Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winows 7 computer can access internet with microsoft or google softwar


  • This topic is locked This topic is locked

#1
JonF

JonF

    Member

  • Member
  • PipPip
  • 24 posts
Last week my computer was infected with a large collection of adware, spyware, etc. which I removed using the programs below as well as manual deletion of folders and Revo Uninstaller.  I had not run and exe files, I came home from work and found the infections.  My thought was that they came in through utorrent which was running at the time.  The computer worked fine until yesterday (7/17/2018). 

Currently:

Cannot access internet using Microsoft products (Outlook 2016, OneDrive, OneNote)
Opening Internet explorer give the following page
The proxy server isn’t responding
•Check your proxy settings 127.0.0.1:8080.
Go to Tools > Internet Options > Connections. If you are on a LAN, click “LAN settings”.
•Make sure your firewall settings aren’t blocking your web access.
•Ask your system administrator for help.
Google-based programs cannot access the internet (Chrome, backup & sync, Earth)
Firefox and Thunderbird are working fine
Endpoint protection or windows defender are both off and cannot be turned on (I usual have Endpoint running)  I get do not have permission errors

I have run Adwcleaner 7.2.2, MinitoolBox, TDSSkiller, Malwarebytes free, and SuperAntiSpyware and they report everything is clean
HitmanPro will not run because it can’t access the net

I replaced utorrent with qbittorrent and noticed yesterday that the program was running when it was set to autoclose.  I had go into Task manager to close the program.

Running Farbar 64bit gave a failed to update error

I would like to get my computer running normally.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by JonF (administrator) on PHARM-JHFREE01H (18-07-2018 10:11:11)
Running from C:\Users\JonF\Desktop
Loaded Profiles: jhfree01 & JonF (Available Profiles: jsmile02 & jhfree01 & JonF)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TOSHIBA CORPORATION) C:\Windows\System32\aukxrgzsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Drobo, Inc.) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
() C:\Program Files\Gramblr\gramblr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(OCS Inventory NG) C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\8899f895-b22c-4d3a-830f-35f8c5e9f77a.com
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1437064 2011-10-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637720 2014-09-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-01] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074600 2016-04-04] (The Eraser Project)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585240 2016-09-13] ()
HKLM\...\Run: [KeyLemon LemonScreen] => C:\Program Files\KeyLemon\KLLockEngine.exe [2274768 2015-09-21] (KeyLemon)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425352 2016-06-03] (Acronis International GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4654664 2016-09-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2015-02-13] (TrueCrypt Foundation)
HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\Run: [cdloader] => C:\Users\JonF\AppData\Roaming\mjusbsp\cdloader2.exe [58816 2018-04-05] (magicJack L.P.)
HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\MountPoints2: {4f997f95-8d8e-11e5-9574-989096b20783} - I:\StartCD.exe
HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\MountPoints2: {b956b4de-07ad-11e8-a3e5-989096b20783} - E:\autorun.exe
HKU\S-1-5-21-698515142-1667414562-1240765699-1011\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2011-03-23] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [cdloader] => "C:\Windows\system32\config\systemprofile\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\Users\JonF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Email hotkey.lnk [2015-07-17]
ShortcutTarget: Email hotkey.lnk -> C:\Program Files\AutoHotkey\Scripts\Email.ahk ()
Startup: C:\Users\JonF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2015-02-13]
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\JonF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-07-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\JonF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShellFolderFix.lnk [2015-02-13]
ShortcutTarget: ShellFolderFix.lnk -> C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-698515142-1667414562-1240765699-1011\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61 209.18.47.63
Tcpip\..\Interfaces\{5BDF3DE0-0D3E-459C-BDF8-CD31BA6FD649}: [DhcpNameServer] 209.18.47.62 209.18.47.61 209.18.47.63
Tcpip\..\Interfaces\{FBE8C31D-4535-4CD1-BA36-607091F78FF9}: [NameServer] 136.165.253.73,136.165.253.89

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://junction.niehs.nih.gov/
HKU\S-1-5-21-698515142-1667414562-1240765699-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://junction.niehs.nih.gov/
HKU\S-1-5-21-698515142-1667414562-1240765699-1008\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-698515142-1667414562-1240765699-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://junction.niehs.nih.gov/
HKU\S-1-5-21-698515142-1667414562-1240765699-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-698515142-1667414562-1240765699-1011\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-698515142-1667414562-1240765699-1008 -> DefaultScope {D1BCCF35-C886-4EB9-9E95-5EBCDB61ED15} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-698515142-1667414562-1240765699-1008 -> {D1BCCF35-C886-4EB9-9E95-5EBCDB61ED15} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-14] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-14] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-698515142-1667414562-1240765699-1008 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-698515142-1667414562-1240765699-1011 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
DPF: HKLM {47C6ECF4-2DDE-4001-836B-5BF6ED9BC2DC}
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {9464D0CA-5BD8-4175-AB33-A61A4A67AA97} hxxp://192.168.0.7:8080/camclictrl.cab
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: WSISVCUchrome - No CLSID Value

FireFox:
========
FF DefaultProfile: 2c44ccoy.JonF
FF ProfilePath: C:\Users\JonF\AppData\Roaming\Mozilla\SeaMonkey\Profiles\welgw3fu.default [2018-07-18]
FF Extension: (DOM Inspector) - C:\Users\JonF\AppData\Roaming\Mozilla\SeaMonkey\Profiles\welgw3fu.default\Extensions\[email protected] [2014-02-08] [Legacy] [not signed]
FF Extension: (ChatZilla) - C:\Users\JonF\AppData\Roaming\Mozilla\SeaMonkey\Profiles\welgw3fu.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2014-02-08] [Legacy] [not signed]
FF Extension: (JavaScript Debugger) - C:\Users\JonF\AppData\Roaming\Mozilla\SeaMonkey\Profiles\welgw3fu.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2014-02-08] [Legacy] [not signed]
FF Extension: (No Name) - C:\Users\jon\AppData\Roaming\Mozilla\SeaMonkey\Profiles\welgw3fu.default\extensions\[email protected] [not found]
FF Extension: (No Name) - C:\Users\jon\AppData\Roaming\Mozilla\SeaMonkey\Profiles\welgw3fu.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [not found]
FF Extension: (No Name) - C:\Users\jon\AppData\Roaming\Mozilla\SeaMonkey\Profiles\welgw3fu.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [not found]
FF ProfilePath: C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975 [2018-07-18]
FF NetworkProxy: Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975 -> backup.ftp", "219.243.221.77"
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\Extensions\[email protected] [2015-04-28] [Legacy] [not signed]
FF Extension: (FoxVox) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\Extensions\[email protected] [2015-04-30] [Legacy] [not signed]
FF Extension: (NetVideoHunter) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\Extensions\[email protected] [2015-04-30] [Legacy] [not signed]
FF Extension: (Personas Plus) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\Extensions\[email protected] [2013-10-26] [Legacy] [not signed]
FF Extension: (Garmin Communicator) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-04-30] [Legacy] [not signed]
FF Extension: (EPUBReader) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-04-30] [Legacy] [not signed]
FF Extension: (Download Status Bar) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-11-06] [Legacy] [not signed]
FF Extension: (NoScript) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-04-20] [Legacy] [not signed]
FF Extension: (DownThemAll!) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-01-20] [Legacy] [not signed]
FF Extension: (ProfileSwitcher) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2015-05-09] [Legacy] [not signed]
FF Extension: (No Name) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [not found]
FF Extension: (No Name) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\extensions\[email protected] [not found]
FF SearchPlugin: C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\searchplugins\dictionary.xml [2011-10-06]
FF SearchPlugin: C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\searchplugins\dictionarycom.xml [2015-02-22]
FF SearchPlugin: C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\searchplugins\kickassto.xml [2014-07-19]
FF SearchPlugin: C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\lcm83uj8.default-1430420136975\searchplugins\pubmed.xml [2012-08-30]
FF ProfilePath: C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF [2018-07-18]
FF Homepage: Mozilla\Firefox\Profiles\2c44ccoy.JonF -> hxxps://www.google.com/
FF Extension: (Default Bookmark Folder) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\Extensions\[email protected] [2018-07-10]
FF Extension: (Mining Blocker) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\Extensions\[email protected] [2018-07-15]
FF Extension: (NordVPN Proxy Extension - Privacy & Security) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\Extensions\[email protected] [2018-03-17]
FF Extension: (Download Status Bar) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-09-27] [Legacy]
FF Extension: (NoScript) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-07-17]
FF Extension: (WX Download Status Bar) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\Extensions\{a1c84bb7-d5fc-4906-90b4-965e520b29bf}.xpi [2018-06-20]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2018-05-08]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-05-09] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-07-11]
FF Extension: (Adblock Plus) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-17]
FF Extension: (ProfileSwitcher) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2016-06-26] [Legacy]
FF Extension: (Instagram) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\Extensions\{fb3b1352-9244-4fb1-b1a2-1331a89b0d9f}.xpi [2017-08-22]
FF Extension: (No Name) - C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [not found]
FF SearchPlugin: C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\searchplugins\bing-.xml [2016-04-29]
FF SearchPlugin: C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\searchplugins\dictionarycom.xml [2015-05-04]
FF SearchPlugin: C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\searchplugins\katcr.xml [2015-05-03]
FF SearchPlugin: C:\Users\JonF\AppData\Roaming\Mozilla\Firefox\Profiles\2c44ccoy.JonF\searchplugins\pubmed.xml [2015-05-03]
FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2018-07-11] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2018-06-21] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-24] ()
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-08-24] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @networksurveillance.com/camclictrl -> C:\Program Files (x86)\NetworkSurveillanceNP\npCamCliCtrl.dll [2012-04-10] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @TRENDnet.com/CameraPlugin -> C:\Program Files (x86)\TRENDnet\Plugin\npcamstreamctrl.dll [2013-10-11] (TRENDnet)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect ->   [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\JonF\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2018-06-19]

Chrome:
=======
CHR Profile: C:\Users\JonF\AppData\Local\Google\Chrome\User Data\Default [2018-07-18]
CHR Extension: (Slides) - C:\Users\JonF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-14]
CHR Extension: (Docs) - C:\Users\JonF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-14]
CHR Extension: (Google Drive) - C:\Users\JonF\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-14]
CHR Extension: (YouTube) - C:\Users\JonF\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-14]
CHR Extension: (Adobe Acrobat) - C:\Users\JonF\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-07-14]
CHR Extension: (Sheets) - C:\Users\JonF\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\JonF\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JonF\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-14]
CHR Extension: (Gmail) - C:\Users\JonF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\JonF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-14]
CHR HKU\S-1-5-21-698515142-1667414562-1240765699-1011\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\cvphm <==== ATTENTION (Rootkit!)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-09-16] (SUPERAntiSpyware.com)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1276216 2016-09-13] ()
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6086232 2017-01-15] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1684848 2012-02-20] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [605040 2012-02-20] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-17] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51392 2018-07-12] (Dropbox, Inc.)
R2 DDService; C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [2056992 2015-05-21] (Drobo, Inc.)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [14289488 2018-07-17] () [File not signed]
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50472 2011-12-06] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50472 2011-12-06] (Microsoft Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4692840 2016-08-15] (Acronis International GmbH)
S4 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [7717528 2016-07-18] (Acronis International GmbH)
S4 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1510712 2016-09-13] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12768 2011-09-02] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288256 2011-09-02] (Microsoft Corporation)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [420640 2018-01-04] ()
R2 OCS Inventory Service; C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [35840 2012-01-27] (OCS Inventory NG) [File not signed]
R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [3477832 2018-01-08] (Palo Alto Networks)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [374640 2012-02-20] (Microsoft Corporation)
S2 SonosLibraryService; C:\Program Files (x86)\Sonos\SonosLibraryService.exe [26624 2018-06-02] () [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9729272 2016-08-11] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 CLVirtualBus02; C:\Windows\System32\DRIVERS\CLVirtualBus02.sys [95496 2015-03-18] (CyberLink)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-08-14] (Intel Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [375136 2017-01-15] (Acronis International GmbH)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [14659808 2012-02-01] (Intel Corporation) [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2638808 2014-10-15] (Realtek Semiconductor Corp.)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-06] (Intel(R) Corporation) [File not signed]
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [48672 2017-06-19] (IObit)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-07-18] (Malwarebytes)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189424 2011-10-05] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-10-05] (Microsoft Corporation)
R3 PanGpd; C:\Windows\System32\DRIVERS\pangpd.sys [36352 2018-01-08] (Palo Alto Networks)
S3 prepdrvr; C:\Windows\CCM\prepdrv.sys [26992 2012-02-20] (Microsoft Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1267544 2017-01-15] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [212320 2017-01-15] (Acronis International GmbH)
S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [687968 2017-01-15] (Acronis International GmbH)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [331104 2017-01-15] (Acronis International GmbH)
U5 WmiPrvSE; C:\Windows\wmi\srvany.exe [8192 2016-02-18] () [File not signed]
S3 CLVirtualBus01; system32\DRIVERS\CLVirtualBus01.sys [X]
S3 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S3 csrhfgcc; system32\DRIVERS\csrhfgcc.sys [X]
S3 csrpan; system32\DRIVERS\csrpan.sys [X]
S3 csrserial; system32\DRIVERS\csrserial.sys [X]
S3 csrusb; System32\Drivers\csrusb.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 mcydewvt; \??\C:\Windows\system32\drivers\mcydewvt.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R3 zcgjmp; system32\drivers\fjmptw.sys [X]
S1 ZWQ3YTNjNGQ4YTg2MzE; system32\drivers\ZWQ3YTNjNGQ4YTg2MzE.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-18 10:11 - 2018-07-18 10:11 - 000037215 _____ C:\Users\JonF\Desktop\FRST.txt
2018-07-18 09:54 - 2018-07-18 09:54 - 000024302 _____ C:\TDSSKiller.3.1.0.17_18.07.2018_09.54.13_log.txt
2018-07-18 09:43 - 2018-07-18 09:43 - 000145232 ____N C:\Windows\system32\Drivers\nvmycfil.sys
2018-07-18 09:32 - 2018-07-18 10:11 - 000000000 ____D C:\FRST
2018-07-18 09:31 - 2018-07-18 09:24 - 002412544 _____ (Farbar) C:\Users\JonF\Desktop\FRST64.exe
2018-07-18 08:54 - 2018-07-18 10:02 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-07-18 08:54 - 2018-07-18 08:54 - 000003374 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
2018-07-18 08:54 - 2018-07-18 08:54 - 000003246 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
2018-07-18 08:53 - 2018-07-18 10:00 - 000000000 ____D C:\Users\JonF\AppData\Local\AVAST Software
2018-07-18 08:53 - 2018-07-18 08:53 - 000463080 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6fe9d10a6e5b6788.tmp
2018-07-18 08:53 - 2018-07-18 08:53 - 000381584 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6e675e6e2d4ecd3f.tmp
2018-07-18 08:53 - 2018-07-18 08:53 - 000211160 _____ (AVAST Software) C:\Windows\system32\Drivers\asw335d945eec1f0eaf.tmp
2018-07-18 08:53 - 2018-07-18 08:53 - 000197160 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6af739e4780f8fe6.tmp
2018-07-18 08:53 - 2018-07-18 08:53 - 000159640 _____ (AVAST Software) C:\Windows\system32\Drivers\asw95718c6cbf394eb6.tmp
2018-07-18 08:53 - 2018-07-18 08:53 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswfbda672b97bd15a8.tmp
2018-07-18 08:53 - 2018-07-18 08:53 - 000046976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf5ed0a48902a1eba.tmp
2018-07-18 08:53 - 2018-07-18 08:53 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-07-18 08:53 - 2018-07-18 08:53 - 000000000 ____D C:\Users\JonF\AppData\Roaming\AVAST Software
2018-07-18 08:53 - 2018-07-18 08:53 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-07-18 08:53 - 2018-07-18 08:52 - 001027728 _____ (AVAST Software) C:\Windows\system32\Drivers\asw cc917d3e6624290.tmp
2018-07-18 08:53 - 2018-07-18 08:52 - 000346664 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8dfd0f81cdd92915.tmp
2018-07-18 08:53 - 2018-07-18 08:52 - 000239680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswadd822984dd04764.tmp
2018-07-18 08:53 - 2018-07-18 08:52 - 000229392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa06b66ce3d0c2916.tmp
2018-07-18 08:53 - 2018-07-18 08:52 - 000201328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf366acce3cf3fdde.tmp
2018-07-18 08:53 - 2018-07-18 08:52 - 000111872 _____ (AVAST Software) C:\Windows\system32\Drivers\asw9910198add75bdfd.tmp
2018-07-18 08:53 - 2018-07-18 08:52 - 000059592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw84ca767bb3db70e5.tmp
2018-07-18 08:52 - 2018-07-18 08:52 - 000000000 ____D C:\Program Files\AVAST Software
2018-07-17 18:05 - 2018-07-17 18:05 - 000001422 _____ C:\Users\JonF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-07-15 10:10 - 2018-07-17 18:45 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Acronis
2018-07-14 19:12 - 2018-07-17 16:54 - 000000000 ____D C:\Users\JonF\AppData\Roaming\qBittorrent
2018-07-14 19:12 - 2018-07-14 19:12 - 000000000 ____D C:\Users\JonF\AppData\Local\qBittorrent
2018-07-14 19:12 - 2018-07-14 19:12 - 000000000 ____D C:\Program Files\qBittorrent
2018-07-14 17:53 - 2018-07-18 09:51 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-07-14 17:52 - 2018-07-14 17:53 - 000028154 _____ C:\TDSSKiller.3.1.0.17_14.07.2018_17.52.34_log.txt
2018-07-14 17:34 - 2018-07-14 17:34 - 000028120 _____ C:\TDSSKiller.3.1.0.17_14.07.2018_17.34.04_log.txt
2018-07-14 17:16 - 2018-07-14 09:48 - 000529920 _____ C:\Users\JonF\AppData\Local\Althea.exe
2018-07-14 16:52 - 2018-07-14 16:52 - 000000000 ____D C:\TDSSKiller_Quarantine
2018-07-14 16:50 - 2018-07-14 16:52 - 000185386 _____ C:\TDSSKiller.3.1.0.17_14.07.2018_16.50.43_log.txt
2018-07-14 16:49 - 2018-07-14 16:50 - 000057770 _____ C:\TDSSKiller.3.1.0.17_14.07.2018_16.49.53_log.txt
2018-07-14 16:36 - 2018-07-14 16:52 - 002439794 _____ C:\Windows\ntbtlog.txt
2018-07-14 14:31 - 2018-07-18 10:00 - 000001504 _____ C:\Windows\Tasks\ALADDIN.job
2018-07-14 14:31 - 2018-07-14 14:31 - 000013906 _____ C:\Windows\System32\Tasks\ALADDIN
2018-07-14 14:30 - 2018-07-14 14:30 - 000003746 _____ C:\Windows\System32\Tasks\reels
2018-07-14 14:30 - 2018-07-14 14:30 - 000003732 _____ C:\Windows\System32\Tasks\wimpy-destabilization
2018-07-14 14:30 - 2018-07-14 14:30 - 000003732 _____ C:\Windows\System32\Tasks\lattimore
2018-07-14 14:30 - 2018-07-14 14:30 - 000003728 _____ C:\Windows\System32\Tasks\cental_randell
2018-07-14 14:30 - 2018-07-14 14:30 - 000003726 _____ C:\Windows\System32\Tasks\pipsqueak govan
2018-07-14 14:30 - 2018-07-14 14:30 - 000003726 _____ C:\Windows\System32\Tasks\lates
2018-07-14 14:30 - 2018-07-14 14:30 - 000003720 _____ C:\Windows\System32\Tasks\lacking_cooler
2018-07-14 14:30 - 2018-07-14 14:30 - 000003594 _____ C:\Windows\System32\Tasks\reelsreels
2018-07-14 14:30 - 2018-07-14 14:30 - 000003580 _____ C:\Windows\System32\Tasks\wimpy-destabilizationwimpy-destabilization
2018-07-14 14:30 - 2018-07-14 14:30 - 000003580 _____ C:\Windows\System32\Tasks\lattimorelattimore
2018-07-14 14:30 - 2018-07-14 14:30 - 000003576 _____ C:\Windows\System32\Tasks\cental_randellcental_randell
2018-07-14 14:30 - 2018-07-14 14:30 - 000003574 _____ C:\Windows\System32\Tasks\pipsqueak govanpipsqueak govan
2018-07-14 14:30 - 2018-07-14 14:30 - 000003574 _____ C:\Windows\System32\Tasks\lateslates
2018-07-14 14:30 - 2018-07-14 14:30 - 000003568 _____ C:\Windows\System32\Tasks\lacking_coolerlacking_cooler
2018-07-14 14:30 - 2018-07-14 14:30 - 000003544 _____ C:\Windows\System32\Tasks\skpVersionUpdate
2018-07-14 14:30 - 2018-07-14 14:30 - 000000012 _____ C:\Windows\b34308301
2018-07-14 14:15 - 2018-07-14 14:15 - 000989184 _____ C:\Windows\ivkpbfylfyrjmwnu.ivnpb
2018-07-12 22:01 - 2018-07-12 22:01 - 000051392 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-07-12 22:01 - 2018-07-12 22:01 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-07-12 22:01 - 2018-07-12 22:01 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-07-12 22:01 - 2018-07-12 22:01 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-07-12 18:15 - 2018-07-12 18:15 - 000098210 _____ C:\Windows\uninstaller.dat
2018-07-11 06:53 - 2018-07-11 16:18 - 000000000 ____D C:\Users\JonF\AppData\Local\iacserm
2018-07-10 17:40 - 2018-07-14 17:31 - 000000000 ____D C:\Program Files (x86)\Duplicate File Finder
2018-07-10 17:40 - 2018-07-10 17:40 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Ashisoft
2018-07-10 16:24 - 2018-07-10 16:24 - 000000000 ____D C:\Users\JonF\Documents\Movavi Video Suite
2018-07-10 16:24 - 2018-07-10 16:24 - 000000000 ____D C:\Users\JonF\AppData\Local\VideoEditor
2018-07-10 12:47 - 2018-07-10 12:47 - 000000000 ____D C:\Users\JonF\Documents\den4b
2018-06-30 09:06 - 2018-06-30 09:06 - 000000000 ____D C:\Users\JonF\ClueGOConfiguration
2018-06-30 09:06 - 2018-06-30 09:06 - 000000000 ____D C:\Users\JonF\.cluegoplugin
2018-06-28 18:10 - 2018-06-28 18:10 - 000000000 ____D C:\Users\JonF\AppData\Roaming\12643
2018-06-27 17:22 - 2018-06-30 10:46 - 000000000 ____D C:\Users\JonF\CytoscapeConfiguration
2018-06-27 17:22 - 2018-06-27 17:22 - 000000000 ____D C:\Program Files\Cytoscape_v3.6.1
2018-06-24 14:13 - 2018-06-24 14:13 - 000000000 ____D C:\ProgramData\AheadPDF
2018-06-24 13:56 - 2018-06-24 13:56 - 000034308 _____ C:\Windows\SysWOW64\bassmod.dll
2018-06-24 13:43 - 2018-06-24 13:43 - 000000000 ____D C:\Users\JonF\Documents\Anvsoft
2018-06-24 13:40 - 2018-06-24 14:17 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-06-24 13:40 - 2018-06-24 14:17 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Wondershare
2018-06-24 13:40 - 2018-06-24 13:41 - 000000000 ____D C:\ProgramData\Wondershare
2018-06-24 10:04 - 2018-06-24 10:04 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Sun
2018-06-23 09:18 - 2018-07-01 07:15 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Emby Tray
2018-06-23 09:18 - 2018-06-23 09:18 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Emby-Server
2018-06-23 09:18 - 2018-06-23 09:18 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Emby-InstallLogs
2018-06-23 09:18 - 2018-06-23 09:18 - 000000000 ____D C:\Users\JonF\AppData\Local\Deployment
2018-06-23 09:18 - 2018-06-23 09:18 - 000000000 ____D C:\Users\JonF\AppData\Local\Apps\2.0
2018-06-23 08:58 - 2018-06-23 08:58 - 000000000 ____D C:\Program Files (x86)\Plex
2018-06-22 15:18 - 2018-06-22 15:18 - 000000000 ____D C:\Users\JonF\AppData\Roaming\ATI
2018-06-22 10:55 - 2018-07-14 18:13 - 000000000 ____D C:\Users\JonF\AppData\Local\CrashDumps
2018-06-22 10:21 - 2018-06-19 22:35 - 004949824 _____ (AO Kaspersky Lab) C:\Program Files (x86)\tdsskiller.exe
2018-06-22 10:20 - 2018-06-19 22:40 - 007372496 _____ (Malwarebytes) C:\Program Files (x86)\adwcleaner_7.2.0.exe
2018-06-22 09:09 - 2018-07-18 10:09 - 000000000 ____D C:\Users\JonF\AppData\LocalLow\Mozilla
2018-06-21 10:09 - 2018-07-17 18:59 - 000000000 ____D C:\Users\JonF\AppData\Local\Spotify
2018-06-21 08:52 - 2018-06-21 08:52 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2018-06-21 08:52 - 2018-06-21 08:52 - 000000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2018-06-20 15:03 - 2018-07-14 16:19 - 000000000 ____D C:\Users\JonF\Documents\WeChat Files
2018-06-20 12:46 - 2018-06-22 15:05 - 000000000 ____D C:\Users\JonF\Documents\OriginLab
2018-06-20 12:44 - 2018-06-22 14:40 - 000000000 ____D C:\ProgramData\OriginLab
2018-06-20 12:44 - 2018-06-20 14:27 - 000000000 ____D C:\Program Files\OriginLab
2018-06-20 12:38 - 2018-06-28 18:10 - 000000000 ____D C:\Users\JonF\Documents\DVDFab10
2018-06-20 00:10 - 2018-06-20 00:10 - 000000085 _____ C:\Windows\wininit.ini
2018-06-20 00:10 - 2018-06-20 00:10 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-06-20 00:02 - 2018-06-20 00:11 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-06-19 23:53 - 2018-06-19 23:53 - 000021618 _____ C:\TDSSKiller.3.1.0.17_19.06.2018_23.53.13_log.txt
2018-06-19 23:42 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-19 23:35 - 2018-06-20 12:46 - 000000000 ____D C:\Users\JonF\AppData\Local\OriginLab
2018-06-19 23:35 - 2018-06-19 23:35 - 000000000 ____D C:\Users\JonF\AppData\Local\CrashRpt
2018-06-19 23:27 - 2018-06-19 23:27 - 000022406 _____ C:\TDSSKiller.3.1.0.17_19.06.2018_23.27.09_log.txt
2018-06-19 22:54 - 2018-06-19 22:54 - 000038734 _____ C:\TDSSKiller.3.1.0.17_19.06.2018_22.54.10_log.txt
2018-06-19 22:43 - 2018-06-19 22:44 - 000039174 _____ C:\TDSSKiller.3.1.0.17_19.06.2018_22.43.34_log.txt
2018-06-19 22:37 - 2018-06-19 22:37 - 000007250 _____ C:\TDSSKiller.3.1.0.17_19.06.2018_22.37.09_log.txt
2018-06-19 22:27 - 2018-06-19 22:27 - 000000000 ____D C:\ProgramData\SecuritySuite
2018-06-19 21:53 - 2018-07-14 17:36 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2018-06-19 21:52 - 2018-07-11 16:14 - 000000000 ____D C:\Users\JonF\AppData\Local\upmhtdb
2018-06-19 21:01 - 2018-06-19 21:01 - 000000000 ____D C:\Users\JonF\AppData\Local\Windows
2018-06-19 20:59 - 2018-06-19 20:59 - 000000000 ____D C:\Users\JonF\AppData\Local\sihtumg
2018-06-19 20:57 - 2018-07-18 09:43 - 002890240 _____ (TOSHIBA CORPORATION) C:\Windows\system32\aukxrgzsvc.exe
2018-06-19 20:51 - 2018-06-19 20:51 - 000000000 _____ C:\Windows\SysWOW64\__0203027B__C0000005.dmp
2018-06-19 20:50 - 2018-06-19 22:54 - 000003788 _____ C:\Windows\System32\Tasks\Update_4.0.10
2018-06-19 20:50 - 2018-06-19 20:50 - 000140800 _____ C:\Users\JonF\AppData\Local\installer.dat
2018-06-19 20:50 - 2018-06-19 20:50 - 000003756 _____ C:\Windows\System32\Tasks\catwoman
2018-06-19 20:50 - 2018-06-19 20:50 - 000003732 _____ C:\Windows\System32\Tasks\charioteer
2018-06-19 20:50 - 2018-06-19 20:50 - 000003732 _____ C:\Windows\System32\Tasks\canonized-wretchedly
2018-06-19 20:50 - 2018-06-19 20:50 - 000003730 _____ C:\Windows\System32\Tasks\marque reg
2018-06-19 20:50 - 2018-06-19 20:50 - 000003724 _____ C:\Windows\System32\Tasks\hasten_jedi
2018-06-19 20:50 - 2018-06-19 20:50 - 000003604 _____ C:\Windows\System32\Tasks\catwomancatwoman
2018-06-19 20:50 - 2018-06-19 20:50 - 000003582 _____ C:\Windows\System32\Tasks\charioteercharioteer
2018-06-19 20:50 - 2018-06-19 20:50 - 000003580 _____ C:\Windows\System32\Tasks\canonized-wretchedlycanonized-wretchedly
2018-06-19 20:50 - 2018-06-19 20:50 - 000003576 _____ C:\Windows\System32\Tasks\marque regmarque reg
2018-06-19 20:50 - 2018-06-19 20:50 - 000003572 _____ C:\Windows\System32\Tasks\hasten_jedihasten_jedi
2018-06-19 20:50 - 2018-06-19 20:50 - 000000012 _____ C:\Windows\b62121210
2018-06-19 20:49 - 2018-06-19 20:49 - 000000000 ____D C:\Windows\SysWOW64\iaozupb
2018-06-19 20:49 - 2018-06-19 20:49 - 000000000 ____D C:\Windows\system32\iaozupb
2018-06-19 20:48 - 2018-07-14 16:04 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-06-19 20:26 - 2018-06-19 20:26 - 000218624 _____ C:\Users\JonF\AppData\Local\Logout.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-18 10:11 - 2017-08-22 11:52 - 000000000 ____D C:\ProgramData\Gramblr
2018-07-18 10:10 - 2009-07-13 22:34 - 035389440 _____ C:\Windows\system32\config\HARDWARE
2018-07-18 10:00 - 2016-03-19 15:27 - 000000000 ____D C:\ProgramData\AVAST Software
2018-07-18 09:56 - 2015-02-13 21:20 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-07-18 09:51 - 2009-07-14 00:45 - 000019280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-18 09:51 - 2009-07-14 00:45 - 000019280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-07-18 09:48 - 2009-07-14 01:13 - 000933466 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-18 09:48 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-07-18 09:46 - 2013-04-23 10:28 - 000000568 _____ C:\Windows\SMSCFG.ini
2018-07-18 09:44 - 2016-03-16 18:03 - 000000000 ____D C:\Users\JonF\AppData\Local\KeyLemon
2018-07-18 09:44 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-18 09:43 - 2015-02-13 16:00 - 000000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2018-07-17 18:58 - 2018-03-02 09:42 - 000000000 ____D C:\ProgramData\Sonos,_Inc
2018-07-17 18:57 - 2018-02-01 11:12 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Spotify
2018-07-17 18:49 - 2014-10-06 09:17 - 000000000 ____D C:\AdwCleaner
2018-07-17 18:48 - 2017-09-15 10:31 - 000000000 _RSHD C:\acroldr
2018-07-17 18:30 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2018-07-17 17:29 - 2014-09-04 20:39 - 000000000 ___RD C:\Users\JonF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Network
2018-07-17 17:28 - 2013-04-22 16:44 - 000000000 ____D C:\Windows\Panther
2018-07-17 17:27 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-07-17 17:25 - 2014-09-04 20:33 - 000000000 ____D C:\Users\JonF\AppData\Local\VirtualStore
2018-07-17 17:19 - 2015-04-13 19:23 - 000000000 __SHD C:\Users\JonF\AppData\LocalLow\EmieUserList
2018-07-17 17:19 - 2015-04-13 19:23 - 000000000 __SHD C:\Users\JonF\AppData\LocalLow\EmieSiteList
2018-07-17 16:32 - 2017-08-22 11:52 - 000000000 ____D C:\Program Files\Gramblr
2018-07-17 16:20 - 2014-09-05 09:12 - 000000000 ____D C:\Users\JonF\AppData\Roaming\vlc
2018-07-15 17:18 - 2015-02-13 15:51 - 000000000 ____D C:\Users\JonF
2018-07-15 17:17 - 2015-12-17 22:27 - 000000000 ____D C:\Users\JonF\AppData\Local\Dropbox
2018-07-14 19:16 - 2016-10-29 23:18 - 000000000 ____D C:\Program Files (x86)\WinHue 3
2018-07-14 17:20 - 2015-02-13 17:36 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-14 17:20 - 2015-02-13 17:36 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-14 17:20 - 2014-09-04 20:27 - 000000000 ____D C:\Users\JonF\AppData\Local\Google
2018-07-14 17:08 - 2016-04-10 11:15 - 000000000 ____D C:\Program Files\Recuva
2018-07-14 16:22 - 2015-01-26 09:45 - 000001413 _____ C:\Users\jhfree01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-07-14 14:18 - 2013-04-23 09:20 - 000003544 __RSH C:\ProgramData\ntuser.pol
2018-07-13 16:41 - 2015-12-17 22:27 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-07-13 00:35 - 2013-04-23 10:26 - 000000000 ____D C:\Windows\ccmsetup
2018-07-11 16:23 - 2015-02-13 15:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-11 08:39 - 2017-06-21 07:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-11 08:30 - 2016-11-29 14:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-07-10 17:22 - 2014-09-04 20:39 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities
2018-07-10 16:31 - 2014-09-04 20:39 - 000000000 ___RD C:\Users\JonF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Office Programs
2018-07-10 16:28 - 2017-01-15 14:25 - 000000000 ____D C:\ProgramData\Movavi Video Suite 15
2018-07-10 16:28 - 2014-09-04 20:39 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Artwork-Printers-Scanners
2018-07-10 16:20 - 2015-02-13 22:45 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artwork-Printers-Scanners
2018-07-10 16:18 - 2015-02-13 18:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network
2018-07-10 13:02 - 2018-02-25 18:49 - 000000000 ____D C:\Users\JonF\AppData\Local\ACD Systems
2018-07-10 11:54 - 2018-03-02 09:42 - 000000000 ____D C:\Program Files (x86)\Sonos
2018-07-10 11:53 - 2016-12-13 22:37 - 000000000 ____D C:\Users\JonF\AppData\Local\Downloaded Installations
2018-07-10 08:23 - 2016-01-09 11:49 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-07-10 08:19 - 2017-09-15 10:02 - 000003184 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-698515142-1667414562-1240765699-1011
2018-07-10 08:12 - 2009-07-14 00:45 - 005096576 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-30 09:02 - 2017-01-07 21:00 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Science Stuff
2018-06-29 10:04 - 2017-09-26 17:14 - 000000000 ____D C:\Windows\Minidump
2018-06-29 08:32 - 2018-02-24 11:12 - 000000000 ____D C:\Users\JonF\AppData\Roaming\DVDFab10
2018-06-24 14:06 - 2014-09-02 10:58 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Adobe
2018-06-24 13:40 - 2017-10-14 09:56 - 000000000 ____D C:\Users\JonF\AppData\Local\Wondershare
2018-06-24 13:40 - 2014-09-05 00:11 - 000130712 _____ C:\Users\JonF\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-23 09:10 - 2015-01-30 09:46 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-23 09:01 - 2015-04-15 20:22 - 000000000 ____D C:\Users\JonF\AppData\Local\Plex Media Server
2018-06-22 15:09 - 2016-07-24 11:01 - 000000132 _____ C:\Users\JonF\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2018-06-22 09:29 - 2013-04-23 11:25 - 000000000 ____D C:\ProgramData\Adobe
2018-06-22 09:09 - 2014-09-02 10:58 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Mozilla
2018-06-22 08:52 - 2018-02-16 10:18 - 000000000 ____D C:\Users\JonF\OpenVPN
2018-06-22 08:51 - 2017-11-07 12:14 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Microsoft Robocopy GUI
2018-06-22 08:51 - 2017-10-07 08:26 - 000000000 ____D C:\Users\JonF\AppData\Local\Apple Inc
2018-06-22 08:51 - 2016-03-18 22:21 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Serviio-Console-Wrapper
2018-06-22 08:51 - 2014-09-08 17:14 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Skype
2018-06-22 08:51 - 2014-09-04 20:27 - 000000000 ____D C:\Users\JonF\AppData\Local\Apple Computer
2018-06-22 08:51 - 2014-09-03 17:23 - 000000000 ____D C:\Users\JonF\AppData\Roaming\avidemux
2018-06-22 08:51 - 2014-09-02 10:58 - 000000000 ____D C:\Users\JonF\AppData\Roaming\Apple Computer
2018-06-22 08:50 - 2017-09-29 17:47 - 000000000 ____D C:\ProgramData\iSkysoft
2018-06-22 08:50 - 2015-07-19 17:11 - 000000000 ____D C:\Users\JonF\.thumb
2018-06-21 21:14 - 2009-07-14 01:08 - 000032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-06-21 09:41 - 2013-04-23 08:00 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-06-21 08:53 - 2009-07-13 22:34 - 000000478 _____ C:\Windows\win.ini
2018-06-20 12:43 - 2014-09-04 20:50 - 000000000 ____D C:\Users\JonF\AppData\Roaming\AnvSoft
2018-06-20 12:38 - 2017-12-15 20:10 - 000000000 ____D C:\Users\JonF\AppData\Roaming\mjusbsp
2018-06-20 10:41 - 2015-07-26 10:41 - 000003490 _____ C:\Windows\System32\Tasks\HPLJCustParticipation
2018-06-20 00:02 - 2015-02-13 21:22 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-06-19 23:42 - 2015-02-13 21:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-19 23:21 - 2015-01-26 09:45 - 000000000 ____D C:\Users\jhfree01
2018-06-19 22:47 - 2015-04-19 22:28 - 000001662 _____ C:\Windows\system32\.crusader
2018-06-19 21:53 - 2018-01-12 20:38 - 000000000 ____D C:\ProgramData\Windows
2018-06-19 20:57 - 2015-12-17 22:27 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-06-19 20:57 - 2015-12-17 22:27 - 000000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-06-19 20:50 - 2009-07-13 23:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-06-19 20:50 - 2009-07-13 22:34 - 067109845 _____ C:\Windows\system32\Drivers\etc\hosts.hitmanpro
2018-06-19 20:47 - 2018-04-07 10:07 - 000000000 ____D C:\Program Files\ACD Systems
2018-06-19 20:40 - 2014-09-02 10:58 - 000000000 ____D C:\Users\JonF\AppData\Local\Adobe

==================== Files in the root of some directories =======

2016-01-29 21:35 - 2009-07-22 16:08 - 001821192 _____ (Microsoft Corporation) C:\Users\JonF\vcredist_x86.exe
2009-11-11 19:07 - 2009-11-11 19:07 - 000351232 _____ (Microsoft) C:\Program Files\LibraryIconChanger.exe
2018-06-22 10:20 - 2018-06-19 22:40 - 007372496 _____ (Malwarebytes) C:\Program Files (x86)\adwcleaner_7.2.0.exe
2015-04-19 22:25 - 2015-07-14 23:02 - 011032736 _____ (SurfRight B.V.) C:\Program Files (x86)\HitmanPro_x64.exe
2018-06-22 10:21 - 2018-06-19 22:35 - 004949824 _____ (AO Kaspersky Lab) C:\Program Files (x86)\tdsskiller.exe
2015-05-12 19:22 - 2015-05-12 19:22 - 000099678 _____ () C:\Program Files (x86)\tunepro138x138.ico
2016-05-27 15:47 - 2016-05-27 15:47 - 000000016 ____H () C:\Program Files (x86)\Common Files\asv2-astg
2016-05-27 15:48 - 2016-05-27 15:48 - 000000016 ____H () C:\Program Files (x86)\Common Files\cld2-astg
2017-02-16 16:30 - 2017-02-16 15:07 - 000012542 _____ () C:\Program Files (x86)\Common Files\client.wyc
2016-05-27 15:48 - 2016-05-27 15:48 - 000000016 ____H () C:\Program Files (x86)\Common Files\dys1-astg
2016-05-27 15:49 - 2016-05-27 15:49 - 000000020 ____H () C:\Program Files (x86)\Common Files\inq1-astg
2016-05-27 15:49 - 2016-05-27 15:49 - 000000016 ____H () C:\Program Files (x86)\Common Files\ins1-astg
2016-05-27 15:50 - 2016-05-27 15:50 - 000000016 ____H () C:\Program Files (x86)\Common Files\mir1-astg
2016-05-27 15:50 - 2016-05-27 15:50 - 000000016 ____H () C:\Program Files (x86)\Common Files\pcs2-astg
2016-05-27 15:51 - 2016-05-27 15:51 - 000000016 ____H () C:\Program Files (x86)\Common Files\rst1-astg
2016-05-27 15:52 - 2016-05-27 15:52 - 000000016 ____H () C:\Program Files (x86)\Common Files\spl1-astg
2016-05-27 15:52 - 2016-05-27 15:52 - 000000016 ____H () C:\Program Files (x86)\Common Files\sty1-astg
2016-05-27 15:54 - 2016-05-27 15:54 - 000000016 ____H () C:\Program Files (x86)\Common Files\txt1-astg
2016-05-27 15:54 - 2016-05-27 15:54 - 000000016 ____H () C:\Program Files (x86)\Common Files\vs2-astg
2016-05-27 15:55 - 2016-05-27 15:55 - 000000016 ____H () C:\Program Files (x86)\Common Files\ws2-astg
2017-10-14 10:56 - 2017-10-14 10:56 - 000000087 _____ () C:\Users\JonF\AppData\Roaming\1de0de73-de3e-46c6-81b0-f6455f081644
2018-02-24 10:48 - 2018-02-24 10:48 - 000000171 _____ () C:\Users\JonF\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f
2018-02-24 10:48 - 2018-02-24 10:48 - 000000304 _____ () C:\Users\JonF\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf
2015-09-29 16:58 - 2017-12-06 14:46 - 000000132 _____ () C:\Users\JonF\AppData\Roaming\Adobe BMP Format CS6 Prefs
2012-01-21 19:53 - 2012-01-21 19:53 - 000000132 _____ () C:\Users\JonF\AppData\Roaming\Adobe GIF Format CS5 Prefs
2016-09-29 14:53 - 2018-01-22 13:27 - 000000132 _____ () C:\Users\JonF\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-12-20 12:23 - 2014-12-20 12:23 - 000000132 _____ () C:\Users\JonF\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2016-07-24 11:01 - 2018-06-22 15:09 - 000000132 _____ () C:\Users\JonF\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2012-09-09 20:04 - 2012-09-09 20:04 - 000000132 _____ () C:\Users\JonF\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-12-08 15:12 - 2017-12-11 13:15 - 000000132 _____ () C:\Users\JonF\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-02-14 15:49 - 2015-02-14 15:49 - 000000033 _____ () C:\Users\JonF\AppData\Roaming\AdobeWLCMCache.dat
2016-09-07 10:12 - 2016-09-08 19:18 - 000000773 _____ () C:\Users\JonF\AppData\Roaming\burnaware.ini
2015-04-14 12:28 - 2015-04-14 12:28 - 000004387 _____ () C:\Users\JonF\AppData\Roaming\CshWrXPG2mhRfQ1ms5gue
2018-02-24 10:48 - 2018-02-24 10:48 - 000000175 _____ () C:\Users\JonF\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388
2017-09-29 20:05 - 2017-09-29 20:06 - 000000115 _____ () C:\Users\JonF\AppData\Roaming\LogFile.txt
2015-09-24 18:19 - 2015-09-24 18:24 - 000000584 _____ () C:\Users\JonF\AppData\Roaming\onecal.xml
2012-12-16 21:05 - 2014-11-04 13:06 - 000000616 _____ () C:\Users\JonF\AppData\Roaming\Rim.Desktop.Exception.log
2013-06-23 15:04 - 2014-11-08 14:54 - 000004042 _____ () C:\Users\JonF\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-01-30 00:45 - 2014-11-04 13:06 - 000000693 _____ () C:\Users\JonF\AppData\Roaming\Rim.DesktopHelper.Exception.log
2016-03-12 11:22 - 2016-03-12 11:22 - 000001954 _____ () C:\Users\JonF\AppData\Roaming\SAS7_000.DAT
2015-04-19 08:20 - 2015-04-19 08:20 - 000005872 _____ () C:\Users\JonF\AppData\Roaming\TeK3AhQh4UlzVmdSYSKzE18gqJ
2015-01-31 16:59 - 2015-01-31 16:59 - 000187529 _____ () C:\Users\JonF\AppData\Local\7A514A11_stp.CIS
2015-01-31 16:59 - 2015-01-31 16:59 - 000000294 _____ () C:\Users\JonF\AppData\Local\7A514A11_stp.CIS.part
2018-01-22 13:31 - 2018-01-22 13:31 - 000001456 _____ () C:\Users\JonF\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-07-14 17:16 - 2018-07-14 09:48 - 000529920 _____ () C:\Users\JonF\AppData\Local\Althea.exe
2015-02-22 13:16 - 2017-03-26 13:53 - 000006144 _____ () C:\Users\JonF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-06-19 20:50 - 2018-06-19 20:50 - 000140800 _____ () C:\Users\JonF\AppData\Local\installer.dat
2018-06-19 20:26 - 2018-06-19 20:26 - 000218624 _____ () C:\Users\JonF\AppData\Local\Logout.exe
2014-09-25 10:04 - 2017-04-22 10:23 - 000007584 _____ () C:\Users\JonF\AppData\Local\Resmon.ResmonCfg
2015-07-14 22:41 - 2015-07-14 22:41 - 000000000 _____ () C:\Users\JonF\AppData\Local\Temp.dat
2015-02-14 13:39 - 2015-02-14 13:39 - 000002218 _____ () C:\Users\JonF\AppData\Local\WiDiSetupLog.20150214.123930.txt
2015-02-14 13:40 - 2015-02-14 13:41 - 000002218 _____ () C:\Users\JonF\AppData\Local\WiDiSetupLog.20150214.124044.txt
2015-07-14 23:18 - 2015-07-14 23:19 - 000000000 _____ () C:\Users\JonF\AppData\Local\{27F47AD3-BC22-4D16-9C04-E92F563D2AE6}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\nvmycfil.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-07-17 00:33

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by JonF (18-07-2018 10:11:31)
Running from C:\Users\JonF\Desktop
Windows 7 Enterprise Service Pack 1 (X64) (2015-01-23 15:55:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-698515142-1667414562-1240765699-500 - Administrator - Disabled)
Guest (S-1-5-21-698515142-1667414562-1240765699-501 - Limited - Disabled)
jhfree01 (S-1-5-21-698515142-1667414562-1240765699-1008 - Administrator - Enabled) => C:\Users\jhfree01
JonF (S-1-5-21-698515142-1667414562-1240765699-1011 - Administrator - Enabled) => C:\Users\JonF
jsmile02 (S-1-5-21-698515142-1667414562-1240765699-1001 - Administrator - Enabled)
Office User (S-1-5-21-698515142-1667414562-1240765699-1009 - Administrator - Enabled)
Sonos (S-1-5-21-698515142-1667414562-1240765699-1013 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: System Center 2012 Endpoint Protection (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: System Center 2012 Endpoint Protection (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{BC741628-0AFC-405C-8946-DD46D1005A0A}) (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)
ACDSee Pro 10 (64-bit) (HKLM\...\{13E67D9D-8F6F-4709-B380-A04EC12343E7}) (Version: 10.4.0.686 - ACD Systems International Inc.)
Acronis True Image (HKLM-x32\...\{2D18E04C-2EFC-48C6-A17F-F53FC9D8564C}) (Version: 20.0.5554 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{2D18E04C-2EFC-48C6-A17F-F53FC9D8564C}Visible) (Version: 20.0.5554 - Acronis)
[email protected] KillDisk 9.1 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1) (Version: 9.1 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AMD Catalyst Install Manager (HKLM\...\{91646A02-CCE6-D738-573B-1A8AE044DA5C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Any Video Converter Ultimate 5.8.8 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Ashampoo Burning Studio 2015 v.1.15.0 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoHotkey 1.1.22.03 (HKLM\...\AutoHotkey) (Version: 1.1.22.03 - Lexikos)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CamCliCtrl (HKLM-x32\...\{1C38E027-8447-4344-9B8C-A831C628BF63}) (Version: 1.0.6510 - NetworkSurveillanceNP)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
camerastreamcontrol (HKLM-x32\...\{184B481E-C19A-4A61-A544-8D3926070B0F}) (Version: 1.0.8111 - TRENDnet)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Configuration Manager Client (HKLM\...\{781F8685-FF55-4D1C-9FC5-797160E418B2}) (Version: 5.00.7711.0000 - Microsoft Corporation) Hidden
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Cytoscape 3.5.1 (HKLM\...\5211-3645-3154-2580) (Version: 3.5.1 - Cytoscape Consortium)
Cytoscape 3.6.1 (HKLM\...\5211-3645-3154-2580-1) (Version: 3.6.1 - Cytoscape Consortium)
Defraggler (HKLM\...\Defraggler) (Version: 2.20 - Piriform)
Drobo Dashboard (HKLM-x32\...\{863885B3-7C05-421C-8817-568712778745}) (Version: 2.6.9 - Drobo)
Dropbox (HKLM-x32\...\Dropbox) (Version: 53.4.67 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
Duplicate File Finder (HKLM-x32\...\{1041487C-12E6-47FE-B83A-E9891782C8FE}}_is1) (Version: 6.3 - Ashisoft)
DVDFab (x64) 10.0.8.1 (06/02/2018) (HKLM-x32\...\DVDFab 10(x64)) (Version: 10.0.8.1 - Fengtao Software Inc.)
Emby Server (HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\Emby Server) (Version: 3.4 - Emby Team)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.8.0.11583 - Thomson Reuters)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
Eraser 6.2.0.2978 (HKLM\...\{3F294138-66B6-41E3-8BE7-4532E9C808ED}) (Version: 6.2.2978 - The Eraser Project)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
GlobalProtect (HKLM\...\{24D4233F-C473-4C50-8243-53FB6DFF2581}) (Version: 4.0.6 - Palo Alto Networks)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Earth Pro (HKLM\...\{B29B4ACE-362A-47D2-AB37-87C721D09803}) (Version: 7.3.2.5487 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.9.144 - Gramblr Team)
GraphPad Prism 6 (HKLM-x32\...\{606443B0-9831-11DC-5F90-015CFB7A6952}) (Version: 6.01 - GraphPad Software)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version: 5.0.12200.630 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (HKLM-x32\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM351M451DSService (HKLM-x32\...\{BF2198EB-503D-4E0B-89FB-509AADD6D545}) (Version: 001.001.05164 - Hewlett-Packard) Hidden
HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI (HKLM-x32\...\{BD019D8F-25B9-49D6-B301-07AFF65E35DD}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJDXPHelper (HKLM-x32\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 020.021.004 - HP) Hidden
HPLJUTCore (HKLM-x32\...\{0C779D9C-FD0F-4A53-86BE-3D53E58B2900}) (Version: 004.005.0001 - HP) Hidden
HPLJUTM351-M451 (HKLM-x32\...\{E25710A1-F024-4BAF-898C-32703F047737}) (Version: 1.02.0013 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{180D6813-95E0-415C-B58A-5B9493DE2DDA}) (Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM351_M451LaserJetService (HKLM-x32\...\{1125FC8E-975D-47BD-943D-0DFE0E2358B9}) (Version: 005.021.00132 - Hewlett-Packard) Hidden
hppToolboxProxyM351 (HKLM-x32\...\{6930AC06-C380-421E-91FE-9CA29D21D83E}) (Version: 035.024.006 - HP) Hidden
hpStatusAlerts (HKLM-x32\...\{46A99EAE-98DA-4BE5-94C3-D41BA4C266DA}) (Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM351_M451 (HKLM-x32\...\{25E11B5A-4817-4296-A260-235AE77B1708}) (Version: 050.034.0131 - Hewlett-Packard) Hidden
InstanceFinder (HKLM-x32\...\{32C0FD10-8FB4-427E-A16F-ED57C9343CF0}) (Version: 020.021.004 - HP) Hidden
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.2 - Intel)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1.2 - IObit)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
KeyLemon (HKLM\...\KeyLemon) (Version: 3.2.3 - KeyLemon Solutions S.A.)
LJDXPHelperUI (HKLM-x32\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 020.021.004 - HP) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
magicJack (HKU\.DEFAULT\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
magicJack (HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\magicJack) (Version: 4.18.9462.6668 - magicJack L.P.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.4711.73 - Waves Audio Ltd.) Hidden
MediaHuman Audio Converter version 1.9.5.1 (HKLM-x32\...\MediaHuman Audio Converter_is1) (Version: 1.9.5.1 - MediaHuman)
MediaHuman Audio Converter version 1.9.5.2 (HKLM-x32\...\MHAudioConverter_is1) (Version: 1.9.5.2 - MediaHuman)
MediaInfo 0.7.76 (HKLM\...\MediaInfo) (Version: 0.7.76 - MediaArea.net)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4461 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Robocopy GUI (HKLM-x32\...\{107C666F-63C5-4263-8D40-8B9CFB5FED08}) (Version: 1.0.0 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version:  - MiniTool Solution Ltd.)
MKVToolNix 15.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 15.0.0 - Moritz Bunkus)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 61.0.1.6759 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
NIS-Elements Viewer 4.20 (build 972) (HKLM-x32\...\{1966341E-0539-4698-ADEA-278A91CFCCC8}) (Version: 4.20.0.9720 - Laboratory Imaging s.r.o.)
NordVPN (HKLM-x32\...\{C877986D-3445-412B-AEB0-BF6AD3039467}) (Version: 6.10.8 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.10.8) (Version: 6.10.8 - NordVPN)
OCS Inventory NG Agent 2.0.4.0 (HKLM-x32\...\OCS Inventory NG Agent) (Version: 2.0.4.0 - OCS Inventory NG Team)
Origin 2018 (HKLM-x32\...\{FE498A04-5A44-44CB-9107-6BC2BDB13D5E}) (Version: 9.50.00 - OriginLab Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PatchCleaner (HKLM-x32\...\{727DA176-50BB-452C-8DB5-96EE0A573ED4}) (Version: 1.4.20 - HomeDev)
PDF Password Remover (HKLM-x32\...\{DB150C19-4A8F-4EF7-AC75-96098EACE179}) (Version: 1.0.6 - PDF Technologies)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFMate Free PDF Merger 1.0.9 (HKLM-x32\...\PDFMate Free PDF Merger_is1) (Version:  - pdfmate.com)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.108.1 - proDAD GmbH)
qBittorrent 4.1.1 (HKLM-x32\...\qBittorrent) (Version: 4.1.1 - The qBittorrent project)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.8.1 - Intuit)
Quicken 2016 (HKLM-x32\...\{519B4ED1-AF5F-4812-B2A8-B18D783AEFE8}) (Version: 25.1.17.4 - Intuit)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 6.1.0.0 - Denis Kozlov)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPRO_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
SetupWizard (HKLM-x32\...\{564B9269-0DEA-44F8-BC58-C20600F585D9}) (Version: 1.0.3604 - TRENDnet)
ShellFolderFix 1.1.4 (HKLM\...\{3DD823AB-145A-4522-B9F6-A9566121F837}_is1) (Version:  - )
SigmaPlot 11.0 (HKLM-x32\...\{B1A88375-BAB9-4081-B58F-A137FC6ED2A4}) (Version: 11.0 - Systat Software, Inc.)
Skype version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 43.3.54020 - Sonos, Inc.)
Spotify (HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\Spotify) (Version: 1.0.84.344.gfc674f6f - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
System Center 2012 Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 2.2.903.0 - Microsoft Corporation)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
Teekesselchen version 1.8 (HKLM-x32\...\{E20A5744-5ECD-49C5-8102-10CB0027DFCB}_is1) (Version: 1.8 - Michael Bungenstock)
ToolboxProxy (HKLM-x32\...\{B64E0B43-A452-4B25-93DD-E5C6645A534A}) (Version: 035.024.006 - HP) Hidden
TreeSize Free V3.4 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4 - JAM Software)
TRENDnetVIEW Pro 2.5.9 (HKLM-x32\...\DVRServer.Application_is1) (Version: 2.5.9 - TRENDnet)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PRJPRO_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VS 2008 CRT Package (HKLM-x32\...\{EC9F5A04-2DBE-4384-9681-3E3F264B0809}) (Version: 1.1.1 - Microsoft)
WinDirStat 1.1.2 (HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\WinDirStat) (Version:  - )
Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.4) (Version: 1.3.4 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-698515142-1667414562-1240765699-1011_Classes\CLSID\{BC9B776A-90D7-4476-A791-79D835F30650}\InprocServer32 -> C:\Program Files\Eraser\Eraser.Shell.dll (The Eraser Project)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> [CC]{2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>  -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [DefragglerShellExtension] -> [CC]{4380C993-0C43-4E02-9A7A-0D40B6EA7590} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2011-10-29] (Microsoft Corporation)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-04-04] (The Eraser Project)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> -{BB35DE05-89D6-4D8F-95DE-A27DF8156D91} =>  -> No File
ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2015-08-28] (ACD Systems International Inc.)
ContextMenuHandlers1: [UnLockerMenu] -> [CC]{410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> No File
ContextMenuHandlers1-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2016-08-09] (Acronis International GmbH)
ContextMenuHandlers1-x32: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2011-10-29] (Microsoft Corporation)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-04-04] (The Eraser Project)
ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2012-04-01] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2011-10-29] (Microsoft Corporation)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-04-04] (The Eraser Project)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [PowerISO] -> [CC]{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> [CC]{435E5DF5-2510-463C-B223-BDA47006D002} =>  -> No File
ContextMenuHandlers4: [UnLockerMenu] -> [CC]{410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-12] (Dropbox, Inc.)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-04-04] (The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-02-01] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> [CC]{2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>  -> No File
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-01-18] (Piriform Ltd)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-04-04] (The Eraser Project)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> [CC]{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers6: [UnLockerMenu] -> [CC]{410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> No File
ContextMenuHandlers6-x32: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\versions_page.dll [2016-08-09] (Acronis International GmbH)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-698515142-1667414562-1240765699-1011: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-04-04] (The Eraser Project)
ContextMenuHandlers2_S-1-5-21-698515142-1667414562-1240765699-1011: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-04-04] (The Eraser Project)
ContextMenuHandlers4_S-1-5-21-698515142-1667414562-1240765699-1011: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-04-04] (The Eraser Project)
ContextMenuHandlers5_S-1-5-21-698515142-1667414562-1240765699-1011: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-04-04] (The Eraser Project)
ContextMenuHandlers6_S-1-5-21-698515142-1667414562-1240765699-1011: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-04-04] (The Eraser Project)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0380BB62-086B-40F1-80B0-1068CF59B82F} - System32\Tasks\{4608091B-C5A3-4E80-939B-0EC0F9EACA19} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.5.0.102/en/abandoninstall?page=tsProgressBar
Task: {05958E45-63B1-4314-86CA-93D8540CA35F} - System32\Tasks\wimpy-destabilization => C:\Program Files (x86)\permanence\Rosch.exe
Task: {0B3BAD8B-FFA5-49DD-AB6A-BB59AF5A5DF6} - \TunePro360 Updater -> No File <==== ATTENTION
Task: {0CD62FBE-4085-4BA7-8193-E0A65B5680DE} - System32\Tasks\lates => C:\Program Files (x86)\Jan\depending.exe
Task: {1616723F-C4B5-425F-83D1-5C4BD53EA169} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {236A786F-C0DA-4D36-AC89-03615E2C62E2} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2012-02-20] (Microsoft Corporation)
Task: {307DEBF5-32AE-459B-BA77-16B941A5FD5B} - System32\Tasks\Microsoft\Windows\Diagnosis\KeyCreator => C:\Users\JonF\AppData\Roaming\\keycreator\\kget.exe
Task: {32F054A4-52A8-4866-8EB7-CA07A688CB34} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {34B89728-FF23-4617-BC71-39E8B973A01C} - System32\Tasks\lacking_coolerlacking_cooler => C:\Users\JonF\AppData\Local\Rosch.exe
Task: {34E04A01-E6FB-4883-B15A-730C53593FF6} - System32\Tasks\COMODO CertSentry Updater => C:\Windows\system32\certsentry.exe [2016-01-31] (COMODO CA Limited)
Task: {34EBC88A-E75A-475F-A310-A163EB7251EA} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {35942288-D454-4465-ADF9-847CE51A823F} - \vHotel -> No File <==== ATTENTION
Task: {391245DE-743A-4D81-B45A-10D2D5BCDDE8} - \neroli kermit klaas -> No File <==== ATTENTION
Task: {3CECFAC9-1424-42FA-854B-E223B2E39EFF} - System32\Tasks\Empty Recycle Bin => cmd.exe /c "echo Y|PowerShell.exe -NoProfile -Command Clear-RecycleBin"
Task: {3D74D30B-8408-49E9-ACAD-6E4BFF546833} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-15] (Hewlett Packard)
Task: {43B42B57-2E6B-4244-8F8A-25A9FFB734E2} - System32\Tasks\lacking_cooler => C:\Users\JonF\AppData\Local\Rosch.exe
Task: {49A79C48-FA7E-4C3B-A182-D77CFEE680B7} - System32\Tasks\{B59FBE08-B4B9-44BE-B034-B989B0139B75} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.8.0.102&LastError=12002
Task: {4C756B5C-9C6B-41E3-BAFD-0A4C16096E6E} - System32\Tasks\{6955F359-9460-447A-BC11-C1DE25266F0D} => C:\Windows\system32\pcalua.exe -a C:\Users\JonF\AppData\Local\Temp\VPNInit.exe -d "C:\Program Files (x86)\Mozilla Firefox" -c install VPNInstallManager vpn.louisville.edu 443 ANsession0002262070471040=prod+02848c73_1bf73f8e971411982c7420c147ffd20b;ANsession0002262070471040=prod+02848c73_1bf73f8e971411982c7420c147ffd20b 1033 <==== ATTENTION
Task: {565C1CAE-4C6D-4820-9FAF-0AB20686E5EC} - System32\Tasks\canonized-wretchedlycanonized-wretchedly => C:\Program Files (x86)\severson\Logout.exe
Task: {584D0A5B-7193-4FFE-A3A1-DD054F7E4E18} - System32\Tasks\reels => C:\Program Files (x86)\corruptions\corruptions.exe
Task: {5E213352-3BCA-4C12-A6A4-6CF37B484B0D} - \Take your pills -> No File <==== ATTENTION
Task: {5F088AAB-E065-44D4-81EF-6140C0EAB307} - System32\Tasks\Endnote => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation)
Task: {62053035-E6E3-44FB-8C15-C00FBA7BF049} - System32\Tasks\{21D7C445-031A-4A43-ACD9-ADA9338A25A4} => C:\Windows\system32\pcalua.exe -a C:\Users\JonF\AppData\Local\Temp\jre-8u60-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {6604EB83-FC94-4A26-876E-43263E6138F2} - \scammed_sliver -> No File <==== ATTENTION
Task: {66C82BC5-E7F8-47B0-8DF0-627A8929B9BC} - System32\Tasks\reelsreels => C:\Program Files (x86)\corruptions\corruptions.exe
Task: {6A329772-99FB-4BBB-BE86-3D6E89327B87} - System32\Tasks\wimpy-destabilizationwimpy-destabilization => C:\Program Files (x86)\permanence\Rosch.exe
Task: {6FE41283-4D44-41B2-84FB-AC89E0783A97} - System32\Tasks\canonized-wretchedly => C:\Program Files (x86)\severson\Logout.exe
Task: {75870E32-4480-4105-96A2-C8A25F8A2087} - System32\Tasks\cental_randellcental_randell => C:\Program Files (x86)\Marlena\Althea.exe
Task: {75AA07D9-E4A2-446D-A880-8434B1F091B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7686E852-DA63-4967-AAA5-974B4BDB9660} - System32\Tasks\skpVersionUpdate => C:\Program Files (x86)\Monterix\System Keeper\SystemKeeperM.exe
Task: {8709121B-E417-4DC3-AC07-64A5322B513F} - \scammed_sliverscammed_sliver -> No File <==== ATTENTION
Task: {87447586-A78A-4122-A750-8944DF4268F4} - System32\Tasks\cental_randell => C:\Program Files (x86)\Marlena\Althea.exe
Task: {87DB9FF3-F7B4-4B58-8E81-389F3F663AD4} - \relocatedrelocated -> No File <==== ATTENTION
Task: {8B05610B-B5C6-470F-BB24-F8294ED2E72A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-13] (Google Inc.)
Task: {8C96AED2-D640-4B02-A8E6-988FCBAB2D77} - System32\Tasks\lattimorelattimore => C:\Program Files (x86)\Scheduled\Althea.exe
Task: {921ECFDC-8E16-4253-902C-6F7A8E0B3C47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-13] (Google Inc.)
Task: {96E2F322-09F8-4390-A638-7BD8509AAD55} - System32\Tasks\lattimore => C:\Program Files (x86)\Scheduled\Althea.exe
Task: {987A2D7A-998A-4B2F-9C6F-8F9EF2F2195E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.)
Task: {A1092773-D7CD-4AA6-B58C-9357B386E6E6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {A542B63B-9CB3-4B36-B0BF-412D83E990D8} - System32\Tasks\Microsoft\Copy Endnote from OneDrive to Local => "C:\Users\JonF\AppData\Roaming\Microsoft Robocopy GUI\Scripts\RobocopyScript.cmd"
Task: {A9047FF1-0229-49EB-865A-C19F7BABCC88} - System32\Tasks\lateslates => C:\Program Files (x86)\Jan\depending.exe
Task: {AC9DBB9A-606D-4E7B-A9E8-C2D8EBEB7632} - \relocated -> No File <==== ATTENTION
Task: {ADF933EA-FD6C-4316-89B4-DCB06D73067F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {B53D1601-7B05-4C3B-8257-9BB4960F457B} - System32\Tasks\pipsqueak govanpipsqueak govan => C:\Program Files (x86)\Marlena\Rosch.exe
Task: {BC0BDBFF-8962-4F49-A381-32F0D300E700} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.)
Task: {BC0F703B-FD5F-4874-B09D-E0E52F9B6ED4} - System32\Tasks\{9728551A-83AB-43BF-BDB7-568328DA23C2} => C:\Windows\system32\pcalua.exe -a C:\Users\JonF\AppData\Local\Temp\jre-8u73-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {CDECDB25-99A9-42A4-96EF-E5643349CEE5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-07-18] (AVAST Software)
Task: {D508B563-7BF7-4B64-9F37-A747C396A440} - System32\Tasks\{0A366693-381B-4606-8053-3819A715464D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.16.85.102/en/abandoninstall?page=tsProgressBar
Task: {D750DCD1-850D-494F-A56A-0DC960323085} - System32\Tasks\{98608471-2123-4C8C-B921-57A58767499B} => C:\Windows\system32\pcalua.exe -a F:\Downloads\Eraser6.2.0.2971-NoRuntimes.exe -d F:\Downloads
Task: {DC9E9941-B7DF-4D8E-8E23-03A3A1CBD3F6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {DDAA429A-89CC-43BA-B951-0EBA28D04C5F} - System32\Tasks\ALADDIN => C:\Program Files\ALADDIN\ALADDIN.exe
Task: {DFEC3E9D-7FED-4A10-8223-3DFFAFE8064E} - \neroli kermit klaasneroli kermit klaas -> No File <==== ATTENTION
Task: {E12D9053-74B5-4113-8035-8484CE209D22} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-09-02] (Microsoft Corporation)
Task: {F537710E-2B22-4918-B8E1-819CF7B72046} - System32\Tasks\pipsqueak govan => C:\Program Files (x86)\Marlena\Rosch.exe
Task: {F85FD6F2-BE79-4412-802B-535931C867F3} - System32\Tasks\{3BC80309-A88B-4A5C-9E5A-C7EB2742DFF5} => C:\Windows\system32\pcalua.exe -a C:\Users\JonF\AppData\Local\Temp\VPNInit.exe -d "C:\Program Files (x86)\Mozilla Thunderbird" -c install VPNInstallManager vpn.louisville.edu 443 ANsession0002262070471040=prod+021b2121_cc8ac1471c0e7fd1a2f1fc738c4a2e3a;ANsession0002262070471040=prod+021b2121_cc8ac1471c0e7fd1a2f1fc738c4a2e3a 1033 <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\ALADDIN.job => C:\Program Files\ALADDIN\ALADDIN.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\JonF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Utilities - Security\KeyLemon\Buy KeyLemon now.lnk -> hxxp://www.keylemon.com/pricing-payment-start-menu/?id=bs
Shortcut: C:\Users\JonF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Network\Emby - Local network server\Emby Server Dashboard.lnk -> hxxp://localhost:8096/web/dashboard.htm

==================== Loaded Modules (Whitelisted) ==============

2014-08-14 11:32 - 2016-09-13 18:36 - 001276216 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2015-08-30 12:02 - 2017-01-15 17:20 - 006086232 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-06-29 17:34 - 2018-07-17 16:32 - 014289488 _____ () C:\Program Files\Gramblr\gramblr.exe
2018-01-04 10:33 - 2018-01-04 10:33 - 000420640 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2015-02-13 17:46 - 2010-09-28 19:52 - 000099840 _____ () C:\Program Files\ShellFolderFix\ShellFolderFix.dll
2017-01-22 13:04 - 2012-04-01 01:06 - 002689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2014-08-14 11:56 - 2016-09-13 18:18 - 000585240 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2018-05-30 11:03 - 2018-05-30 11:03 - 046281248 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2015-07-17 10:09 - 2015-07-12 00:33 - 001320960 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2015-02-13 17:46 - 2010-09-28 19:52 - 002625024 _____ () C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
2016-01-06 12:41 - 2015-06-24 21:23 - 000020288 _____ () C:\Program Files\CCleaner\branding.dll
2014-11-27 10:58 - 2016-09-13 19:12 - 004654664 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2018-07-18 09:44 - 2018-07-18 09:44 - 000113152 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\_ctypes.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000080896 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\bz2.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 001585152 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\_hashlib.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000128512 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\win32api.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000137728 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\pywintypes27.dll
2018-07-18 09:44 - 2018-07-18 09:44 - 000548864 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\pythoncom27.dll
2018-07-18 09:44 - 2018-07-18 09:44 - 000689664 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\unicodedata.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000438784 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\win32com.shell.shell.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 001489408 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\wx._core_.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 001007104 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\wx._gdi_.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 001039872 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\wx._windows_.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 001325056 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\wx._controls_.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000916992 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\wx._misc_.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 001084416 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\pysqlite2._sqlite.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000149504 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\win32file.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000136192 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\win32security.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000007680 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\hashobjs_ext.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000020992 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\thumbnails_ext.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000118784 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\usb_ext.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000047616 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\_socket.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 002224640 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\_ssl.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000014848 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\common.time34.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000023040 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\win32event.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000034304 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\windows.conditional.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000020480 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\windows.winwrap.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000110080 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\windows.volumes.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000223232 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\win32gui.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000173568 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\_elementtree.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000169472 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\pyexpat.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000048128 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\win32inet.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000103424 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\wx._html2.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000046080 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\_psutil_windows.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000633272 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\windows._cacheinvalidation.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000011776 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\win32crypt.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000301568 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\PIL._imaging.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000032256 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\_multiprocessing.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 005458944 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\cello.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000026112 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\_yappi.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000044032 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\win32process.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000027648 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\win32pipe.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000010752 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\select.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000029696 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\win32pdh.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000038400 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\windows.connectivity.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000073216 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\windows.device_monitor.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000020480 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\win32profile.pyd
2018-07-18 09:44 - 2018-07-18 09:44 - 000026624 _____ () C:\Users\JonF\AppData\Local\Temp\_MEI48842\win32ts.pyd
2014-09-13 04:31 - 2016-08-11 15:29 - 009729272 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2018-06-19 23:42 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2017-12-22 09:46 - 2017-12-22 09:46 - 000227840 _____ () C:\Program Files (x86)\NordVPN\Liberation.Native.Firewall.dll
2011-09-29 12:19 - 2011-09-29 12:19 - 000067584 _____ () C:\Program Files (x86)\OCS Inventory Agent\zlib1.dll
2016-09-13 18:17 - 2016-09-13 18:17 - 006068656 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_resources.dll
2014-11-21 16:14 - 2016-08-15 12:28 - 000129968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2014-11-27 11:31 - 2016-09-13 19:07 - 020652632 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2014-11-27 10:44 - 2016-09-13 18:18 - 000390576 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2016-08-03 16:47 - 2016-08-03 16:47 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
2014-11-27 10:44 - 2016-09-13 18:17 - 000048560 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2014-09-13 04:33 - 2016-08-11 15:14 - 000248752 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2014-11-27 10:47 - 2016-06-14 18:24 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-11-27 10:44 - 2016-06-22 10:16 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\certsentry.exe:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Microsoft:hIbCRnusYjsvMqQOrJIGd [2204]
AlternateDataStreams: C:\ProgramData\Microsoft:Ne94JROuTDKK1YOUn21y0u [2522]
AlternateDataStreams: C:\ProgramData\Microsoft:Yzb04jHfo62n4wSEu0ETaXT2 [2670]
AlternateDataStreams: C:\ProgramData\Temp:F169C698 [133]
AlternateDataStreams: C:\Users\JonF\Cookies:dS1eerzFzZMgKu78NQveK9KDIlsFW [2680]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\76629302.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rohos => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VPNInstallManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VPNService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vpntdi => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\76629302.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Cofvopjy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Rohos => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VPNInstallManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VPNService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vpntdi => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7877 more sites.

IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1008\...\123simsen.com -> www.123simsen.com

There are 7877 more sites.

IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-698515142-1667414562-1240765699-1011\...\123simsen.com -> www.123simsen.com

There are 7878 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2018-07-14 16:19 - 000524693 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 mydownloaddomain.com
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
104.251.211.173 clients2.google.com
104.251.211.173 clients2.google.com
104.251.211.173 clients2.google.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-698515142-1667414562-1240765699-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\jhfree01\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-698515142-1667414562-1240765699-1011\Control Panel\Desktop\\Wallpaper -> C:\Users\JonF\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CBEF98ED-80CF-4AA0-BCFC-E187DD1946FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D715F203-A391-4062-82E1-009AFBC6BC83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B6107100-2905-421B-AB7C-2FE57D5BA3D6}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\15CA73D8-3C82-4BAE-86CD-945BF9620516\Installer\hpbcsiInstaller.exe
FirewallRules: [{2D7608EE-9D34-4FD4-9447-FDE528E48641}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\15CA73D8-3C82-4BAE-86CD-945BF9620516\Installer\hpbcsiInstaller.exe
FirewallRules: [{2D53ADF8-C12C-4023-A36B-635F4CE9627A}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{BB44D3D3-9F72-46F2-90BC-31A7FA3923D9}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{9A57707E-EF23-49E8-9315-E222CB53B170}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{72E7E2B6-A350-47AE-BA03-AB4920F8A8D6}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{3B89C958-BFB5-44F3-80C2-38FC89B09940}] => (Allow) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
FirewallRules: [{0640D820-1C45-4F3C-A155-7AE39D06A338}] => (Allow) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
FirewallRules: [{FF994B25-95EB-4AF7-8C8C-C2FE044840E5}] => (Allow) C:\Program Files (x86)\Drobo\Drobo Dashboard\Drobo Dashboard.exe
FirewallRules: [{52BC2FDC-3C89-447F-A03F-FB11B689BE4A}] => (Allow) C:\Program Files (x86)\Drobo\Drobo Dashboard\Drobo Dashboard.exe
FirewallRules: [{E5376915-7823-4AC5-AB88-5C45DD52BCE1}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{6E0D6578-1CF4-4D5D-96F9-4F428832D3D3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{30255790-0959-4DFD-9056-F733A52E6E15}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{C45923AB-597C-41E7-8254-31E4F8B9FDDF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{1D83D60D-D5B8-4215-9E09-DF48D1EA87EA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{9985E580-DD30-4FEC-9117-CAD220C9448B}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{BAC4939E-5A34-4F52-9624-C44B69AEC1A3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{A959DDF2-2DB1-43E9-BDC2-91861CFC7633}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{465FE91F-5DA3-4FD3-AFCC-8AE649533981}C:\program files\cytoscape_v3.5.1\cytoscape.exe] => (Allow) C:\program files\cytoscape_v3.5.1\cytoscape.exe
FirewallRules: [UDP Query User{1BBB2D47-0288-4A71-903D-FA7065070DDF}C:\program files\cytoscape_v3.5.1\cytoscape.exe] => (Allow) C:\program files\cytoscape_v3.5.1\cytoscape.exe
FirewallRules: [{7816F13B-6C73-49A6-B28B-4D55FD1B1368}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{A384A0A6-31BC-4DD7-A8BC-F5AD77F9ED38}] => (Allow) C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{FFE7D015-9B60-45A7-86B0-94696670C0B0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{609115B5-1496-4054-938A-CA973F8719C4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{60093A4F-EB10-48E2-9A5E-575D0F82AF50}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6E5B643F-6C6E-47FB-93D9-AD427E26405A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{41D9F25B-576C-4CC0-A4B3-C2B2E00E551A}] => (Allow) C:\mjusbsp\magicJack.exe
FirewallRules: [{01DD5983-2036-49B7-9308-A45D9BC81CC1}] => (Allow) C:\mjusbsp\magicJack.exe
FirewallRules: [TCP Query User{56528BE7-E02B-4C41-BADA-A11EB9A41B6A}C:\program files (x86)\trendnet\setupwizard\setupwizard.exe] => (Allow) C:\program files (x86)\trendnet\setupwizard\setupwizard.exe
FirewallRules: [UDP Query User{4B9C6D07-BDD4-428D-8A2C-B400D6225C04}C:\program files (x86)\trendnet\setupwizard\setupwizard.exe] => (Allow) C:\program files (x86)\trendnet\setupwizard\setupwizard.exe
FirewallRules: [TCP Query User{4AD5609B-F138-4697-81E4-C07E005BADB3}C:\users\jonf\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jonf\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{59E6488F-1367-4C61-985C-AC313C9EE7B9}C:\users\jonf\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jonf\appdata\roaming\spotify\spotify.exe
FirewallRules: [{300F7BC8-39D5-4BEC-83CD-6BED15CE2032}] => (Allow) C:\Users\JonF\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{D06657EF-BB35-4014-B6CA-752E7A597A9C}] => (Allow) C:\Users\JonF\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [TCP Query User{9DF35F1B-1736-4669-AF77-F23FF0772471}C:\program files\dvdfab 10\dvdfab64.exe] => (Block) C:\program files\dvdfab 10\dvdfab64.exe
FirewallRules: [UDP Query User{168DA5E3-A0FE-46F8-B628-CDF16CA1AB7C}C:\program files\dvdfab 10\dvdfab64.exe] => (Block) C:\program files\dvdfab 10\dvdfab64.exe
FirewallRules: [TCP Query User{7958BC7F-D5C2-421E-A229-8F47712A4418}C:\program files\dvdfab 10\dvdfab64.exe] => (Block) C:\program files\dvdfab 10\dvdfab64.exe
FirewallRules: [UDP Query User{6C42EC06-0849-4DF8-A69C-45C01B1951CA}C:\program files\dvdfab 10\dvdfab64.exe] => (Block) C:\program files\dvdfab 10\dvdfab64.exe
FirewallRules: [TCP Query User{EB82981C-6220-4272-BE83-7C972526BAF6}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [UDP Query User{150900C1-D998-4D9B-88E5-ACAB7C430B5E}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [{F507FF40-94B5-4480-8285-713B5C08C9E4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{F74A6622-A6BE-443D-9208-5AD8D74299EE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B41A6742-58D5-440E-BC05-2F0445CAFF61}] => (Allow) C:\Users\JonF\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{70ECD69F-DB81-46CC-98E7-977714A58F04}] => (Allow) C:\Users\JonF\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{DFA9FAA7-420E-4DD1-BC19-5CD16C695B79}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{C9D15FD5-CF4C-47E0-856C-846911898ADA}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{7BB52AB9-BA4B-45CF-AEAE-8E5EE82C58C0}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{FA466BA0-F943-45DE-A43B-5A4F1E060721}] => (Allow) C:\Program Files\OriginLab\Origin2018\Origin95_64.exe
FirewallRules: [{7D298400-63FC-42C6-84EE-697376C56092}] => (Allow) C:\Program Files\OriginLab\Origin2018\Origin95_64.exe
FirewallRules: [{D8CC179E-2C29-4D64-820C-13D5EE7E4EF1}] => (Allow) LPort=7359
FirewallRules: [{A2DBF19A-B8B3-447E-BBE4-5A99775756D0}] => (Allow) LPort=8096
FirewallRules: [{2090899C-68F3-4E56-B523-E3C06B6DDA12}] => (Allow) LPort=8920
FirewallRules: [{5835DF68-236D-45C5-92A3-8675F407714E}] => (Allow) C:\Users\JonF\AppData\Roaming\Emby-Server\system\EmbyServer.dll
FirewallRules: [{F815D3E9-92E7-47EF-9591-C3D1A19E4BCB}] => (Allow) C:\Users\JonF\AppData\Roaming\Emby-Server\system\EmbyServer.dll
FirewallRules: [{5EC02AB0-5F42-428C-A550-52C22FD180F5}] => (Allow) C:\Users\JonF\AppData\Roaming\Emby-Server\system\EmbyServer.dll
FirewallRules: [{520312CF-054E-4008-8585-E3023C9A69E0}] => (Allow) C:\Users\JonF\AppData\Roaming\Emby-Server\system\EmbyServer.dll
FirewallRules: [TCP Query User{A134A6D7-6B14-4E5C-A305-621FD5AFBEE4}C:\users\jonf\appdata\roaming\emby-server\system\embyserver.exe] => (Allow) C:\users\jonf\appdata\roaming\emby-server\system\embyserver.exe
FirewallRules: [UDP Query User{6688153B-32F1-4BC2-A972-7F323A0C9641}C:\users\jonf\appdata\roaming\emby-server\system\embyserver.exe] => (Allow) C:\users\jonf\appdata\roaming\emby-server\system\embyserver.exe
FirewallRules: [{2A2938B1-DE1D-41D2-A025-953956FAF40C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{13E7E952-B296-47EE-A061-CBA6FDE4EE69}C:\program files\cytoscape_v3.6.1\cytoscape.exe] => (Allow) C:\program files\cytoscape_v3.6.1\cytoscape.exe
FirewallRules: [UDP Query User{6D9380C3-7072-4310-A091-1CAB8E95F83A}C:\program files\cytoscape_v3.6.1\cytoscape.exe] => (Allow) C:\program files\cytoscape_v3.6.1\cytoscape.exe
FirewallRules: [{8ECA75E7-EF75-4BEA-ABB0-B1D1E6C5C57A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{5A4C40E5-E2AA-4175-A36B-811C55A88B49}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{505430FF-CBB2-4019-82A1-44E8B5A94B55}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{0DEDEBBC-DB6B-403B-96FA-FFBFB3B89B23}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{08AFE0E5-6B5E-4814-BF31-A04472DA01AC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: ZWQ3YTNjNGQ4YTg2MzE
Description: ZWQ3YTNjNGQ4YTg2MzE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZWQ3YTNjNGQ4YTg2MzE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2018 10:00:38 AM) (Source: OCS Inventory Service) (EventID: 20) (User: )
Description: Service encounter error <OCS Inventory NG Agent encounter an error (exit code is 4 => Failed to talk with Communication Server)>.

Error: (07/18/2018 10:00:18 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Description = Revo Uninstaller's restore point - Avast Secure Browser; Error = 0x80070422).

Error: (07/18/2018 09:59:39 AM) (Source: OCS Inventory Service) (EventID: 20) (User: )
Description: Service encounter error <OCS Inventory NG Agent encounter an error (exit code is 4 => Failed to talk with Communication Server)>.

Error: (07/18/2018 09:58:25 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Description = Revo Uninstaller's restore point - Avast Free Antivirus; Error = 0x80070422).

Error: (07/18/2018 09:49:53 AM) (Source: OCS Inventory Service) (EventID: 20) (User: )
Description: Service encounter error <OCS Inventory NG Agent encounter an error (exit code is 4 => Failed to talk with Communication Server)>.

Error: (07/18/2018 09:49:06 AM) (Source: OCS Inventory Service) (EventID: 20) (User: )
Description: Service encounter error <OCS Inventory NG Agent encounter an error (exit code is 4 => Failed to talk with Communication Server)>.

Error: (07/18/2018 09:47:01 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "file:///H:\\">.

Error: (07/18/2018 09:47:00 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "file:///H:\\">.


System errors:
=============
Error: (07/18/2018 10:12:04 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Mulitmedia.

Error: (07/18/2018 09:59:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (07/18/2018 09:59:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (07/18/2018 09:59:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (07/18/2018 09:59:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (07/18/2018 09:59:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (07/18/2018 09:59:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (07/18/2018 09:59:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


CodeIntegrity:
===================================

Date: 2015-07-14 22:09:15.085
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-14 22:08:43.384
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-14 22:08:28.375
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-14 22:08:08.777
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-14 22:06:54.561
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-14 22:06:35.346
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-14 22:05:34.555
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-14 22:05:01.902
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 44%
Total physical RAM: 8131.92 MB
Available physical RAM: 4512.27 MB
Total Virtual: 16262 MB
Available Virtual: 12570.68 MB

==================== Drives ================================

Drive c: (Root Disk) (Fixed) (Total:223.53 GB) (Free:77.45 GB) NTFS
Drive f: (Freedman Family) (Fixed) (Total:254.22 GB) (Free:143.13 GB) NTFS
Drive g: (Mulitmedia) (Fixed) (Total:459.34 GB) (Free:102.35 GB) NTFS
Drive h: (Local Network Drive) (Fixed) (Total:217.95 GB) (Free:166.51 GB) NTFS
Drive j: (Data Storage) (Fixed) (Total:855.15 GB) (Free:824.31 GB) NTFS
Drive l: (Secure Data Disk) (Fixed) (Total:1007.86 GB) (Free:879.76 GB) NTFS

\\?\Volume{00a3084b-9b21-11e7-a98b-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.04 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 59BBFB8D)
Partition 1: (Active) - (Size=40 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 415D0019)
Partition 1: (Not Active) - (Size=254.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=677.3 GB) - (Type=0F Extended)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 7D0898F4)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file Attached File  Fixlist.txt   932bytes   29 downloads  and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Console's Command prompt in the infected computer.

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
  • Restart the computer
  • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
  • Use the arrow keys to select Repair your computer, and press on Enter
  • Select your keyboard layout (US, French, etc.) and click on Next
  • Click on Command Prompt to open the command prompt
    Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.

Once in the command prompt
 

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • First press the Scan button. That will deactivate the rootkit. Once the scan is finished, press the Fix button
  • These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Please copy and paste them in your reply

 

Once finished in the Recovery Environment, restart the computer in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.


I will expect the following reports:

Frst.txt produced in the Recovery Console
Fixlog.txt produced in the Recovery Console
Frst.txt produced in Normal Mode
Addition.txt produced in Normal Mode


  • 0

#3
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,037 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP