{1169BD85-CCCD-4DF7-B609-DB133965B0A6} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
Task: {ED18C1A2-1678-452E-9652-8A9E008D034E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
Task: {F8766863-EA11-48A6-91F0-CD9801E40D50} - System32\Tasks\{F362C98C-1806-4933-B966-667E9E7D774C} => C:\Users\user\Desktop\Voice Comments Ver 2.1.0.1\VoiceComments Ver 2.1.0.1.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-31 09:29 - 2012-10-23 11:13 - 000135168 _____ () C:\Program Files (x86)\MMX353G 3G USB Manager\Driver\ChgService.exe
2014-09-12 17:07 - 2014-07-18 21:54 - 010982912 _____ () C:\xampp\mysql\bin\mysqld.exe
2013-01-30 16:32 - 2012-12-04 15:25 - 000176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2013-04-22 14:55 - 2012-09-11 23:14 - 000390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-01-30 16:32 - 2012-08-14 19:01 - 001328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2013-04-30 09:17 - 2013-04-30 09:17 - 000248704 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2013-05-25 11:19 - 2008-06-26 19:09 - 000167936 _____ () C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
2017-06-12 23:18 - 2017-06-12 23:18 - 000052392 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-04-03 19:28 - 2013-04-03 19:28 - 000287448 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WPSService.exe
2017-08-02 20:02 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000162032 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-07-20 02:00 - 2017-07-20 02:00 - 000831664 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000276808 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-06-28 01:32 - 2017-06-23 08:51 - 003807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 01:32 - 2017-06-23 08:51 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-08-04 22:09 - 2017-08-04 22:09 - 005891448 _____ () C:\Program Files\AVAST Software\Avast\defs\17080402\algo.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2014-09-12 17:07 - 2014-07-17 16:48 - 000219648 _____ () C:\xampp\apache\bin\pcre.dll
2014-09-12 17:08 - 2014-07-24 03:54 - 000128512 _____ () C:\xampp\php\libpq.dll
2011-12-13 11:10 - 2011-12-13 11:10 - 000413696 _____ () C:\Program Files (x86)\NETGEAR\WNA1000M\WlanDll.dll
2017-07-20 02:00 - 2017-07-20 02:00 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-04 10:10 - 2017-07-04 10:10 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-20 01:59 - 2017-07-20 01:59 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-09-08 15:29 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-01-25 23:00 - 2012-06-25 10:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2017-06-12 23:18 - 2017-06-12 23:18 - 000048296 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-02-09 21:18 - 2017-02-22 12:06 - 000000000 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3599117210-139940529-1983179741-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk => C:\Windows\pss\Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Remote Control.lnk => C:\Windows\pss\Remote Control.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Andy => C:\Program Files\Andy\HandyAndy.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: BrHelp => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Aimersoft\YouTube Downloader\BrowserPlugInHelper.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CNAP2 Launcher => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Aimersoft\YouTube Downloader\DelayPluginI.exe
MSCONFIG\startupreg: DigidesignMMERefresh => C:\Program Files\Avid\Pro Tools\MMERefresh.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Free Download Manager => "C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
MSCONFIG\startupreg: OCCAgent => C:\Program Files (x86)\OCCAgent\OCCAgent.exe
MSCONFIG\startupreg: PATHPILOT => C:\Program Files (x86)\Aktiv MP3 Recorder\Aktiv MP3 Recorder.lnk
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDP => C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto 
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TiVme Agent => C:\Program Files (x86)\iBall Claro TV\iBall Claro TV\ScheduleAgent.exe srec
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: uTorrent => "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VmbNotifier => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
MSCONFIG\startupreg: WhatPulse => "C:\Program Files (x86)\WhatPulse2\whatpulse.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CED53D76-181C-484F-B8CA-494BD44F3DE5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{1299B49D-98C1-44B9-910D-17B07832C6F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{797BEC01-5C95-4757-AF6D-12D298B063E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{7DF70F8D-DB66-4A61-BE57-128AE64F0A80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{2F53632B-2536-4C2B-89CD-C6930E9CA992}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{B82A5848-20D6-4ECB-A771-4D666A3F59CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{C26B893D-3DCF-4054-AB6A-BBFE4B704998}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{264DD373-AE2D-4CED-B9C2-C6333F47A460}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{90C1F44B-2CC7-42BE-A35F-C9793E4859B5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{4B6F036D-71F6-4000-95BF-274ECDCD2779}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{BCD49DCC-20E9-44EB-B696-6091DF79BD19}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B74661B6-B4CD-449D-991F-C8BA154F18FC}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{0D5E8FB6-A25A-4400-9C57-4A4CF5CA641B}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{47F4B93B-DC07-4CD0-B838-BFC292CD096C}] => (Allow) LPort=5353
FirewallRules: [{F9B44D1A-E69F-4236-9380-87D5A2A6928D}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{EFD3074D-96C9-420F-88E7-DB849AE196FF}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{C0A3E674-2A78-4417-B33E-2E03841A75EC}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{887EB605-6F96-4CC8-B2B8-5DC31F871F9E}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{B27515C4-8769-4AAE-9A2C-282A7B3919E6}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [TCP Query User{39E86D47-1D17-467A-BB8E-62D5D2910E10}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{C7FC367F-A845-4EAD-8269-9A13007E2E75}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{8D3E0551-F490-46A6-A5EF-AB98C9681BEF}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{023A1B46-6284-42F9-85BB-EE7586B774CA}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E370996B-C7F9-4D2F-BE55-C23D09D0FEA4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F3D126D-77D2-447B-96FD-5BEC3574E2DA}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{84161983-E912-4734-9439-DEE045847760}] => (Allow) C:\Users\user\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{FF318F77-CA37-4BB1-9CBE-D10049F58663}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{EA9AC15D-5206-44B7-B627-DCF914E4B1A0}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{3CDF5802-8728-4EB9-B4E5-128D9D243944}] => (Block) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{982AB8FE-4058-43C8-A8AF-04EA408A735B}] => (Block) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{F0AA214F-B38C-434E-A099-0F364CA1081B}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{97F0EF08-B570-4750-9786-CFFC903F43E8}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{CDD0534B-2086-461B-8283-46F305A1AA78}C:\program files (x86)\aimersoft\youtube downloader\urlreqservice.exe] => (Allow) C:\program files (x86)\aimersoft\youtube downloader\urlreqservice.exe
FirewallRules: [UDP Query User{929D35CE-07FA-4F56-9C23-BCC877973012}C:\program files (x86)\aimersoft\youtube downloader\urlreqservice.exe] => (Allow) C:\program files (x86)\aimersoft\youtube downloader\urlreqservice.exe
FirewallRules: [{FACE4521-D643-420E-8A33-32E8F86273E0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{3137A315-D97E-4B86-BBF8-4F9A6810BF7D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{1DD16A3E-D151-46D9-B8A1-28341E92F0BB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{39275637-5DE8-49DE-B8AF-C4351AC851BC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{8B5A40E8-97B4-4EBB-B163-1CED77951058}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{0AEC1FE6-8473-4015-833E-CF89F20E8129}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [TCP Query User{AB547EC7-8B47-4D6F-A752-7E2C6A597BF7}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe
FirewallRules: [UDP Query User{21BDB955-DE1B-4C54-A218-1E58FF8A9A52}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe
FirewallRules: [{41426EE5-A14E-4B26-A795-E264780669F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8024CE2D-147F-4B84-AC3D-86CBE251E032}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{09709BFB-A3B5-483E-8908-0A687ED715A3}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [UDP Query User{5E688DFF-A262-4554-BA24-A1D1DE4573C8}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [{F5647487-D6AE-4A88-9386-6A0F557C5013}] => (Allow) C:\Program Files (x86)\Droid4X\Droid4X.exe
FirewallRules: [{682FAEA6-E84C-4C43-B95D-235E85AAED6E}] => (Allow) C:\Program Files\Oracle\VirtualBox\vboxheadless.exe
FirewallRules: [{BF9F3838-739D-47BF-BBBC-EA21059F497F}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{633F6CE0-075C-46AC-B74A-13E23689C228}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [TCP Query User{316B23B8-30A7-4203-A685-2226100102B3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9B1BF3DA-5D3F-4C01-B593-AF2BCA14C9F0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7C81A35A-CB51-4400-AEF6-A7FC6C08E4B0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{181C2D77-E590-4E7E-9C72-1CF9FB6559E3}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{FD04AC89-094E-4F63-8972-A4A222F76C5A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{97CF3095-07C3-40A5-ADF8-61B69A5F2160}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{BF56F7E2-652C-48B9-805F-173B48CCBB73}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [TCP Query User{ABA9F6BA-8527-4384-AF2A-A2CD1BCF43C0}C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe
FirewallRules: [UDP Query User{C70B38A3-D463-412B-A7DF-DA8997F5D7F9}C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe
FirewallRules: [{36662E86-30B8-4949-BBD6-A47EF35E5503}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0938B98-73C0-4229-A926-46C26112D79A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B14B8023-E11C-41FE-B652-F22167A0B4AB}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{60CFAEE1-900D-401A-9CAE-74C483A040AC}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{DE7B4EB3-FDE5-4B61-8705-EB7641B5D721}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FAE5AB1F-240A-4870-A1F5-C9D228384939}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5ECB844B-8084-4A96-97E7-A64ABC82A284}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0212A282-06AE-4488-B950-5C7B2E2B1060}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{381EA27B-CBCC-4DCF-8137-215804AEFDA2}] => (Allow) C:\Program Files (x86)\X-Mirage\x-mirage.exe
FirewallRules: [{C2C4C5AA-E1F4-475B-AB8D-0019F9CA3141}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
FirewallRules: [{572AB3C1-6BFF-4F1C-B51D-D8EBC77CC9D6}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
FirewallRules: [{5F9F91BF-FA47-4971-8939-A9CA77D1F169}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
FirewallRules: [{A4670802-8756-4187-AF3E-4B9562565ACB}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
FirewallRules: [{86ECBE5D-3151-415A-BBFC-01DFAB70C90E}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
FirewallRules: [{55DF995A-ED92-4BD7-BB37-777530C8C575}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
FirewallRules: [{7D216E68-2D55-4A6F-9879-9F2C3A977BEE}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
FirewallRules: [{F055A3F9-F660-4FC0-864D-C91E92BD90C9}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
FirewallRules: [{722725A4-125F-4FF0-9E77-9207BCB7081F}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
FirewallRules: [{9E3EB905-0CAB-4716-A353-0131329F88E3}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
FirewallRules: [{5BEC2607-C315-4B4A-A5EA-22B2B8945744}] => (Allow) C:\Program Files\AMI\DuOS\CamProvider.exe
FirewallRules: [{9885A463-8C80-4C34-9681-62B939C934D0}] => (Allow) C:\Program Files\AMI\DuOS\CamProvider.exe
FirewallRules: [{F579AA21-B342-40E4-83D5-3FB267F236C3}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
FirewallRules: [{0D2B7C7D-C37E-4D5C-83E7-FD95F38EB5B3}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
FirewallRules: [{8F8CCF8C-2BB5-4603-A3B2-2C22E5C32900}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
FirewallRules: [{49C274BC-A654-4380-AB38-EFAE35902532}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
FirewallRules: [{442E8BC8-0368-48B9-970A-886F069736FD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CFA44FBE-55E3-4B4D-BE61-22683AA662DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AA036C15-69CB-421A-927F-812D9B2E1A68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7D980DA6-5FD2-45B3-8E9E-B346339F970E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9191462F-D6AF-4A1E-BAB8-F4DA3FB2E808}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C82D0BF8-6142-4ACC-BC86-25DC33B162E2}] => (Allow) C:\Program Files (x86)\AirPrint\airprint.exe
FirewallRules: [TCP Query User{A2887B37-AAE3-4525-A13F-17695DBABF77}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{AF52BF24-E5C2-4224-A71B-2B1285DAE1C7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{5F9876F2-8B0B-449B-9FD6-3066CD9559B2}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{8970C5F7-E7C3-4724-99CE-97446B02F09C}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{B47DA446-FA4E-4A66-9EC5-7DDF018F0316}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4E900C73-895D-4BB1-9454-AFBADB85A470}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F24A1E51-45FB-432C-9BD8-E7E6CAA1468A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F6B3D542-0B3A-49A7-9749-29A18DCEADDD}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{C4CB19A6-096B-4E78-BF53-075B91F86BB9}] => (Allow) C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{3C8A5212-CDEE-4A5F-B6FD-2F9484CE4C73}] => (Allow) C:\Program Files (x86)\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{EB1793CB-481B-46D4-98A2-E44B103EF084}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4A6DAE3F-7378-4F7D-BE91-7FE6C9F1AE48}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{7D9796F0-3E95-4D88-A1C6-45F040EF6198}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.46\opera.exe
FirewallRules: [{06E9D18C-3943-45BF-82AE-24FD1C8F1524}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
FirewallRules: [{A955704E-F179-4475-AA1F-D032F57F5F20}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.57\opera.exe
FirewallRules: [{76ADB3DD-1BD6-4873-BC6E-ECE55D7CB6CF}] => (Allow) C:\Program Files\Avid\Pro Tools\AvidVideoEngine.exe
FirewallRules: [{8BB003BF-256B-4BAD-ABEE-044EAF1962A2}] => (Allow) C:\Program Files\Avid\Pro Tools\ProTools.exe
FirewallRules: [{C680D199-3119-4458-B098-BAF9F6A5085E}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{3030B1AD-C307-4279-99E9-EAE5D8BE5FEB}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{1ABAC347-D0D0-435F-AB55-8F81FF8F7BDA}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{8A60BFE6-3512-49EB-B2AB-BFAED0AA62F3}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{EE259837-ADAC-44D6-98EE-C84466379FF2}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{40B8821E-0E3F-4C69-91BE-649EE7C7F069}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
04-08-2017 02:07:04 Installed PDFescape Desktop Insert Module
04-08-2017 02:07:29 Installed PDFescape Desktop Secure Module
04-08-2017 02:08:37 Installed PDFescape Desktop Forms Module
04-08-2017 02:09:45 Installed PDFescape Desktop Edit Module
04-08-2017 02:11:10 Installed PDFescape Desktop Review Module
04-08-2017 21:43:22 Removed Java 8 Update 101
04-08-2017 21:47:58 Removed Java 8 Update 71
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/05/2017 06:55:05 AM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
Error: (08/05/2017 03:55:06 AM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
Error: (08/04/2017 10:02:18 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: user-PC)
Description: Application or service 'Windows Explorer' could not be shut down.
 
Error: (08/04/2017 10:01:28 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: user-PC)
Description: Application or service 'ZoneAlarm' could not be shut down.
 
Error: (08/04/2017 09:55:06 PM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
Error: (08/04/2017 09:47:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary IMFCameraProtect.
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/04/2017 09:44:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary IMFCameraProtect.
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/04/2017 06:55:07 PM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
Error: (08/04/2017 03:55:08 PM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
Error: (08/04/2017 12:55:11 PM) (Source: Google Update) (EventID: 20) (User: user-PC)
Description: Event-ID 20
 
 
System errors:
=============
Error: (08/05/2017 12:15:40 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Apache Tomcat Tomcat7 service terminated with service-specific error Incorrect function.
.
 
Error: (08/05/2017 12:15:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iBall Claro TV IR Transceiver service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (08/05/2017 12:15:28 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (08/05/2017 12:08:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (08/05/2017 12:08:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (08/05/2017 12:08:59 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (08/05/2017 12:07:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (08/05/2017 12:07:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (08/05/2017 12:07:37 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (08/05/2017 12:07:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
 
CodeIntegrity:
===================================
  Date: 2017-03-06 01:38:55.723
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplusrec.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:38:55.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplusrec.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:38:55.477
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:38:55.465
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:35:17.995
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplusrec.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:35:17.985
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplusrec.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:35:17.298
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:35:17.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:15:12.278
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplusrec.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-06 01:15:12.271
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hfsplusrec.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 65%
Total physical RAM: 7882.99 MB
Available physical RAM: 2714.23 MB
Total Virtual: 15764.17 MB
Available Virtual: 10878.84 MB
 
==================== Drives ================================
 
Drive c: (Win7) (Fixed) (Total:488.18 GB) (Free:85.73 GB) NTFS
Drive d: (Data) (Fixed) (Total:443.23 GB) (Free:38.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 425BDDB2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
I think all is well again now. I have not encountered any strange behavior since I applied your fix and used a 
properly signed Quickheal Bot removal software.
 
Thanks and best wishes 

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,598 posts
  • MVP
Time to clean up:
 
To delete the Quarantine Folder used by FRST create a fixlist.txt file with just the following line:
 
DeleteQuarantine:
 
Save the fixlist.txt to the same folder as FRST then run FRST and hit Fix.  You can easily delete any other folders and logs.
 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox then get the Ublock Origin  Add-on from https://www.ublock.org/.  For IE go to adblockplus.org  and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
To prevent a relatively new phishing attack:  In Firefox, type:
 
about:config
 
in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in 
 
puny
 
You should only get one option:
network.IDN_show_punycode
We want it to say True but by default it is False so double click on it to toggle from False to True.
Close and restart firefox.
 
To test it you can go to:
 
 
If the value is false you will see https://www.apple.cominstead of the correct value
 
 
If you are a Facebook user get the FB Purity extension for your browser:
This will stop all of the suggested pages and ads so that Facebook loads much quicker.
 
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combefore you open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
Since you have Avast it is a good idea to run their Boot-time Scan once in a while.  This takes a while so I let it run while I sleep.
 
Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.
 
  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
If it finds anything that it can't remove  then Copy and paste the text from the log to a Reply when done.  I don't normally close threads so amy time in the future is OK.
 

  • 0






Similar Topics


Also tagged with one or more of these keywords: Go.Redirectro.com, in.search.yahoo.com, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP