Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Programs running multiple times in task manager


  • Please log in to reply

#1
Dave_83

Dave_83

    Member

  • Member
  • PipPip
  • 75 posts

Hi there,

 

I have programs running multiples times, and next to some of the programs I see *32, so am not sure whether this is a malware or virus.

 

When chrome is opened, the chrome.exe opens multiple times, and the memory usage is too high.

 

Firfox has suddenly stopped working, i cannot open any website, below is the error i get:

 

Your connection is not secure

The owner of www.quora.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

 

Error code: MOZILLA_PKIX_ERROR_MITM_DETECTED

 

Can I get solution for this please? thank you.


Edited by Dave_83, 31 July 2018 - 08:23 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


  • 0

#3
Dave_83

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Hi RKinner,

 

Thank you for the reply, appreciate it. Below is the FRST scan and Addition scan from Farbar Recovery Scan Tool. Under Addition scan i removed my 'Drives' list, as i do not want to show those here or any forum, I have 12 drives partitions though.

 

And attached are the Process explorer and Speccy saved details.

 

FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by admin (administrator) on ADMIN-PC (08-08-2018 13:53:56)
Running from I:\2018
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Felix Logic) C:\Program Files (x86)\Cold Turkey\CTService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
(Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Users\admin\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
(New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
(Simnet Ltd. ) C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe
( New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Intel® Corporation) C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sysinternals - www.sysinternals.com) I:\SOFTWARES - recovered from WD EXT HDD\Others\ProcessExplorer - 2017\procexp64.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Piriform Ltd) C:\Program Files\Speccy\Speccy64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7679816 2016-10-09] (SoftPerfect)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-24] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-02-17] (Intel Corporation)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2018-01-23] (Raptr, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3754168 2018-07-31] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [WinFLTray] => C:\Windows\SysWow64\WinFLTray.ex
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [FLBackup] => C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.ex
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [Simple Sticky Notes] => C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe [688648 2016-08-19] (Simnet Ltd. )
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [9942704 2018-06-28] (Windscribe Limited)
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {20c1b7c7-a7ee-11e6-89f6-fcaa14c2fb92} - L:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {696585ce-d229-11e3-961a-806e6f6e6963} - E:\Run.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {75480ec5-23ec-11e7-bc40-fcaa14c2fb92} - K:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {75480f11-23ec-11e7-bc40-fcaa14c2fb92} - K:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {75480f62-23ec-11e7-bc40-fcaa14c2fb92} - K:\setup.exe -a
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {98507fb2-4a79-11e7-8dc1-fcaa14c2fb92} - K:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {ad504ddb-2ab0-11e5-883e-806e6f6e6963} - "P:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {c38be7d2-8209-11e4-99ab-806e6f6e6963} - F:\Run.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {d4c2d37b-a551-11e5-899c-001b10002aec} - K:\Startme.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {ea572361-749b-11e5-8398-001b10002aec} - K:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {f2f63f40-5221-11e6-be00-fcaa14c2fb92} - O:\Setup.exe
HKU\S-1-5-18\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 125.22.47.125 8.8.8.8
Tcpip\..\Interfaces\{51F5BA4F-5C41-4B15-991C-5BC22DC84B9B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D063286F-5185-4613-BE88-0D66833B84B0}: [DhcpNameServer] 125.22.47.125 8.8.8.8
Tcpip\..\Interfaces\{E9D8FAE0-1661-467C-8EF2-8D081E39D7D2}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://in.yahoo.com/?fr=fp-spt_gen
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2012-08-24] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-07-30] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_162\bin\ssv.dll [2018-03-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-06-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-07-30] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-03-29] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2012-08-24] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-05-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-06-24] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2018-07-30] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
IE Session Restore: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000 -> is enabled.
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-07-30] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-07-30] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-07-30] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-07-30] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 3qavl6ma.default-1523991317252
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252 [2018-08-08]
FF Homepage: Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252 -> hxxp://www.google.co.in/
FF Session Restore: Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252 -> is enabled.
FF Extension: (Cisco Webex Extension) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\ciscowebexstart1@cisco.com.xpi [2018-06-15]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2018-04-18]
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2018-04-29]
FF Extension: (Snooze Tabs) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\snoozetabs@mozilla.com.xpi [2018-04-18]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-18]
FF Extension: (Page Translate) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\{087ef4e1-4286-4be6-9aa3-8d6c420ee1db}.xpi [2018-04-18]
FF Extension: (ruler) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\{b1355a29-9265-4b5e-a3ad-e9d61265d5ac}.xpi [2018-05-24]
FF Extension: (Furniture Guru) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\extension@furnitureguru.in.xpi [2018-03-30]
FF Extension: (IndiaShopps) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\extension@indiashopps.com.xpi [2018-03-30]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-04]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5 [2018-01-25] [Legacy] [not signed]
FF HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-29] ()
FF Plugin: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-03-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-03-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-03] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-29] ()
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2014-06-06] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccpluginex.dll [2014-06-06] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2014-06-06] (Fortinet Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-10-03] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-05-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-05-19] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-09-23] (Nero AG)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2018-08-03] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2018-08-03] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @webex.com/npatgpc -> C:\ProgramData\WebEx\npatgpc.dll [2017-12-07] (Cisco WebEx LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2017-05-15] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-05-15] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.co.in/","hxxp://google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2018-08-08]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-18]
CHR Extension: (Nimbus Screenshot App) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecjogkncpbkjfobfnoaiepipllcadhe [2018-04-18]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-18]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-18]
CHR Extension: (Web Developer) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2018-04-18]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-18]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-08-03]
CHR Extension: (OneTab) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2018-07-31]
CHR Extension: (Tampermonkey) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-05-23]
CHR Extension: (Dropbox for Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-04-27]
CHR Extension: (Adobe Acrobat) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-04-18]
CHR Extension: (Avast SafePrice) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-06-20]
CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-18]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-18]
CHR Extension: (Avast Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-18]
CHR Extension: (Web Developer Checklist) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahamcpedabephpcgkeikbclmaljebjp [2018-04-18]
CHR Extension: (Adobe Edge Inspect CC) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkjjgddem [2018-04-18]
CHR Extension: (The Great Suspender) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2018-07-31]
CHR Extension: (Spoon.net Extension) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncgbdglledmjmpnikebkagnchfdehbm [2018-04-18]
CHR Extension: (Skype) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-04-18]
CHR Extension: (Responsive Inspector) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim [2018-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-18]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-03]
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [amanlcdnojadchadmedfkljbkffioapi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcpfiabjpehfpkmlfdfdlpameaoonpdn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [imedekbkldfofmicojdclhjchkmmnklg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ndgpdmigmpcbehlcdehbbldijnnibiee] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amanlcdnojadchadmedfkljbkffioapi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hcpfiabjpehfpkmlfdfdlpameaoonpdn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [imedekbkldfofmicojdclhjchkmmnklg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ndgpdmigmpcbehlcdehbbldijnnibiee] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (SaveFrom.net helper) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2016-10-23]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-06-24] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-06-24] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8851496 2018-07-22] (Microsoft Corporation)
R2 CTService; C:\Program Files (x86)\Cold Turkey\\CTService.exe [329728 2016-04-07] (Felix Logic) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51392 2018-07-31] (Dropbox, Inc.)
R2 FLService; C:\Windows\SysWow64\WinFLService.exe [92360 2015-10-11] (New Softwares.net)
R2 FortiSslvpnDaemon; C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [954080 2014-06-06] (Fortinet Inc.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 KingoSoftService; C:\Users\admin\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [367592 2017-03-27] ()
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-01-25] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software) [File not signed]
R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [490672 2018-06-28] (Windscribe Limited)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [104248 2015-12-30] (Wondershare)
S2 AppmallosayoV; no ImagePath
S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X]
S2 system_http_dll; C:\ProgramData\9e153da59d\e7b640f780.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [39704 2015-10-07] (Windows ® Win 7 DDK provider)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [197160 2018-06-24] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229392 2018-06-24] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201328 2018-06-24] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-06-24] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59592 2018-06-24] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239680 2018-06-24] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-06-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159640 2018-06-24] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111872 2018-06-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-06-24] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027728 2018-06-24] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467064 2018-07-23] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [211160 2018-06-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381584 2018-06-24] (AVAST Software)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [75584 2015-10-07] (ASUS Corporation)
R3 cpuz143; C:\Users\admin\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [48952 2018-08-08] (CPUID) <==== ATTENTION
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-09-27] (Sony Mobile Communications)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [72632 2016-10-04] (NetFilterSDK.com)
R2 NEWDRIVER; C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2015-10-11] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
R3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [54000 2015-06-10] (Novation DMS Ltd.)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2018-06-19] (The OpenVPN Project)
R1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [34816 2015-10-11] ()
R2 WinVDEDrv; C:\Windows\SysWow64\WinVDEdrv.sys [225680 2015-10-11] (NewSoftwares.net, Inc.)
S3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [123904 2015-07-17] (Yamaha Corporation)
S3 cpuz134; \??\C:\Users\admin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-08 13:48 - 2018-08-08 13:48 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-08-08 13:48 - 2018-08-08 13:48 - 000002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-08-08 13:48 - 2018-08-08 13:48 - 000000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-08-08 13:48 - 2018-08-08 13:48 - 000000807 _____ C:\Users\Public\Desktop\Speccy.lnk
2018-08-08 13:48 - 2018-08-08 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-08-08 13:48 - 2018-08-08 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-08-08 13:48 - 2018-08-08 13:48 - 000000000 ____D C:\Program Files\Speccy
2018-08-08 13:48 - 2018-08-08 13:48 - 000000000 ____D C:\Program Files\CCleaner
2018-08-08 13:45 - 2018-08-08 13:45 - 000015230 _____ C:\junk.txt
2018-08-07 04:06 - 2018-08-07 04:06 - 000001086 _____ C:\Users\Public\Desktop\Windscribe.lnk
2018-08-07 04:06 - 2018-08-07 04:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2018-08-07 04:06 - 2018-06-19 02:58 - 000045560 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys
2018-08-06 23:18 - 2018-08-06 23:18 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-08-06 23:18 - 2018-08-06 23:18 - 000001224 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-08-05 23:22 - 2018-08-05 23:22 - 061040558 _____ C:\Users\admin\Downloads\Ryan Hayashi FOOLS Penn & Teller With The Most IMPOSSIBLE Coin Magic Trick! [720p].mp4
2018-08-03 11:16 - 2018-08-03 11:16 - 000000000 ____D C:\Users\Public\Documents\Tencent
2018-08-03 11:15 - 2018-08-03 11:16 - 000000000 ____D C:\Users\admin\AppData\Roaming\Tencent
2018-08-03 11:15 - 2018-08-03 11:15 - 000002068 _____ C:\Users\Public\Desktop\Tencent QQ.lnk
2018-08-03 11:15 - 2018-08-03 11:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
2018-08-03 11:15 - 2018-08-03 11:15 - 000000000 ____D C:\Program Files (x86)\Tencent
2018-08-03 11:12 - 2018-08-03 11:13 - 049880760 _____ (Tencent) C:\Users\admin\Desktop\QQintl2.11.exe
2018-08-01 09:25 - 2018-08-01 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-31 06:55 - 2018-07-31 06:55 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-07-31 06:55 - 2018-07-31 06:55 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-07-31 06:55 - 2018-07-31 06:55 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-07-31 02:58 - 2018-08-01 09:08 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-07-31 02:58 - 2018-08-01 02:45 - 000698524 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-07-31 02:58 - 2018-07-31 19:45 - 002451196 _____ C:\Windows\ZAM.krnl.trace
2018-07-31 02:57 - 2018-07-31 02:57 - 000000000 ____D C:\Users\admin\AppData\Local\Zemana
2018-07-31 02:35 - 2018-07-31 02:36 - 007791072 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.35.1_win64-setup.exe
2018-07-31 02:10 - 2018-07-31 02:11 - 000000342 ____H C:\Windows\Tasks\CTServiceInstaller.job
2018-07-31 01:42 - 2018-07-31 01:43 - 000240606 _____ C:\TDSSKiller.3.1.0.17_31.07.2018_01.42.21_log.txt
2018-07-31 01:21 - 2018-07-31 01:21 - 000008479 _____ C:\Users\admin\Desktop\malware scan advanced.txt
2018-07-31 01:21 - 2018-07-31 01:21 - 000000000 ____D C:\ProgramData\HitmanPro
2018-07-31 01:20 - 2018-07-31 01:20 - 000008479 _____ C:\Users\admin\Desktop\malware scan.txt
2018-07-31 01:13 - 2018-07-31 01:13 - 000003832 _____ C:\Users\admin\Desktop\Rkill.txt
2018-07-31 00:01 - 2018-07-31 00:01 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-07-31 00:00 - 2018-07-31 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-30 23:35 - 2018-07-30 23:37 - 007417040 _____ (Malwarebytes) C:\Users\admin\Desktop\adwcleaner_7.2.2.exe
2018-07-30 23:11 - 2018-07-31 14:58 - 000000000 ____D C:\Users\admin\AppData\Roaming\PioneerLog
2018-07-30 23:11 - 2018-07-30 23:11 - 000000000 ____D C:\Users\Public\Documents\Pioneer DJ
2018-07-30 23:11 - 2018-07-30 23:11 - 000000000 ____D C:\ProgramData\SafeNet Sentinel
2018-07-30 23:10 - 2018-07-30 23:10 - 000000000 ____D C:\Users\admin\Documents\rekordbox
2018-07-30 21:11 - 2018-07-30 21:11 - 000000000 ____D C:\Users\admin\AppData\Roaming\Pioneer
2018-07-30 21:06 - 2018-07-31 02:36 - 000000805 _____ C:\Users\admin\Desktop\rekordbox_x64.lnk
2018-07-30 21:06 - 2018-07-30 21:06 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer
2018-07-30 21:06 - 2018-07-30 21:06 - 000000000 ____D C:\Program Files\Pioneer
2018-07-27 15:56 - 2018-07-27 15:56 - 000002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-07-27 15:56 - 2018-07-27 15:56 - 000002175 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-07-27 15:56 - 2018-07-27 15:56 - 000000000 ____D C:\Program Files\Google
2018-07-27 15:31 - 2018-07-31 19:45 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-22 18:49 - 2018-07-22 19:00 - 000000000 ____D C:\ProgramData\ValhallaPlate
2018-07-22 18:49 - 2018-07-22 18:49 - 000000000 ____D C:\Users\admin\AppData\Roaming\ValhallaPlate
2018-07-22 18:45 - 2018-07-22 18:45 - 000000000 ____D C:\ProgramData\Valhalla DSP, LLC
2018-07-22 11:27 - 2018-07-31 00:00 - 000002327 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-20 16:53 - 2018-07-20 16:54 - 067450075 _____ C:\Users\admin\Downloads\10 Hottest Female Fighters That Will Make You Stare [720p].mp4
2018-07-20 02:18 - 2018-07-20 02:18 - 000000000 ____D C:\Users\admin\AppData\Roaming\WorldNumerology
2018-07-19 21:49 - 2018-07-20 03:14 - 000020776 ____H C:\Users\admin\Desktop\~WRL0003.tmp
2018-07-19 20:06 - 2018-07-19 20:11 - 456555387 _____ C:\Users\admin\Downloads\Scott's Modular Synth Clinic _ Introductory Class [720p].mp4
2018-07-19 19:58 - 2018-07-19 19:58 - 042263912 _____ C:\Users\admin\Downloads\How To Make A Synth Patch - Beginner Tutorial on Modular Synthesis using VCV RACK (FREE SOFTWARE) [720p].mp4
2018-07-19 16:02 - 2018-07-19 16:02 - 000204076 _____ C:\Users\admin\Downloads\car charger description s .xlsx
2018-07-18 00:20 - 2018-07-18 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
2018-07-18 00:20 - 2018-07-18 00:20 - 000000000 ____D C:\Program Files (x86)\Western Digital Corporation
2018-07-13 07:31 - 2018-07-31 06:55 - 000051392 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-07-13 00:54 - 2018-07-21 23:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-07-12 13:05 - 2018-07-12 13:05 - 000000000 ____D C:\Users\admin\Downloads\Bottlenecks Aligning UX Design with User Psychology - ePub - 6302 [ECLiPSE]
2018-07-10 15:35 - 2018-07-10 15:35 - 000001198 _____ C:\Users\admin\Desktop\BPM Counter.lnk
2018-07-10 15:35 - 2018-07-10 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abyssmedia
2018-07-10 15:35 - 2018-07-10 15:35 - 000000000 ____D C:\Program Files (x86)\Abyssmedia
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-08 13:53 - 2018-04-11 14:05 - 000000000 ____D C:\FRST
2018-08-08 13:39 - 2016-11-19 10:57 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2018-08-08 13:33 - 2015-12-12 11:43 - 000000000 ____D C:\Users\admin\AppData\Roaming\Copy
2018-08-08 13:24 - 2015-07-16 01:48 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-08-08 12:24 - 2015-07-16 01:48 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-08-08 12:20 - 2009-07-14 10:15 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-08 12:20 - 2009-07-14 10:15 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-08 12:18 - 2013-10-03 14:31 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C711035-DCC3-4341-BF02-3175187079E5}
2018-08-08 12:15 - 2009-07-14 10:43 - 000787674 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-08 12:15 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2018-08-08 12:14 - 2015-07-16 01:54 - 000000000 ____D C:\Program Files (x86)\Opera
2018-08-08 12:11 - 2018-06-25 12:07 - 000000000 ____D C:\Users\admin\AppData\Local\AVAST Software
2018-08-08 12:10 - 2016-11-16 10:40 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-08-08 12:10 - 2016-06-14 12:47 - 000000000 ____D C:\Users\admin\AppData\Roaming\Raptr
2018-08-08 12:09 - 2009-07-14 10:38 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-08-08 12:09 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-08 03:15 - 2015-07-14 11:32 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-08-08 03:14 - 2016-10-01 22:51 - 000000000 ____D C:\Users\admin\Documents\Simple Sticky Notes
2018-08-08 02:45 - 2009-07-14 10:15 - 008630816 _____ C:\Windows\system32\FNTCACHE.DAT
2018-08-07 20:55 - 2013-10-03 14:44 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc
2018-08-07 18:32 - 2015-07-15 10:55 - 000000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2018-08-07 18:21 - 2018-04-12 01:03 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-08-07 17:33 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\system32\NDF
2018-08-07 17:19 - 2014-12-12 20:14 - 000000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2018-08-07 16:46 - 2013-10-03 14:26 - 000860536 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2018-08-07 16:05 - 2015-08-14 17:41 - 000001456 _____ C:\Users\admin\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-08-07 15:23 - 2015-07-16 00:40 - 000000034 _____ C:\Users\admin\AppData\Roaming\AdobeWLCMCache.dat
2018-08-07 14:14 - 2016-10-28 15:49 - 000003420 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2018-08-07 12:17 - 2016-02-09 12:51 - 000000000 ___SD C:\Users\admin\AppData\LocalLow\Temp
2018-08-07 12:16 - 2017-03-13 14:14 - 000000000 ____D C:\Program Files (x86)\Windscribe
2018-08-07 04:07 - 2017-09-26 23:38 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-08-07 03:55 - 2015-10-11 01:38 - 000003465 ___SH C:\Windows\SysWOW64\win_stlthdb_sys.dat
2018-08-07 03:55 - 2015-10-11 01:38 - 000003465 ___SH C:\Users\admin\AppData\Local\win_stlthdb_sys.dat
2018-08-07 03:55 - 2015-10-11 01:38 - 000003292 ___SH C:\Users\admin\AppData\Local\win_fldb_sys.dat
2018-08-07 03:55 - 2015-10-11 01:38 - 000002772 ___SH C:\Windows\SysWOW64\win_fldb_sys.dat
2018-08-07 03:55 - 2015-10-11 01:38 - 000002568 ___SH C:\ProgramData\win_mpwd_sys.dat
2018-08-07 03:55 - 2015-10-11 01:38 - 000000700 ___SH C:\Users\admin\AppData\Local\systemFL7.dat
2018-08-07 02:37 - 2018-06-08 11:34 - 000001321 _____ C:\Users\Public\Desktop\Skype.lnk
2018-08-07 02:37 - 2018-01-09 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-08-07 02:14 - 2013-10-03 14:46 - 000000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2018-08-05 22:52 - 2013-10-03 14:40 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-08-04 21:23 - 2015-07-15 11:05 - 000000000 ____D C:\Users\admin\AppData\Roaming\FileZilla
2018-08-04 20:51 - 2015-11-23 11:51 - 000000000 ____D C:\Users\admin\AppData\Roaming\PrimoPDF
2018-08-04 19:45 - 2016-12-15 13:43 - 000000000 ____D C:\Users\admin\AppData\Local\FileZilla
2018-08-04 19:27 - 2015-07-15 11:05 - 000002108 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2018-08-04 19:27 - 2015-07-15 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-08-04 19:27 - 2015-07-15 11:05 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2018-08-04 14:19 - 2017-09-09 00:26 - 000000000 ____D C:\Users\admin\Documents\Tencent Files
2018-08-04 14:07 - 2016-04-08 23:23 - 000004450 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-08-04 14:07 - 2013-10-03 14:51 - 000000000 ____D C:\Users\admin\AppData\Local\Adobe
2018-08-04 14:07 - 2013-10-03 14:40 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-08-04 14:07 - 2013-10-03 14:40 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-04 14:07 - 2013-10-03 14:40 - 000000000 ____D C:\Windows\system32\Macromed
2018-08-03 10:56 - 2013-10-03 14:40 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-02 22:47 - 2017-10-08 15:56 - 000000000 ____D C:\Users\admin\AppData\Roaming\WordPress.com
2018-08-01 19:10 - 2017-09-02 22:20 - 000012920 _____ C:\Windows\SysWOW64\qengineOff.ini
2018-08-01 19:10 - 2017-09-02 22:20 - 000012920 _____ C:\Windows\system32\qengineOff.ini
2018-08-01 19:10 - 2017-09-02 22:18 - 000000000 ____D C:\ProgramData\Qustodio
2018-08-01 19:10 - 2015-12-12 11:43 - 000000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2018-08-01 17:46 - 2014-05-03 00:47 - 000000000 ____D C:\ProgramData\TEMP
2018-08-01 09:25 - 2015-07-16 01:48 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-07-31 19:45 - 2015-07-19 15:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-31 19:39 - 2013-10-03 14:23 - 000000000 ____D C:\Users\admin
2018-07-31 15:06 - 2018-04-12 01:03 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-07-31 15:06 - 2018-04-09 14:02 - 000003458 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-admin-PC-admin
2018-07-31 15:06 - 2018-03-31 23:29 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-31 15:06 - 2017-03-28 19:43 - 000003294 _____ C:\Windows\System32\Tasks\{822DD3BB-AF44-46F7-801B-AAB2F89C8299}
2018-07-31 15:06 - 2016-11-14 21:29 - 000003538 _____ C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2018-07-31 15:06 - 2016-09-29 13:18 - 000003298 _____ C:\Windows\System32\Tasks\IntelBootstrapCCDashExe
2018-07-31 15:06 - 2016-09-21 00:00 - 000003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2018-07-31 15:06 - 2016-05-29 12:42 - 000003814 _____ C:\Windows\System32\Tasks\CTServiceInstaller
2018-07-31 15:06 - 2016-02-23 23:40 - 000003182 _____ C:\Windows\System32\Tasks\{68AB93FC-B0D3-44E2-9018-1D061AF7E310}
2018-07-31 15:06 - 2016-02-01 18:15 - 000003654 _____ C:\Windows\System32\Tasks\Red Giant Link
2018-07-31 15:06 - 2015-07-16 01:55 - 000003820 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1436991915
2018-07-31 15:06 - 2015-07-16 01:48 - 000003912 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-07-31 15:06 - 2015-07-16 01:48 - 000003660 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-07-31 15:06 - 2015-07-14 12:22 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-07-31 15:06 - 2015-07-14 11:31 - 000003272 _____ C:\Windows\System32\Tasks\SamsungMagician
2018-07-31 15:06 - 2014-12-12 19:51 - 000003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2018-07-31 15:06 - 2013-10-03 14:40 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-31 15:06 - 2013-10-03 14:40 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-31 11:28 - 2015-07-16 00:50 - 000000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2018-07-31 02:02 - 2018-04-24 22:59 - 000000169 _____ C:\Users\admin\BullseyeCoverageError.txt
2018-07-31 01:39 - 2018-05-18 13:49 - 000000000 ____D C:\ProgramData\KMSAutoS
2018-07-31 00:01 - 2018-05-18 13:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-31 00:01 - 2009-07-14 08:50 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-07-31 00:00 - 2018-05-18 13:44 - 000002390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-07-31 00:00 - 2018-05-18 13:44 - 000002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-31 00:00 - 2018-05-18 13:44 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-31 00:00 - 2018-05-18 13:44 - 000002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-31 00:00 - 2018-05-18 13:44 - 000002347 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-31 00:00 - 2018-05-18 13:44 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-31 00:00 - 2018-05-18 13:44 - 000002335 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-30 23:59 - 2018-05-15 14:05 - 000000000 ____D C:\Program Files\Microsoft Office
2018-07-30 23:46 - 2015-07-15 23:28 - 000000000 ____D C:\Users\admin\AppData\Roaming\Lavasoft
2018-07-30 23:46 - 2015-07-15 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-07-30 23:46 - 2015-07-15 23:28 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2018-07-30 23:46 - 2015-07-15 23:27 - 000000000 ____D C:\ProgramData\Lavasoft
2018-07-30 23:37 - 2018-04-10 16:59 - 000000000 ____D C:\AdwCleaner
2018-07-30 17:58 - 2013-10-03 14:44 - 000000000 ____D C:\Program Files (x86)\The KMPlayer
2018-07-30 16:10 - 2018-04-10 19:05 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-07-27 15:37 - 2018-05-15 14:55 - 000000000 ____D C:\Windows\AAct_Tools
2018-07-23 22:19 - 2018-04-12 01:03 - 000467064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-07-22 18:56 - 2018-01-03 00:07 - 000000000 ____D C:\Users\admin\AppData\Roaming\Ample Sound
2018-07-22 18:52 - 2016-01-21 19:42 - 000000000 ____D C:\Program Files\VSTPlugIns
2018-07-22 11:25 - 2013-10-03 14:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-17 16:46 - 2016-05-16 15:14 - 000000000 ____D C:\Users\admin\AppData\LocalLow\WebEx
2018-07-17 03:16 - 2018-05-18 13:05 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-07-14 11:26 - 2015-08-26 23:22 - 000000000 ___RD C:\Users\admin\Dropbox
 
==================== Files in the root of some directories =======
 
2018-04-26 13:48 - 2018-04-26 13:48 - 000021368 _____ (Schneider Electric) C:\Users\admin\en_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000021368 _____ (Schneider Electric) C:\Users\admin\es_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000021880 _____ (Schneider Electric) C:\Users\admin\fr_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000021880 _____ (Schneider Electric) C:\Users\admin\grm_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000021368 _____ (Schneider Electric) C:\Users\admin\it_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000020344 _____ (Schneider Electric) C:\Users\admin\jp_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 001079808 _____ (Microsoft Corporation) C:\Users\admin\mfc80u.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000626688 _____ (Microsoft Corporation) C:\Users\admin\msvcr80.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 013923704 _____ (Schneider Electric) C:\Users\admin\PCPE Setup.exe
2018-04-26 13:48 - 2018-04-26 13:48 - 000021368 _____ (Schneider Electric) C:\Users\admin\pt_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000018808 _____ () C:\Users\admin\ResourceReader.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000020856 _____ (Schneider Electric) C:\Users\admin\ru_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000019832 _____ (Schneider Electric) C:\Users\admin\zh_res.dll
2015-10-11 01:38 - 2018-08-07 03:55 - 000002568 ___SH () C:\ProgramData\win_mpwd_sys.dat
2014-05-03 00:50 - 2009-06-25 21:56 - 000488392 _____ (Softtouch Software Design) C:\Program Files (x86)\Hidden Files Scanner.exe
2014-05-03 00:50 - 2012-01-02 02:21 - 001647000 _____ (IObit) C:\Program Files (x86)\iobit-uninstaller.exe
2015-07-16 00:40 - 2018-08-07 15:23 - 000000034 _____ () C:\Users\admin\AppData\Roaming\AdobeWLCMCache.dat
2016-05-08 03:43 - 2016-05-08 03:43 - 000000112 _____ () C:\Users\admin\AppData\Roaming\JP2K CS6 Prefs
2016-04-29 20:07 - 2016-04-29 21:00 - 000000009 _____ () C:\Users\admin\AppData\Roaming\update.dat
2017-07-29 23:36 - 2017-07-29 23:36 - 000000009 ___SH () C:\Users\admin\AppData\Roaming\windata.xpd
2016-06-09 22:03 - 2016-06-09 22:03 - 266040255 _____ () C:\Users\admin\AppData\Local\ACCCx3_6_0_248.zip.aamdownload
2016-06-09 22:03 - 2016-06-09 22:03 - 000003014 _____ () C:\Users\admin\AppData\Local\ACCCx3_6_0_248.zip.aamdownload.aamd
2018-03-14 20:03 - 2018-03-14 20:03 - 366870165 _____ () C:\Users\admin\AppData\Local\ACCCx4_4_1_298.zip.aamdownload
2018-03-14 20:03 - 2018-03-14 20:03 - 000004029 _____ () C:\Users\admin\AppData\Local\ACCCx4_4_1_298.zip.aamdownload.aamd
2015-08-14 17:41 - 2018-08-07 16:05 - 000001456 _____ () C:\Users\admin\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-14 23:26 - 2017-12-13 14:38 - 000000278 _____ () C:\Users\admin\AppData\Local\HackLogs.dat
2018-04-10 16:38 - 2018-04-10 16:38 - 000140800 _____ () C:\Users\admin\AppData\Local\installer.dat
2015-11-27 05:16 - 2017-04-11 05:05 - 000000600 _____ () C:\Users\admin\AppData\Local\PUTTY.RND
2015-07-19 16:26 - 2015-07-19 16:26 - 000000218 _____ () C:\Users\admin\AppData\Local\recently-used.xbel
2018-03-09 16:05 - 2018-03-09 16:05 - 000007605 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2015-10-11 01:38 - 2018-08-07 03:55 - 000000700 ___SH () C:\Users\admin\AppData\Local\systemFL7.dat
2017-04-18 12:47 - 2017-04-18 17:53 - 000000192 _____ () C:\Users\admin\AppData\Local\uts.ini
2015-10-11 01:38 - 2018-08-07 03:55 - 000003292 ___SH () C:\Users\admin\AppData\Local\win_fldb_sys.dat
2015-10-11 01:38 - 2018-08-07 03:55 - 000003465 ___SH () C:\Users\admin\AppData\Local\win_stlthdb_sys.dat
2015-07-25 11:46 - 2015-07-25 11:46 - 000000000 _____ () C:\Users\admin\AppData\Local\{2F5AD524-8915-4066-86B8-FFA0324509E5}
2016-10-26 01:52 - 2016-10-26 01:52 - 000000000 _____ () C:\Users\admin\AppData\Local\{4D7498BE-0D4D-42E8-8795-BD38719C6AFD}
 
Some files in TEMP:
====================
2018-07-31 02:02 - 2018-07-31 02:02 - 000008720 _____ () C:\Users\admin\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2018-08-03 11:19 - 2018-08-03 11:19 - 000031096 _____ (Tencent) C:\Users\admin\AppData\Local\Temp\qqsafeud.exe
2018-08-01 19:09 - 2018-08-01 19:09 - 003720312 _____ (Qustodio Technologies) C:\Users\admin\AppData\Local\Temp\qseac.dll
2015-11-10 20:30 - 2015-11-10 20:30 - 000030208 _____ () C:\Users\admin\AppData\Local\Temp\R2RTOOL.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-08-06 21:39
 

 

==================== End of FRST.txt ============================
 
Addition scan:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by admin (08-08-2018 13:54:23)
Running from I:\2018
Windows 7 Professional Service Pack 1 (X64) (2013-10-03 08:53:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-3425645261-2527552339-4145300971-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3425645261-2527552339-4145300971-500 - Administrator - Disabled)
Guest (S-1-5-21-3425645261-2527552339-4145300971-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )
µTorrent (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
4K Video Downloader 4.4 (HKLM-x32\...\{17CEAB50-0275-4D5E-9C11-CF2963C59FA1}) (Version: 4.4.6.2295 - Open Media LLC)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
ABBYY FineReader 11 Corporate Edition (HKLM-x32\...\{F1100000-0010-0000-0000-074957833700}) (Version: 11.0.460 - ABBYY)
Ableton Live 9 Lite (HKLM\...\{9130C3A8-3BEA-4A24-88F9-50EFB036F999}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\{F2321021-4348-11E4-B1DF-BDB415F23EC6}) (Version: 17.1.0 - Adobe Systems Incorporated)
Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB9}) (Version: 12.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_1) (Version: 19.1.1 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{FD8FD2BD-A82D-C528-EDA0-A6635F47C19C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Ample Bass P Lite II version 2.3.1 (HKLM-x32\...\{26ACA0DD-7C66-40D7-B992-CC27CA024F2A}_is1) (Version: 2.3.1 - Ample Sound Technology Co., Ltd.)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 6.2.0.0 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Ares (HKLM-x32\...\Ares) (Version: 2.4.6-Build#3072 - AresGalaxy)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.3.16 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Basic FX Suite (HKLM\...\{C22B4160-10E1-409E-9407-B643D5000AF5}) (Version: 1.0.1 - Yamaha Corporation) Hidden
Basic FX Suite (HKLM-x32\...\InstallShield_{C22B4160-10E1-409E-9407-B643D5000AF5}) (Version: 1.0.1 - Yamaha Corporation)
Bass Station 2.1 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.1 - Novation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BPM Counter 2.1.0.0 (HKLM-x32\...\BPM Counter_is1) (Version: 2.1.0.0 - AbyssMedia.com)
Business-in-a-Box 2016 (HKLM-x32\...\Business-in-a-Box 2016) (Version: 7.1.4 - Biztree Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
Capture NX-D (HKLM\...\{794529D3-D489-4CF2-B2ED-CF241809E5EC}) (Version: 1.4.3 - Nikon Corporation)
Catalyst Control Center Next Localization BR (HKLM\...\{0898F764-D48A-DE16-BEE6-3D003B701FFD}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{FDADC57D-5D12-1669-E15E-07C9D55DDD78}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{60DA95E6-3B1C-811E-9356-BD8ECE030749}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{07FC7436-E7B5-2646-BA48-32D7E9A8C666}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{E04C7D42-CAA0-CCAF-5916-E0C49E129BE2}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D9929D54-2DA6-34B9-D9B8-3AA168A12E56}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{A621A41A-BDA2-8E01-B073-394C3EEF28BF}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{581A480E-F28E-5153-8B41-F77EFBA3AD34}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{2FFD48A8-D2E9-C256-4C04-82472D531802}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{40B17B27-AE12-072A-5041-4835EA7D8530}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{3E293710-1410-87AF-B5E4-5AD5D6E3362C}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{AA758256-BAB5-5FC0-954C-DA2C953D2786}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{433E7A26-1C27-1FBB-A2A8-347D4833B34E}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07B5AB95-77AD-AC26-496B-722066229B87}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3FFB59B6-520F-37D8-DC0A-61FBC1C74DFC}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{9141FD82-4253-9CA6-1A73-31F2A2FFB0A4}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{ED18DB34-7C6F-2B5C-32DB-1E2762E432C5}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{6D08D442-48EC-FC20-A2B5-1FA8E88AD9E7}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{49691258-4A4D-F4C5-4C0C-C21860490650}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{10E9C0F4-AA89-7426-54C2-4F53DE895682}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{2522CA6D-EF72-C63C-D2B9-CDC55F01E7B1}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
CGS17_Setup_x64 (HKLM\...\{A6B7D078-EDC4-4D8A-BD3D-CB2B11440219}) (Version: 17.6 - Corel Corporation) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cold Turkey (HKLM-x32\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 2.1.3 - Cold Turkey)
Color Wheel Pro 2.0 (HKLM-x32\...\Color Wheel Pro_is1) (Version:  - QSX Software Group)
Convert EPUB to PDF 6.6.0 (HKLM-x32\...\{C860AFE7-2A99-4AF6-AB03-116EFC14AD30}) (Version: 6.6.0 - EPUB Converter)
Copy (HKLM\...\{580C53DC-DBA8-457B-8766-34C60F754BBD}) (Version: 3.2.1.481 - Barracuda Networks, Inc.)
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{3B4AE1A9-C026-4D08-8004-DA9A85A411A4}) (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - BR (x64) (HKLM\...\{FC41DFBE-6C39-4C84-949B-7CB1E6460C7A}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (HKLM\...\{2C91CB9D-323D-43E5-A433-229B71CFB773}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (HKLM\...\{9178F0A8-B6F6-4DA7-AD63-317CC4875F4B}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (HKLM\...\{BD036E95-A9CD-4DED-B744-95AB1DCAFF0C}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - CS (x64) (HKLM\...\{FA987EBD-79D8-4A2C-8018-4095AD215D3C}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - CT (x64) (HKLM\...\{1F83F9CC-9CAC-4612-859D-891654C9DC0F}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (HKLM\...\{5162E418-BB43-4C8F-ACD6-069645EF98C3}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - CZ (x64) (HKLM\...\{DCCD0EF6-DFCF-4D31-B71D-2AAC24C6AB16}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - DE (x64) (HKLM\...\{8EA70EAF-41AB-491C-A163-9BA1ADA004EB}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (HKLM\...\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (HKLM\...\{3BB8EB77-737B-4B32-BAB9-08C7110C46BD}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - ES (x64) (HKLM\...\{65168D5C-A6DD-4C1B-BF5C-860A39CDD05E}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (HKLM\...\{D10A5CFA-FE33-4F06-AE37-554604F00A52}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (HKLM\...\{5406029B-67AD-4F8E-9F2D-F1959CD9CD86}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FR (x64) (HKLM\...\{FC9BCB82-55E3-4328-868F-B19112B07B93}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IT (x64) (HKLM\...\{811C0940-9502-4A27-A9C5-A9A7ED853BD9}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - JP (x64) (HKLM\...\{5025968D-10D4-44B2-A31C-42E020CDE399}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - NL (x64) (HKLM\...\{6533647D-136C-43B8-8966-712EF27F5CEE}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (HKLM\...\{C922F325-DD52-4E22-B204-431A06E63E51}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (HKLM\...\{1A73168F-5983-46A6-AAAB-FD83BC231E02}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PL (x64) (HKLM\...\{2EF3A93A-569E-4FD7-A5DF-64AF588B4FBA}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (HKLM\...\{C57EDB5A-AC8E-4E03-9F1A-DC013A2BB9B2}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - RU (x64) (HKLM\...\{8C196158-5F89-4C88-AA33-2D57D67AA5D7}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (HKLM\...\{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (HKLM\...\{5672E0DC-7489-4EAC-8CFD-E01B3868FCB5}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (HKLM\...\{966996DC-D67C-40E3-8BD4-31FA0F093571}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.6 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.6.0.1021 - Corel Corporation)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
CVPiano-Modeled (HKLM-x32\...\CVPiano-Modeled) (Version:  - )
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dee2 (remove only) (HKLM-x32\...\Dee2) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.1.1175 - Steinberg Media Technologies GmbH)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - )
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVEREST Ultimate Edition v5.01 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.01 - Lavalys, Inc.)
FabFilter Total Bundle (HKLM\...\Total Bundle_is1) (Version: 2017.12.05 - FabFilter)
FileZilla Client 3.35.1 (HKLM-x32\...\FileZilla Client) (Version: 3.35.1 - Tim Kosse)
Filter Forge 4.008 (HKLM-x32\...\Filter Forge 4_is1) (Version:  - Filter Forge, Inc.)
Find my Font (Free) (HKLM-x32\...\Find my Font (Free)) (Version: 3.3.14 - Softonium Developments)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FlacSquisher 1.3.7 (HKLM-x32\...\FlacSquisher) (Version: 1.3.7 - FlacSquisher)
Folder Lock (HKLM-x32\...\Folder Lock) (Version:  - New Softwares.net)
FonePaw Android Data Recovery 1.3.0 (HKLM-x32\...\{10E7BD57-C5FE-484f-A3F2-A1755286C0A7}_is1) (Version: 1.3.0 - FonePaw)
FortiClient SSLVPN v4.0.2303 (HKLM-x32\...\{A34DCE59-0004-0000-2303-3F8A9926B752}) (Version: 4.0.2303 - Fortinet Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Free MP4 To MP3 Converter (HKLM-x32\...\{8CD154FF-D5CC-4960-A483-90C556620658}) (Version: 2.0.0 - Free MP4 To MP3 Converter)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
glimpses (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\glimpses) (Version: 0.4.0.39922 - glimpses)
GnuCash 2.6.7 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.)
Google Earth (HKLM-x32\...\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}) (Version: 4.2.198.2451 - Google)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8301}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
High-Definition Video Playback (HKLM-x32\...\{9193490D-5229-4FC4-9BB9-A6D63C09574A}) (Version: 11.1.10400.2.65 - Nero AG) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
IETester v0.5.4 (remove only) (HKLM-x32\...\IETester) (Version: 0.5.4 - Core Services)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.4.65 - Intel Corporation)
Intel® CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 162 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
Kingo ROOT version 1.5.1.3006 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.5.1.3006 - Kingosoft Technology Ltd.)
K-Lite Mega Codec Pack 11.2.8 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.8 - )
KORG Legacy Collection - MS-20 (HKLM\...\{D9163B30-035A-45E8-A7FB-FC3D700DA159}) (Version: 1.3.0 - KORG Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Make Your Words Sell! (HKLM-x32\...\MYWSuninstall) (Version:  - )
Max 7 (64-bit) (HKLM\...\{23261731-0D66-4BDF-8221-D388AC2863FB}) (Version: 7.3.4 - Cycling '74)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Melodics version 1.0.2032.0 (HKLM\...\Melodics_is1) (Version: 1.0.2032.0 - )
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.10325.20082 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft SharePoint Designer 2013 (HKLM\...\Office15.SharePointDesigner) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.16.1247.518 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{0E8D886F-3205-4472-848E-990F400FF218}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{46EA439E-2D16-49B6-AA80-00DE992FE7CE}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{5CBDF0C2-6FD1-4A32-9A0A-143D9AB91CCE}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{68ADAEAA-DABD-45C1-9CC2-F995407549CD}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{8DD62FB6-083D-40B9-9D7D-48449FDDDED5}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{C6DB958A-50CC-481B-9ED8-3BAD236F7B49}) (Version: 7601 - Microsoft)
MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version:  - MixMeister Technology LLC)
MobiKin Doctor for Android (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MobiKin Doctor for Android) (Version: 1.1.0.39 - MobiKin)
Mobirise4 (HKLM-x32\...\Mobirise4_is1) (Version:  - Mobirise.com)
Motifmate version 1.0.1 (HKLM-x32\...\{C23D9323-077D-44FB-96F1-B80B7E8AD3C1}_is1) (Version: 1.0.1 - Hidayat Sagita)
Mozilla Firefox 61.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x64 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
mysms version 2.1.1 (HKLM-x32\...\{48F31003-B5A3-4E17-917A-5DDFF60B9FA2}_is1) (Version: 2.1.1 - Up to Eleven Digital Solutions GmbH)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.1.177 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.9.132 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.7.0.797 - Native Instruments)
Nero 11 (HKLM-x32\...\{F021D637-BBDA-486B-96F0-225B62596C3B}) (Version: 11.0.11000 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
Network Recording Player (HKLM-x32\...\{CF0ADA34-2FFE-4798-A5FB-7374642CC3DC}) (Version: 31.20.2.18 - Cisco WebEx LLC)
NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version:  - Softperfect)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.3.0 - Nikon Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
Noun Project version 1.0 (HKLM-x32\...\645D82A9-AA15-40F4-8436-8B311D62480E_is1) (Version: 1.0 - Noun Project)
Novation USB Audio Driver 2.7 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.7 - Novation DMS Ltd.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.10325.20082 - Microsoft Corporation) Hidden
Office Tab (HKLM\...\{DE469D65-1DEB-4058-BF95-C642D733668D}_is1) (Version: 11.00 - Addin Technology Inc.)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PCDJ DEX 3  (HKLM-x32\...\PCDJdex3_is1) (Version:  - PCDJ)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.2.2 - Nikon Corporation)
Pingendo (HKLM-x32\...\Pingendo 4) (Version: 2.0 - Pingendo)
Pioneer MIX 64bit Driver (HKLM\...\Pioneer MIX) (Version: 5.3.0.0036 - Pioneer DJ Corporation.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
PrimoPDF -- by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)
PSD Repair Kit 2.1 (HKLM-x32\...\PSD Repair Kit_is1) (Version:  - Recovery Toolbox, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Qustodio (HKLM-x32\...\Qustodio) (Version:  - Qustodio)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.11-r125663-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.0.34 - Red Giant, LLC)
rekordbox 5.3.0 64bit (HKLM\...\Pioneer rekordbox 5.3.0) (Version: 5.3.0.0036 - Pioneer DJ)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
R-Studio 7.2 (HKLM-x32\...\R-Studio 7.2NSIS) (Version: 7.2.155105 - R-Tools Technology Inc.)
Ruby 2.2.5-p319-x64 (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\{A98E44F8-6401-400F-830E-B1A2919C22BD}_is1) (Version: 2.2.5-p319 - RubyInstaller Team)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0017-0000-1000-0000000FF1CE}_Office15.SharePointDesigner_{67A083C6-0A9E-48E8-BC90-C1EDA8028ED4}) (Version:  - Microsoft)
Simple Sticky Notes 3.5 (HKLM-x32\...\Simple Sticky Notes_is1) (Version:  - Simnet Ltd.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.27 (HKLM-x32\...\Skype_is1) (Version: 8.27 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.17.201512161456 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
STCServ (HKLM\...\{A954D353-9DAF-4916-8E71-F1E959EBCD1E}) (Version: 3.0.0.1783 - Intel Corporation) Hidden
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Download Assistant (HKLM-x32\...\Steinberg Download Assistant) (Version: 1.12.1 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Steinberg UR242 Applications (HKLM\...\{8866D66E-BFFE-47B1-972F-A59FB9CD6452}) (Version: 1.0.1 - Yamaha Corporation) Hidden
Steinberg UR242 Applications (HKLM-x32\...\InstallShield_{8866D66E-BFFE-47B1-972F-A59FB9CD6452}) (Version: 1.0.1 - Yamaha Corporation)
Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version:  - )
Synapse Audio The Legend (HKLM\...\The Legend_is1) (Version: 1.2.1 - Team V.R)
Syncrosoft License Control (HKLM-x32\...\Syncrosoft License Control) (Version:  - SIA Syncrosoft)
Synthesia (HKLM-x32\...\Synthesia) (Version: 10.3 - Synthesia LLC)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.76421 - TeamViewer)
TempoPerfect Metronome Software (HKLM-x32\...\TempoPerfect) (Version: 4.08 - NCH Software)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
TopStyle (Version 3) (HKLM-x32\...\TopStyle (Version 3)) (Version: 3.1.0 - Bradbury Software, LLC)
Trapcode Suite v12.1.6 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.6 - Red Giant, LLC)
TruePianos 1.9.5 40-day Test Version (HKLM\...\TruePianos 40-day Test Version_is1) (Version:  - 4Front Technologies)
Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.SharePointDesigner_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4011238) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{F26F0631-BD36-41CC-80B8-4E90A43A2EE0}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4011238) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{F26F0631-BD36-41CC-80B8-4E90A43A2EE0}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4011238) 64-Bit Edition (HKLM\...\{90160000-012B-0419-1000-0000000FF1CE}_Office16.PROPLUS_{F26F0631-BD36-41CC-80B8-4E90A43A2EE0}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4011238) 64-Bit Edition (HKLM\...\{90160000-012B-0422-1000-0000000FF1CE}_Office16.PROPLUS_{F26F0631-BD36-41CC-80B8-4E90A43A2EE0}) (Version:  - Microsoft)
ValhallaPlate version 1.0.0 (HKLM-x32\...\{93F8FDC3-4F25-47D1-9662-23D2131CD3E1}_is1) (Version: 1.0.0 - Valhalla DSP, LLC)
VCV Rack (HKLM\...\VCV Rack) (Version:  - VCV)
Virtual MIDI Piano Keyboard (HKLM-x32\...\Virtual MIDI Piano Keyboard) (Version: 0.6.2 - VMPK)
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Community 2017 (HKLM-x32\...\abe09f3f) (Version: 15.7.27703.2035 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
vs_filehandler_amd64 (HKLM-x32\...\{B6600254-A9D1-4265-826B-28B0E28C1F37}) (Version: 15.7.27617 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{EF15DAFE-8E43-48E6-AE94-CBA196675318}) (Version: 15.7.27617 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{8EB2C670-04C2-482D-BACD-B4095E27FD39}) (Version: 15.6.27309 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{F5BCAD30-D22C-4B08-A581-1EBE3A35C6B1}) (Version: 15.7.27617 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
V-Station 2.3 (HKLM-x32\...\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1) (Version: 2.3 - Novation)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-2) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-2) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{9ac678f8-9535-4e78-9706-4b969f03d0ba}) (Version: 2.0.1025.2130 - Lavasoft)
welcome (HKLM-x32\...\{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}) (Version: 11.0.21500.0.4 - Nero AG) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - ASUS Tek. Corporation (ATP) Mouse  (07/27/2015 7.0.0.7) (HKLM\...\A877FD5856151D202B724718A4F58CF0089A558C) (Version: 07/27/2015 7.0.0.7 - ASUS Tek. Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.82 Build 17 - Windscribe Limited)
WinHTTrack Website Copier 3.49-2 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 11.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}) (Version: 11.1.7466 - WinZip Computing, S.L. )
Wondershare Dr.Fone for Android(Build 5.6.3.27) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 5.6.3.27 - Wondershare Software Co.,Ltd.)
WordPress.com (HKLM-x32\...\WordPress.com) (Version:  - Automattic, Inc.)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yamaha Steinberg USB Driver (HKLM\...\{D4BC559E-F2C0-4BE8-9344-645D6F0D2929}) (Version: 1.9.5 - Yamaha Corporation) Hidden
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{D4BC559E-F2C0-4BE8-9344-645D6F0D2929}) (Version: 1.9.5 - Yamaha Corporation)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.4.2012.1 - URSoft, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000_Classes\CLSID\{12259DCB-7652-BA42-4A4A-FB36C150F6A0}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-24] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-24] (AVAST Software)
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-02-08] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-16] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-24] (AVAST Software)
ContextMenuHandlers1: [CopyShExt] -> {D8CAB8C2-9E58-471C-BD75-2ED1BA091CE8} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers1: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2012-01-19] (ABBYY.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2014-09-11] (Foxit Software Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-24] (AVAST Software)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers4-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-03-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [CopyShExt] -> {D8CAB8C2-9E58-471C-BD75-2ED1BA091CE8} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-09-17] (Intel Corporation)
ContextMenuHandlers5: [Run] -> {2559A1F3−21D7−11D4−BDAF−00C04F60B9F0} =>  -> No File
ContextMenuHandlers5: [Search] -> {2559A1F0−21D7−11D4−BDAF−00C04F60B9F0} =>  -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-24] (AVAST Software)
ContextMenuHandlers6: [CopyShExt] -> {D8CAB8C2-9E58-471C-BD75-2ED1BA091CE8} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ContextMenuHandlers6: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2012-01-19] (ABBYY.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02840A8A-091F-43AA-9EE8-6F22D2AC5561} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-18] (Google Inc.)
Task: {0B8F53E8-0BD3-4E03-BC1B-C363C31C5872} - System32\Tasks\AdobeGCInvoker-1.0-admin-PC-admin => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {0DD0D783-A829-4A76-8E41-62EDD7BD7488} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {13E802C2-3872-4F27-944E-CFE50AFFDDDF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-07-30] (Microsoft Corporation)
Task: {16F83433-DB3F-43CA-B544-20EF87594A2A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-08] (Piriform Ltd)
Task: {2984C8DB-4658-45F9-9DB7-CFD00BFE4437} - System32\Tasks\{68AB93FC-B0D3-44E2-9018-1D061AF7E310} => C:\Windows\system32\pcalua.exe -a "C:\Users\admin\Desktop\bluetooth soft\sp69896.exe" -d "C:\Users\admin\Desktop\bluetooth soft"
Task: {3540BB2D-25DC-42B5-824B-169808F293FA} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3425645261-2527552339-4145300971-1000 => C:\ProgramData\MEGAsync\MEGAupdater.exe [2017-10-19] (Mega Limited)
Task: {38CB3EC4-29E3-4ECE-937D-F734E894C5D1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-08-04] (Adobe Systems Incorporated)
Task: {4120B6CA-8F1B-4B45-898E-88DB55ED0E1E} - \AVG-SSU_0317tb_DELETE -> No File <==== ATTENTION
Task: {4564EF68-7DF7-4BD5-B180-DE60D44F5F95} - System32\Tasks\{822DD3BB-AF44-46F7-801B-AAB2F89C8299} => C:\Windows\system32\pcalua.exe -a "C:\Users\admin\Downloads\Password Recovery Bundle 2016\Password Recovery Bundle 2016.exe" -d "C:\Users\admin\Downloads\Password Recovery Bundle 2016"
Task: {47ACB40B-FFD2-4406-94CE-9D7381EA77CD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-06-06] (AVAST Software)
Task: {496C1FFF-F1A3-4BAB-8629-075EE60B80DF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-08] (Piriform Ltd)
Task: {52C621C9-FC3F-409A-92FD-877E1CE00D49} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\osfinstaller.exe [2018-07-30] (Microsoft Corporation)
Task: {581E3700-3422-4AF1-9012-B15B386F02B6} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2018-01-10] (Apple Inc.)
Task: {6182BDD4-03C1-4207-983F-8051355634F0} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.)
Task: {72C7A881-6934-4F01-82E7-601251A9663F} - System32\Tasks\CTServiceInstaller => C:\Program Files (x86)\Cold Turkey\\CTServiceInstaller.exe [2016-04-07] (Felix Belzile)
Task: {76C95210-82E6-4F08-A522-A84E51BE7F9B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {8B4166BB-5396-4C6B-A162-FA8B1C8FEBA3} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2016-09-22] (AsusTek)
Task: {8D5C7AA7-0D3A-499F-9B46-B012E3BE530C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {937E1FF6-2B02-403F-ADB3-D8C27CAF0B91} - System32\Tasks\Opera scheduled Autoupdate 1436991915 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {95FF0F79-9EE7-4A7C-88C1-88C37CA46AA9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {A5A9B483-593E-449F-8675-218A117BCA14} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-30] (Microsoft Corporation)
Task: {AEFC410C-DD0A-4D68-B339-00321957EBA4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-22] (Microsoft Corporation)
Task: {B2B79B6D-CC47-4BD6-A6F4-B99E9628A779} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel® Corporation)
Task: {C0D9485C-2143-49E5-ACAE-26B39385FFFF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-07-30] (Microsoft Corporation)
Task: {CDE9B9A1-BF8F-4AC3-8F40-0C720A8A5DFD} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-06-24] (AVAST Software)
Task: {D4E41DCC-C6C2-4872-BF94-6A2F7C87AE6A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {E035CA81-A42C-4146-846B-0F3CC697CA9F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-29] (Adobe Systems Incorporated)
Task: {E7797F9A-EDDD-4DF0-962F-0AFEC1CE25F7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-30] (Microsoft Corporation)
Task: {EA223253-F33E-4C19-9479-D80AAA69E445} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-18] (Google Inc.)
Task: {F5684CF2-9853-4E68-9845-2CEE01990AA5} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {FAC02C86-317C-4638-A899-979B62784B1E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {FE6E7C7B-34B8-4099-BC56-837A08328E84} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2014-09-05] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CTServiceInstaller.job => C:\Program Files (x86)\Cold Turkey\CTServiceInstaller.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\admin\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.2.5-p319-x64\Interactive Ruby.lnk -> C:\Ruby22-x64\bin\irb.bat ()
 
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.2.5-p319-x64\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby22-x64\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Nimbus Screenshot App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aecjogkncpbkjfobfnoaiepipllcadhe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-10-03 14:50 - 2012-10-04 19:49 - 000087152 _____ () C:\Windows\System32\cpwmon64.dll
2014-05-03 00:49 - 2009-07-31 07:28 - 000090624 _____ () C:\Windows\System32\Primomonnt.dll
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-04-18 12:47 - 2017-03-27 11:32 - 000017384 _____ () C:\Users\admin\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
2016-04-29 20:38 - 2017-01-25 22:01 - 000066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2018-07-23 17:12 - 2018-07-23 17:12 - 000054440 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2017-10-19 03:21 - 2017-10-19 03:21 - 000598528 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2015-04-16 01:43 - 2015-04-16 01:43 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-06-24 22:19 - 2018-06-24 22:19 - 000599768 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2016-10-23 23:12 - 2016-09-19 12:09 - 000813056 _____ () C:\Program Files\NetWorx\sqlite.dll
2018-08-03 10:56 - 2018-07-31 05:02 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libglesv2.dll
2018-08-03 10:56 - 2018-07-31 05:02 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libegl.dll
2018-06-24 22:19 - 2018-06-24 22:19 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-06-24 22:19 - 2018-06-24 22:19 - 000928984 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-06-24 22:19 - 2018-06-24 22:19 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-24 22:19 - 2018-06-24 22:19 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-06-24 22:19 - 2018-06-24 22:19 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-08-08 12:10 - 2018-08-08 12:10 - 005896848 _____ () C:\Program Files\AVAST Software\Avast\defs\18080800\algo.dll
2016-05-29 12:42 - 2014-03-02 22:35 - 000075776 _____ () C:\Program Files (x86)\Cold Turkey\PcapDotNet.Core.dll
2018-04-12 01:03 - 2018-04-12 01:03 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-06-24 22:19 - 2018-06-24 22:19 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-20 02:42 - 2017-09-20 02:42 - 067115616 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-05-08 07:07 - 2015-05-08 07:07 - 000087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 005812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2017-05-05 00:31 - 2017-05-05 00:31 - 000067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 001662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2015-05-08 07:08 - 2015-05-08 07:08 - 000110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2015-05-08 07:07 - 2015-05-08 07:07 - 000010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2015-05-08 07:19 - 2015-05-08 07:19 - 000417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2015-05-08 07:09 - 2015-05-08 07:09 - 000167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-11-14 03:29 - 2015-11-14 03:29 - 000113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-11-14 03:29 - 2015-11-14 03:29 - 002396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2015-05-08 07:07 - 2015-05-08 07:07 - 000583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2017-05-04 23:03 - 2017-05-04 23:03 - 002717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2015-05-08 07:19 - 2015-05-08 07:19 - 001213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2015-05-08 07:25 - 2015-05-08 07:25 - 000055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 001183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 001306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 001640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 001053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2017-09-06 18:11 - 2017-09-06 18:11 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-09-20 03:04 - 2017-09-20 03:04 - 000110688 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll
2017-09-06 18:11 - 2017-09-06 18:11 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2018-01-09 22:30 - 2018-08-01 00:38 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-08-07 02:37 - 2018-08-01 00:38 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-08-07 02:37 - 2018-08-01 00:38 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-01-09 22:30 - 2018-08-01 00:38 - 002723944 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-01-09 22:30 - 2018-08-01 00:38 - 000033264 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-08-07 02:37 - 2018-08-01 00:38 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-08-07 02:37 - 2018-08-01 00:38 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-08-07 02:37 - 2018-08-01 00:38 - 002352064 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\Users\admin\AppData\Local\CW8MKdOz3eydkEX:A4VMR1bqMZky8uETs6ODdus [2630]
AlternateDataStreams: C:\ProgramData\Microsoft:mTcPzRjTPWDZYLSQyfTA3D [2718]
AlternateDataStreams: C:\ProgramData\Microsoft:vHezHRZxxwHTn3Tbuctt8zz [2420]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [163]
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [376]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [308]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\qengine => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\localhost -> localhost
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-08-07 04:12 - 2018-08-07 04:12 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 125.22.47.125 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Slack.lnk => C:\Windows\pss\Slack.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AirBackupHelper => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: BIBLauncher => C:\Program Files (x86)\Business-in-a-Box 2016\BIBLauncher.exe
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Chromium => c:\users\admin\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
MSCONFIG\startupreg: Copy => "C:\Users\admin\AppData\Roaming\Copy\CopyAgent.exe"
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: join.me.launcher => C:\Users\admin\AppData\Local\join.me.launcher\join.me.launcher.exe
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: QAppTray => "C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe"
MSCONFIG\startupreg: QQIntl => "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Windscribe => C:\Program Files (x86)\Windscribe\Windscribe.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{37ECEAC0-AB95-4B56-AD1A-EE9570DCE75A}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{8C582BA6-1710-4C25-AED4-2AC80D8ADB35}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{BFF466DD-9B89-44E0-B440-08357C4DD189}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1C18BD99-8C85-4006-A3A8-EF4F572E3854}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{BD284F0E-8D77-4C28-88A4-62AC559620A9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E3B785F7-0B8C-4C58-84FB-7F8F345C4DBA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{043C9221-CBC6-4B1F-8774-F69AD3D3BF8F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E74EA1F1-4495-493B-AE7F-C8337F231162}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{5905E122-16F2-460A-A451-5E9F43332F9C}] => (Block) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{4CF0A193-6A12-4A4E-8857-4F40F69B2464}] => (Block) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{F1012D99-6C18-41DE-A06C-9666FECD23D3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{CA6EB034-8007-456B-BE4D-ADBB3B70CB34}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{17EB3DC7-A4AA-4F0C-8582-54C1BC7E4D42}] => (Block) %ProgramFiles%\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{C2445C4D-0793-4D43-9D09-3ABF52DC729A}] => (Block) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{C7547AB8-BFAD-4A8B-8617-09DCBE3528EE}] => (Block) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{9C02F32A-93DA-4BD8-84E1-7678A220F79F}] => (Block) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{A93D5526-2BC3-4EE9-ABE1-287A30E2AF3D}] => (Allow) C:\Users\admin\AppData\Local\Temp\nsc7F4E.tmp\Installer-76048000.exe
FirewallRules: [{8C5102AA-7C1E-4CD7-8190-C78EB42B4AF3}] => (Allow) C:\Users\admin\AppData\Local\Temp\nsc7F4E.tmp\Installer-76048000.exe
FirewallRules: [{77E5ED42-7DBD-4E1A-B5CF-6E81D4FE64B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ACB3012C-F37F-42E5-83D4-D59123CF9B71}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2D82E1DC-F7AD-4B15-87F3-6B35559DC716}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D138686F-2BBB-4622-9CF1-D795EC9CEFB3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4379F70F-E065-4ECF-AC61-973D0090E582}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{969144DA-9EAD-442C-B3D7-334BB27B87E5}] => (Block) C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{B72B8C94-1CC3-4533-8B9A-D4EEC89784F6}] => (Block) %ProgramFiles% (x86)\Rockstar Games\Max Payne 3\MaxPayne3.exe
FirewallRules: [{E7CF6113-FE6B-4689-BEF7-C3D9ADDAF153}] => (Block) %ProgramFiles% (x86)\Rockstar Games\Max Payne 3\PlayMaxPayne3.exe
FirewallRules: [{C7D63E5B-94FF-47B0-9560-FED1A51FCE31}] => (Block) %ProgramFiles% (x86)\Rockstar Games\Max Payne 3\MaxPayne3.exe
FirewallRules: [{0BC12591-DDCE-47DF-A36B-3F466F4B95B1}] => (Block) %ProgramFiles% (x86)\Rockstar Games\Max Payne 3\PlayMaxPayne3.exe
FirewallRules: [{42E782B5-2471-46D6-9166-24A628BCC53F}] => (Allow) C:\Users\admin\AppData\Roaming\Copy\CopyAgent.exe
FirewallRules: [{7B325C15-1693-48EF-853B-E58290EADEAF}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC\Support Files\AfterFX.exe
FirewallRules: [{B98AED66-FEB2-4783-A4C2-2CCB2F3B9DA6}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC\Support Files\AfterFX.exe
FirewallRules: [{6CE3AEFC-CB3D-46FB-9933-C5404AA4E9BA}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{54DBC99B-7206-4069-97E8-DC3725706C76}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{F0C86F97-39D2-4DEB-B3C4-C612C8F35A00}] => (Block) %SystemDrive%\Users\All Users\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{82CB8739-10C3-4FEA-8DAF-5989F85F2053}] => (Block) %SystemDrive%\Users\All Users\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{C86264C2-35E1-485F-8B60-4BBF5D3A4E5B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{48E2E7E4-2EF3-43ED-982E-6564D98EBD7B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{5ACF6BD3-802B-4D1D-8AE3-D82C24F94203}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL.exe
FirewallRules: [{7DAFC937-D519-4AD9-80C9-A03111FF6667}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL64.exe
FirewallRules: [{B7F4450A-C7FC-4BAC-80B6-FA240DB25433}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL.exe
FirewallRules: [{F3B17F6B-F97D-4049-B35E-C14355B9D9C8}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL64.exe
FirewallRules: [{AC7D6303-AE1B-4D38-988E-2A5851A2C3FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E0E69B55-9F07-4156-B5F7-08AF96C8C338}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9ED9BD5D-F731-48B1-B745-B346FCC147B8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{17585E12-FA11-452D-A7C0-9F3D2DCA6DEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2590E8C7-32E8-4DB4-949D-B0ABC65B1817}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{0EDD97F2-FA04-4CAC-A9AE-28F249E36A72}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{3A25D3EC-FF68-44C9-8257-22361C381C84}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{1E143B94-083C-4269-ADD4-C2E99D9A5EFC}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{F2B65DBB-96C8-4DD9-83B1-E6746D9CB696}] => (Allow) LPort=8317
FirewallRules: [{5903F95B-6A95-4DBD-BD87-330C895B6AA0}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{93FD86F5-E05D-4D6B-AA71-D2B8BAA5CF82}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{9D168888-E399-4C29-8E8E-8D5E10F7DCC7}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{3BA62ED7-0927-48AD-A947-9E464BADC2D4}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{CA98DC1F-7F1A-402D-AA3B-AB4E1D6525B6}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{A75AC4F9-F772-41F7-83CD-EBA4351F4C33}] => (Allow) C:\Program Files (x86)\ASUS\Share Link\ShareLink.exe
FirewallRules: [{D84D5BD8-9C9D-4641-AE50-0BA286A1E83D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EB70F318-9E04-45D5-99A3-4AF22A661B72}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{22A0C02E-F0F5-409F-BA78-F44F340E32DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{985DE91F-4D35-4D2C-8D49-A4A788E2418F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{27091ABA-9CA4-48DB-9206-1468071A79E4}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{3341E0BE-E07D-4BA4-9907-F855033C6323}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{6C80338D-54D3-43D2-835A-FE9F30EAF22F}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC\Support Files\AfterFX.exe
FirewallRules: [{C154A22D-83E0-4084-9FAE-FEE67D0ED72A}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC\Support Files\AfterFX.exe
FirewallRules: [{5A5FE7F7-9025-4C41-BFBA-3CD198C1D7EE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{3CF144EB-FFAD-46C6-8008-2543995C3939}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{40F04704-90C7-41A8-8B28-23AE48592AFE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{0F492CDA-8B04-4CD9-87C2-89FDD942A00C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{1E41DFFA-2DEB-4B3D-98BE-3E6D57A0B72F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{0C2F7663-464C-4B11-A44F-F14405327EB2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D55B0850-4589-45BE-9081-FB02EEAB1B46}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DA7EBF3C-BA24-4494-824B-8F05FE254F3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2BA206D1-7114-4930-9092-F10C649460E4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{64C9C05A-4A59-46B5-A496-D735BE4981BB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{78A19015-A668-422E-8AE4-D54E391069D8}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
FirewallRules: [{6E16C685-812E-4CF8-982B-27AD73072E39}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
FirewallRules: [{2BC4CCE2-EED9-43BB-9EF9-307A123BC5CF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C4DFA73E-4C3C-4141-A9BF-C983D835C761}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0FBA391B-775C-4CD6-8982-909AD20F35D5}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{F2C3095B-2E2D-4E70-80F3-5F697252F27A}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{17159627-268E-487E-8258-7DF328FC3EC7}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{CF480408-E873-4C7F-AC88-BFAB9C294B74}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{20B2FA6B-BFA7-4C06-9461-97B14AD220E7}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{4A6A2D3D-DE9C-46C4-B1C7-CCF3A8CA6D7F}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{E58ECEFD-7032-4303-AD8D-36C560A8464B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{793E2D35-8720-41CC-8A42-A4772F9254AD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6F058CC7-84AC-4434-9CE5-209B4B7F029F}] => (Allow) C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{5ACEA921-18FA-4297-9C48-DC0F76E4ED5A}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1FC73964-26EA-4A02-86BA-2821ED31E1A2}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2AE4D666-95B7-4BA5-B30A-1A44E9729419}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{142E6444-ED0B-4775-A3AA-66C7F9D4443B}] => (Allow) LPort=1688
FirewallRules: [{C577D418-6AD9-4D93-9F82-C93EF0258501}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B335DBDE-94BB-46BA-9F01-068810772682}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{55470E71-588A-4CA1-A960-FE48400EC23E}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8D613672-2594-4971-8112-81DF6CF48859}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{24A259B3-BED8-49C5-8D1E-B0E6606F09AB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{5B7F0EAF-6D25-4BDA-807C-72B12604261D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{935795DE-37EA-45F9-A453-0081FF9D9BAA}] => (Allow) LPort=1688
FirewallRules: [{E45F41B0-32DF-44B5-913C-EF68192F2EB7}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.3.0\rekordbox.exe
FirewallRules: [{F4ED626A-34B2-4BB8-A973-1DEE1A7E5F1A}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.3.0\psvnfsd.exe
FirewallRules: [{D477863E-3791-4DCC-B9B6-BF4A8CAB829B}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.3.0\psvlinksysmgr.exe
FirewallRules: [{D3B65CFC-80AB-4CEB-BB86-A8B60F90822A}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.3.0\edb_streamd.exe
FirewallRules: [{1FE2BDF9-FC5D-48A4-8D9D-BAF722E97D16}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.3.0\ls-unity-rekordbox-win-64bit.exe
FirewallRules: [{5AE4C096-F7F7-4CC3-81DC-F23E90527ED6}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.3.0\rbHttpServer.exe
FirewallRules: [{C6BF7E1E-5923-42E6-9EF5-A196361947AF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{117F5EE0-96BF-4771-A618-B22CBF659DC1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2C00489D-F017-438E-871A-232FC3F5CC28}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{1E9A8F96-9F60-4D88-9E41-341E1970534C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{52638A21-FF62-427C-88A7-ADD44418DC1E}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{1A480F56-F79E-4209-BDA3-9283517220C5}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{64B28ED3-C5FE-4A65-9EF1-DF026A7D6A3C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{B0E76E05-C1E1-4153-86BA-A728BDB6BAFD}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{C263B17B-9C5D-4AB3-A588-B08AB45E9E98}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{77D7D1BF-99AF-43D7-8451-7EFA1AA1DB18}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
 
==================== Restore Points =========================
 
02-08-2018 02:20:23 Scheduled Checkpoint
07-08-2018 04:06:26 Device Driver Package Install: Windscribe.com Network adapters
 
==================== Faulty Device Manager Devices =============
 
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/08/2018 12:24:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (08/08/2018 12:13:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 12.8.0.1016, time stamp: 0x51fb0c50
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00b0524d
Faulting process id: 0x1d4c
Faulting application start time: 0x01d42ee2f400d9ae
Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 4c43b890-9ad6-11e8-9e05-fcaa14c2fb92
 
Error: (08/08/2018 12:13:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (08/08/2018 12:12:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (08/08/2018 12:12:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (08/08/2018 12:12:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (08/08/2018 12:12:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (08/08/2018 12:10:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
 
System errors:
=============
Error: (08/08/2018 12:13:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/08/2018 12:10:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (08/08/2018 12:10:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (08/08/2018 12:09:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The system_http_dll service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (08/08/2018 12:09:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MxService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (08/08/2018 12:09:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppmallosayoV service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (08/08/2018 02:48:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/08/2018 02:45:30 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
 
Windows Defender:
===================================
Date: 2018-04-10 16:45:25.101
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:TrojanDownloader:Win32/Adload.DP!bit
ID:225548
Severity:High
Category:Trojan Downloader
Path Found:file:C:\Users\admin\Downloads\ESETInternetSecurityV11.0.144.0FinalLicenseFinder\ESET Internet Security 11.0.144.0 (64Bit) + Fix\License Downloader\TNod-1.6.3.1-Final-Portable\TNODUP-Portable.exe
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:
 
Date: 2018-04-10 16:37:05.874
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:TrojanDownloader:Win32/Adload.DP!bit
ID:225548
Severity:High
Category:Trojan Downloader
Path Found:file:C:\Users\admin\Downloads\ESETInternetSecurityV11.0.144.0FinalLicenseFinder\ESET Internet Security 11.0.144.0 (64Bit) + Fix\License Downloader\TNod-1.6.3.1-Final-Portable\TNODUP-Portable.exe;process:pid:7148;process:pid:7232
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2018-04-10 16:34:03.786
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:TrojanDownloader:Win32/Adload.DP!bit
ID:225548
Severity:High
Category:Trojan Downloader
Path Found:file:C:\Users\admin\Downloads\ESETInternetSecurityV11.0.144.0FinalLicenseFinder\ESET Internet Security 11.0.144.0 (64Bit) + Fix\License Downloader\TNod-1.6.3.1-Final-Portable\TNODUP-Portable.exe;process:pid:7232
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2017-04-04 10:14:01.542
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:MonitoringTool:Win32/TotalSpy
ID:17559
Severity:Severe
Category:Monitoring Software
Path Found:containerfile:C:\Users\admin\Desktop\setup (PASSW0RD = 123987).exe;file:C:\Users\admin\Desktop\setup (PASSW0RD = 123987).exe->(inno#000000)
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe
 
CodeIntegrity:
===================================
 
Date: 2018-04-13 01:25:59.788
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-13 01:25:59.772
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-13 01:23:07.209
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-13 01:23:07.209
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-12 12:28:28.240
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-12 12:28:28.240
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-11 13:09:29.349
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-11 13:09:29.349
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 46%
Total physical RAM: 16244.9 MB
Available physical RAM: 8649.93 MB
Total Virtual: 32487.99 MB
Available Virtual: 23335.55 MB
 
==================== Drives ================================
 
\\?\Volume{8c40a4c4-2c1c-11e3-9f03-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS
\\?\Volume{a578a6ce-29e7-11e5-889c-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5D5D1032)
Partition 1: (Not Active) - (Size=466.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=466.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=462.6 GB) - (Type=0F Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: F70EC33E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2CBCDF0E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=630.6 GB) - (Type=0F Extended)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.
 
==================== End of Addition.txt ============================

Attached Files


Edited by Dave_83, 08 August 2018 - 02:58 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

I don't see any active malware tho you may have some adware among your Chrome Extensions.  I see a lot of errors because of missing files and drivers (poorly uninstalled software).  Also you have Windscribe but you have turned off part of it in Msconfig. 

 

Search for

 

msconfig

hit Enter.  Under Startup, check all of the boxes then Apply.  Reboot.

 

Now uninstall

 

Windscribe

TAP-Windows 9.21.2 (may be uninstalled when Windscribe goes)
 
I would also uninstall:
 
Skype Click to Call (this is the annoying program that turns random 10 digit numbers into Skype call links.  Uninstalling it will not hurt Skype)
QQ International (Chinese email program but one with a bad rep)
Maxthon Cloud Browser (broken)
WinAmp (Using a lot of CPU for some reason)
 
You need to get an updated version of:
Intel® Rapid Storage Technology (Yours is causing problems.  You have Version: 12.8.0.1016 )
 
If your PC maker doesn't have one on their support site then you can get one from:
Often the latest version will not work on Win 7 so keep trying older versions until you find one that works.
 
 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   9.97KB   177 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you
 
In Chrome go to:
Install the Ublock Origin adblocker.
 
In Chrome, click on the three dots in the upper corner.  Select Settings then scroll to the bottom and select Advanced Settings.  Scroll down almost to the bottom where it says System. 
Turn off:
Continue running background apps when Google Chrome is closed
Close Chrome.
 
Start up Skype.  Under Tools, Options.  Uncheck
Start Skype when I start Windows.  SAVE.
(you can go back in when we are done and turn it back on if you want)
 
Reopen Chrome.

Download : ADWCleaner to your desktop.


Close  all programs, pause your anti-virus and right click on the AdwCleaner icon and select Run As Admin.

Click on I agree
Click on Scan  and follow the prompts. Let it run unhindered.
When done, click on the Clean & Repair button, and follow the prompts. Allow the system to reboot. After Reboot, AdwCleaner will popup.  Hit View Log File. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.
 


There is a program called tcpview.  https://live.sysinte...com/Tcpview.exeDownload, Save and then run it by right clicking and Run As Admin.

Then File, Save As (to your desktop), tcp , OK.  This should create a  file tcp.txt on your desktop.  Attach or copy and paste it to a reply.





Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

In addition to the above:  If you have the latest version of Skype, click on the three dots to the right of your name.  Click on Settings then on General and make it look like this:

 

 

Then close settings and reboot.


  • 0

#6
Dave_83

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Hi,

 

Sorry for replaying late. Have few questions: 

 

- Skype Click to Call - unable to find this one on my PC. - From where do i uninstall it?
 
- Downloading and updating Intel® Rapid Storage Technology won't cause any issue right,? since it is system driver update, and if not installed properly, i cannot switch back to previous one? 
 
- Run FRST and press Fix - could i know what all will be fixed?

  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

To know what the fix will do just open the fixlist.txt file in notepad.  Mostly we are removing deadwood (entries pointing to non-existant files or removed programs) tho there are some suspicious entries at AlternateDataStreams:.  Skype click to call should be under Programs and Features in the Control Panel but if you can't find it don't worry about it.


  • 0

#8
Dave_83

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

msconfig - hit Enter.  Under Startup, check all of the boxes then Apply.  Reboot. -- Done

 

Uninstall - Windscribe and TAP-Windows 9.21.2 (may be uninstalled when Windscribe goes) -- Done

 

Skype Click to Call (this is the annoying program that turns random 10 digit numbers into Skype call links.  Uninstalling it will not hurt Skype) -- I still could not find it
QQ International (Chinese email program but one with a bad rep) - Need this for office use
Maxthon Cloud Browser (broken) - Removed
WinAmp (Using a lot of CPU for some reason) - Very important, i need this one.
 
You need to get an updated version of: - Intel® Rapid Storage Technology -- Have a question here: Won't cause any issue right,? Since it is system driver update, and if not installed properly, i can switch back to previous one? 
 
Chrome and Skype - settings changes are done.
 
ADWCleaner scan,  FRST fix and last scan, tcpview details all are attached.
 

 

 

Attached Files


  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
You need to get an updated version of: - Intel® Rapid Storage Technology -- Have a question here: Won't cause any issue right,? Since it is system driver update, and if not installed properly, i can switch back to previous one?

 

 

It is currently causing problems.  A new version should be better but if there are issues after installing then go into device manager and revert back to an earlier version.

 

The TenCent program may need to be reinstalled.  AdwCleaner took out parts of it.

 

See if you can find a new version of WinAmp or reinstall the current version.

 

Do you really need Chrome to open two copies of Google US and one of Google India when it starts up?  Chrome, chrome://settings/ then scroll down to

On startup

Open a specific page or set of pages - Edit this to what you really need.

 

At the bottom of the page hit Advanced then scroll down to near the bottom and turn off:

Continue running background apps when Google Chrome is closed

 

Also under

Manage search engines

Default search engines

Go in and delete any you do not use.  I usually only leave Google.com

 

Then restart Chrome.  Do another TCP View log and post it.  Also a Process Explorer log.


  • 0

#10
Dave_83

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Again apologize for the late reply.

 

Intel® Rapid Storage Technology - installation done.

 

One more issue has cropped up, after installing a software, but removed it, but when i turn on my pc, CPU usage is at 100%.

 

If you see the attached screen of the task manager, all those task running with "Node.js: Server-side Javascript", is what i noticed is taking up CPU usage fully, once i end 2 of them CPU usage goes low. Anything can be done about it please?

Attached Thumbnails

  • CPU - issue.jpg

  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Looks like it might be an infection.  Task.exe:

https://www.bleeping...vice-12395.html

 

Can you post new FRST logs?


  • 0

#12
Dave_83

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

New FRST scans are attached.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.09.2018
Ran by admin (administrator) on ADMIN-PC (12-09-2018 12:17:23)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Felix Logic) C:\Program Files (x86)\Cold Turkey\CTService.exe
(New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
(Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Users\admin\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
(New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
(Simnet Ltd. ) C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
( New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Intel® Corporation) C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7679816 2016-10-09] (SoftPerfect)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-08-31] (AVAST Software)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-02-17] (Intel Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2018-01-23] (Raptr, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2017-11-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QAppTray] => "C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3753280 2018-09-11] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [WinFLTray] => C:\Windows\SysWow64\WinFLTray.ex
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [FLBackup] => C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.ex
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [Simple Sticky Notes] => C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe [688648 2016-08-19] (Simnet Ltd. )
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [Copy] => C:\Users\admin\AppData\Roaming\Copy\CopyAgent.exe [15414816 2015-04-07] (Barracuda Networks, Inc.)
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [electron.app.Microtask] => C:\Program Files\Microtask\Microtask.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {ad504ddb-2ab0-11e5-883e-806e6f6e6963} - "P:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 125.22.47.125 125.22.47.100
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{51F5BA4F-5C41-4B15-991C-5BC22DC84B9B}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{51F5BA4F-5C41-4B15-991C-5BC22DC84B9B}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{75F419A4-BB9E-4D74-9567-8B6A115F79C9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{82B2C6AE-A02D-450F-B201-6C9EC3411B98}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{D063286F-5185-4613-BE88-0D66833B84B0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{D063286F-5185-4613-BE88-0D66833B84B0}: [DhcpNameServer] 125.22.47.125 125.22.47.100
Tcpip\..\Interfaces\{E9D8FAE0-1661-467C-8EF2-8D081E39D7D2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{E9D8FAE0-1661-467C-8EF2-8D081E39D7D2}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{F21F4C41-0752-4707-8E43-C9B31E10FBD6}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://in.yahoo.com/?fr=fp-spt_gen
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2012-08-24] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-09-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_162\bin\ssv.dll [2018-03-29] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-09-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-03-29] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2012-08-24] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-09-10] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2018-09-10] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
IE Session Restore: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000 -> is enabled.
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-10] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-09-10] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-09-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-09-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-09-10] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 3qavl6ma.default-1523991317252
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252 [2018-09-12]
FF Homepage: Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252 -> hxxp://www.google.co.in/
FF Session Restore: Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252 -> is enabled.
FF Extension: (Cisco Webex Extension) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\ciscowebexstart1@cisco.com.xpi [2018-06-15]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2018-04-18]
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2018-08-30]
FF Extension: (Snooze Tabs) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\snoozetabs@mozilla.com.xpi [2018-04-18]
FF Extension: (Avast Online Security) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\wrc@avast.com.xpi [2018-06-24]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-18]
FF Extension: (Page Translate) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\{087ef4e1-4286-4be6-9aa3-8d6c420ee1db}.xpi [2018-04-18]
FF Extension: (ruler) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\{b1355a29-9265-4b5e-a3ad-e9d61265d5ac}.xpi [2018-05-24]
FF Extension: (Download Streamable Video) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\{b4629e37-bbce-479a-8805-8235727e5abc}.xpi [2018-08-30]
FF Extension: (Video DownloadHelper) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-30]
FF Extension: (Web Developer) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2018-09-04]
FF Extension: (Firefox Monitor) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qavl6ma.default-1523991317252\features\{20b8c5c4-a350-4728-9346-cea716360a21}\fxmonitor@mozilla.org.xpi [2018-09-10]
FF Extension: (Furniture Guru) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\extension@furnitureguru.in.xpi [2018-03-30]
FF Extension: (IndiaShopps) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\extension@indiashopps.com.xpi [2018-03-30]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-04]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5 [2018-01-25] [Legacy] [not signed]
FF HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-29] ()
FF Plugin: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-03-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-03-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-29] ()
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2014-06-06] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccpluginex.dll [2014-06-06] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2014-06-06] (Fortinet Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-10-03] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-09-23] (Nero AG)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [No File]
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [No File]
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @webex.com/npatgpc -> C:\ProgramData\WebEx\npatgpc.dll [2017-12-07] (Cisco WebEx LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2017-05-15] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-05-15] (Cisco WebEx LLC)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2018-09-11]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-18]
CHR Extension: (Nimbus Screenshot App) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecjogkncpbkjfobfnoaiepipllcadhe [2018-04-18]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-18]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-18]
CHR Extension: (Web Developer) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2018-04-18]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-18]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-08-16]
CHR Extension: (OneTab) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2018-07-31]
CHR Extension: (uBlock Origin) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-08-27]
CHR Extension: (Tampermonkey) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-08]
CHR Extension: (Dropbox for Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-04-27]
CHR Extension: (Adobe Acrobat) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-04-18]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-08-20]
CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-18]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Avast Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-18]
CHR Extension: (Web Developer Checklist) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahamcpedabephpcgkeikbclmaljebjp [2018-04-18]
CHR Extension: (Adobe Edge Inspect CC) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkjjgddem [2018-04-18]
CHR Extension: (The Great Suspender) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2018-07-31]
CHR Extension: (Spoon.net Extension) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncgbdglledmjmpnikebkagnchfdehbm [2018-04-18]
CHR Extension: (Skype) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-04-18]
CHR Extension: (Responsive Inspector) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim [2018-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-18]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-03]
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [amanlcdnojadchadmedfkljbkffioapi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcpfiabjpehfpkmlfdfdlpameaoonpdn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [imedekbkldfofmicojdclhjchkmmnklg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ndgpdmigmpcbehlcdehbbldijnnibiee] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amanlcdnojadchadmedfkljbkffioapi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hcpfiabjpehfpkmlfdfdlpameaoonpdn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [imedekbkldfofmicojdclhjchkmmnklg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ndgpdmigmpcbehlcdehbbldijnnibiee] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (SaveFrom.net helper) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2016-10-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7994520 2018-08-31] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-31] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-31] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-31] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9659456 2018-08-30] (Microsoft Corporation)
R2 CTService; C:\Program Files (x86)\Cold Turkey\\CTService.exe [329728 2016-04-07] (Felix Logic) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-09-11] (Dropbox, Inc.)
R2 FLService; C:\Windows\SysWow64\WinFLService.exe [92360 2015-10-11] (New Softwares.net)
R2 FortiSslvpnDaemon; C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [954080 2014-06-06] (Fortinet Inc.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2017-04-19] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 KingoSoftService; C:\Users\admin\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [367592 2017-03-27] ()
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-01-25] ()
S2 printercache.exe; C:\Users\admin\AppData\Roaming\Cache\daemon\printercache.exe [59392 2018-09-11] (CloudBees, Inc.) [File not signed]
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software) [File not signed]
R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [104248 2015-12-30] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [39704 2015-10-07] (Windows ® Win 7 DDK provider)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [199712 2018-08-31] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229384 2018-08-31] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201320 2018-08-31] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-08-31] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59568 2018-08-31] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [249016 2018-08-31] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163392 2018-09-11] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111864 2018-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87904 2018-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-08-31] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [467320 2018-09-04] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215728 2018-09-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381560 2018-08-31] (AVAST Software)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [75584 2015-10-07] (ASUS Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-09-27] (Sony Mobile Communications)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [40448 2017-04-19] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [72632 2016-10-04] (NetFilterSDK.com)
R2 NEWDRIVER; C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2015-10-11] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [54000 2015-06-10] (Novation DMS Ltd.)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)
S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2018-06-19] (The OpenVPN Project)
R1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [34816 2015-10-11] ()
R2 WinVDEDrv; C:\Windows\SysWow64\WinVDEdrv.sys [225680 2015-10-11] (NewSoftwares.net, Inc.)
S3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [123904 2015-07-17] (Yamaha Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-12 12:17 - 2018-09-12 12:17 - 000040538 _____ C:\Users\admin\Desktop\FRST.txt
2018-09-12 12:15 - 2018-09-12 12:15 - 002413568 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2018-09-12 12:08 - 2018-09-12 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-09-11 23:06 - 2018-09-11 23:06 - 000001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
2018-09-11 23:06 - 2018-09-11 23:06 - 000001081 _____ C:\Users\Public\Desktop\Prism Video File Converter.lnk
2018-09-11 23:06 - 2018-09-11 23:06 - 000000000 ____D C:\Users\admin\AppData\Roaming\NCH Software
2018-09-11 23:06 - 2018-09-11 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2018-09-11 23:04 - 2018-09-11 23:04 - 000000000 ____D C:\Program Files (x86)\WondershareUpdate
2018-09-11 19:16 - 2018-09-11 19:16 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-09-11 19:16 - 2018-09-11 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-11 19:16 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-09-11 18:41 - 2018-09-11 18:41 - 000000000 ___HD C:\$AV_ASW
2018-09-11 18:34 - 2018-09-11 18:42 - 000000000 ____D C:\Program Files (x86)\Sheep
2018-09-11 18:34 - 2018-09-11 18:41 - 000000000 ____D C:\Users\admin\AppData\Roaming\Windows RTL Handler
2018-09-11 18:34 - 2018-09-11 18:34 - 000000000 ____D C:\Users\admin\AppData\Local\AdvinstAnalytics
2018-09-11 18:33 - 2018-09-11 19:24 - 000000000 ____D C:\Windows\SysWOW64\jkuaqtmc
2018-09-11 18:33 - 2018-09-11 18:35 - 000000000 ____D C:\Users\admin\AppData\Local\SharePal
2018-09-11 18:33 - 2018-09-11 18:35 - 000000000 ____D C:\Users\admin\AppData\Local\IIIQF
2018-09-11 18:33 - 2018-09-11 18:33 - 000000116 _____ C:\ProgramData\ythdg.exe
2018-09-11 18:29 - 2018-09-11 18:29 - 000000205 _____ C:\ProgramData\ethrfvdggbvd.exe
2018-09-11 18:29 - 2018-09-11 18:29 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microtask
2018-09-11 18:29 - 2018-09-11 18:29 - 000000000 ____D C:\Users\admin\AppData\Roaming\Cache
2018-09-11 18:29 - 2018-09-11 18:29 - 000000000 ____D C:\Users\admin\AppData\Local\Turbo.net
2018-09-11 18:27 - 2018-09-11 18:35 - 000000000 ____D C:\Program Files\Microtask
2018-09-11 17:47 - 2018-09-11 17:48 - 000000000 ____D C:\Users\admin\Downloads\MovaviVideoSuite.15.4crack
2018-09-11 17:24 - 2018-09-11 17:24 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-09-11 17:24 - 2018-09-11 17:24 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-09-11 17:24 - 2018-09-11 17:24 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-09-11 17:24 - 2018-09-11 17:24 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-09-10 10:35 - 2018-09-10 10:35 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-09-10 10:34 - 2018-09-10 10:34 - 000002327 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-09-10 10:34 - 2018-09-10 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-09-09 22:42 - 2018-09-09 22:42 - 000000000 ____D C:\Users\admin\Downloads\Snowden (2016) [1080p] [YTS.AG]
2018-09-08 22:12 - 2018-09-08 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sylenth1
2018-09-08 19:24 - 2018-09-08 22:13 - 000000000 ____D C:\Users\admin\AppData\Roaming\WhatsApp
2018-09-08 19:24 - 2018-09-08 19:25 - 000002163 _____ C:\Users\admin\Desktop\WhatsApp.lnk
2018-09-08 19:24 - 2018-09-08 19:25 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-09-08 19:24 - 2018-09-08 19:25 - 000000000 ____D C:\Users\admin\AppData\Local\WhatsApp
2018-09-08 17:34 - 2018-09-08 17:34 - 000000000 ____D C:\Users\admin\Downloads\cybernetika-nanospheric
2018-09-07 15:10 - 2018-09-07 15:11 - 000001785 _____ C:\Users\admin\Desktop\Adobe Media Encoder.lnk
2018-09-06 17:31 - 2018-09-06 17:31 - 000000000 ____D C:\Users\admin\Creative Cloud Files
2018-09-06 16:06 - 2018-09-06 16:06 - 000000963 _____ C:\Users\admin\Desktop\Easy MP3 Cutter.lnk
2018-09-06 16:06 - 2018-09-06 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy MP3 Cutter
2018-09-06 16:06 - 2018-09-06 16:06 - 000000000 ____D C:\Program Files (x86)\Easy MP3 Cutter
2018-09-06 15:15 - 2018-09-06 15:18 - 573457036 _____ C:\Users\admin\Downloads\BBC - The Genius of Design 1 of 5 (Legendado).mp4
2018-09-03 21:38 - 2018-09-09 13:05 - 000002019 _____ C:\Users\Public\Desktop\FL Studio 20.lnk
2018-09-03 21:38 - 2018-09-03 21:38 - 000001113 _____ C:\Users\admin\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2018-08-31 21:19 - 2018-08-31 21:19 - 000003374 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
2018-08-31 21:19 - 2018-08-31 21:19 - 000003246 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
2018-08-31 21:19 - 2018-08-31 21:19 - 000002476 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-08-31 21:19 - 2018-08-31 21:19 - 000002433 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-08-31 21:19 - 2018-08-31 21:19 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-08-31 18:42 - 2018-08-31 18:42 - 000001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2018.lnk
2018-08-31 13:07 - 2018-08-31 13:07 - 000379608 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-08-30 17:59 - 2018-08-30 17:59 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp
2018-08-28 21:27 - 2018-09-10 21:24 - 000000000 ____D C:\Users\admin\AppData\Roaming\HY-Plugins
2018-08-28 21:23 - 2018-08-28 21:23 - 000000000 ____D C:\Users\admin\Documents\HY-Plugins
2018-08-28 21:23 - 2018-08-28 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HY-Plugins
2018-08-28 03:52 - 2018-08-28 03:52 - 000000000 ____D C:\ProgramData\Rob Papen
2018-08-28 03:52 - 2018-08-28 03:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rob Papen
2018-08-28 02:51 - 2018-08-28 02:51 - 000000000 ____D C:\Users\admin\Downloads\BreakbeatSamplePack1-8zip
2018-08-28 02:15 - 2018-08-28 02:20 - 000000000 ____D C:\Users\admin\AppData\Roaming\ToguAudioLine
2018-08-28 02:12 - 2018-08-28 02:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Togu Audio Line
2018-08-28 01:04 - 2018-08-28 01:04 - 000000000 ____D C:\Users\admin\Downloads\NI Reaktor 6.1.1 Symlink Installer
2018-08-27 23:11 - 2018-08-27 23:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-08-27 22:57 - 2018-09-12 00:11 - 000003132 _____ C:\Windows\System32\Tasks\klcp_update
2018-08-27 22:57 - 2018-01-28 14:30 - 000794112 _____ C:\Windows\system32\xvidcore.dll
2018-08-27 22:57 - 2018-01-28 14:30 - 000311296 _____ C:\Windows\system32\xvidvfw.dll
2018-08-27 22:57 - 2015-10-24 21:30 - 000126976 _____ C:\Windows\system32\ff_vfw.dll
2018-08-27 18:41 - 2018-08-27 18:42 - 000000000 ____D C:\ProgramData\GraphicsType
2018-08-27 18:41 - 2018-08-27 18:41 - 000001292 _____ C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk
2018-08-27 18:41 - 2018-08-27 18:41 - 000000000 ____D C:\Users\admin\Documents\Wondershare MediaServer
2018-08-27 18:41 - 2018-08-27 18:41 - 000000000 ____D C:\Users\admin\AppData\Roaming\TransferSupport
2018-08-27 17:18 - 2018-09-03 00:22 - 000001225 _____ C:\Users\Public\Desktop\Free Video Cutter Joiner.lnk
2018-08-27 17:18 - 2018-08-27 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoMedia
2018-08-27 17:18 - 2018-08-27 17:18 - 000000000 ____D C:\Program Files\DVDVideoMedia
2018-08-27 16:45 - 2018-08-27 16:45 - 000001233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2017.lnk
2018-08-27 16:45 - 2018-08-27 16:45 - 000000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2018-08-27 16:33 - 2018-08-27 16:34 - 000000000 ____D C:\Users\admin\Downloads\dztest
2018-08-27 15:42 - 2018-08-27 15:45 - 000000000 ____D C:\Users\admin\Downloads\Adobe After Effects CC 2018 (v15.1) Multilingual Update 2
2018-08-27 15:40 - 2018-08-27 15:40 - 000000000 ____D C:\Users\admin\Downloads\Adobe.After.Effects.CC.2018.v15.0.0.180.x64.mrelhlawany.com
2018-08-27 15:22 - 2018-08-27 15:22 - 000000000 ____D C:\Program Files (x86)\Pixflow Studio
2018-08-27 13:38 - 2018-08-27 13:39 - 000000000 ____D C:\Users\admin\Downloads\Adobe Acrobat Pro DC 2018.009.20050 + Pre-Cracked - [CrackzSoft]
2018-08-27 12:20 - 2018-08-27 12:20 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\admin\Desktop\flashplayer30au_ha_install.exe
2018-08-26 18:41 - 2018-08-26 18:41 - 000675984 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000457512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000386712 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000343192 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000274072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000248624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000089248 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000087352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000031896 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_1.dll
2018-08-26 18:41 - 2018-08-26 18:41 - 000028472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140_1.dll
2018-08-25 16:46 - 2018-08-25 16:46 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2018-08-25 16:46 - 2018-08-25 16:46 - 000000000 ____D C:\Program Files (x86)\NirSoft
2018-08-25 02:12 - 2018-08-25 02:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxengo
2018-08-25 02:12 - 2018-08-25 02:12 - 000000000 ____D C:\Program Files\Voxengo
2018-08-23 12:37 - 2018-08-23 12:38 - 000000000 ____D C:\Users\admin\Downloads\Adobe Photoshop CC 2018 19.1.1.42094 + Pre-Cracked - [CrackzSoft]
2018-08-23 01:24 - 2018-08-23 01:24 - 000000000 ____D C:\Users\admin\AppData\Local\ScreenCapture
2018-08-23 01:23 - 2018-08-23 01:23 - 000001161 _____ C:\Users\Public\Desktop\Movavi Screen Capture Studio 8.lnk
2018-08-23 01:23 - 2018-08-23 01:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Screen Capture Studio 8
2018-08-23 01:22 - 2018-08-23 01:24 - 000000000 ____D C:\Program Files (x86)\Movavi Screen Capture Studio 8
2018-08-23 01:22 - 2018-08-23 01:22 - 000005019 _____ C:\ProgramData\dfnpcrng.nwi
2018-08-23 01:22 - 2018-08-23 01:22 - 000000000 ____D C:\ProgramData\Movavi Screen Capture Studio 8
2018-08-23 00:51 - 2018-08-23 00:51 - 000000000 ____D C:\Users\admin\Downloads\Movavi Screen Capture Studio 9.5.0 RePack (& Portable) by TryRooM
2018-08-23 00:44 - 2018-08-23 01:24 - 000000000 ____D C:\Users\admin\AppData\Local\Movavi
2018-08-23 00:44 - 2018-08-23 00:44 - 000000000 ____D C:\Users\admin\AppData\Local\ScreenRecorder
2018-08-23 00:44 - 2018-08-23 00:44 - 000000000 ____D C:\Users\admin\AppData\Local\AgentInformer
2018-08-23 00:44 - 2018-08-23 00:44 - 000000000 ____D C:\ProgramData\Movavi
2018-08-23 00:43 - 2018-08-23 00:43 - 000004914 _____ C:\ProgramData\eslierbc.jnj
2018-08-23 00:43 - 2018-08-23 00:43 - 000000016 _____ C:\ProgramData\mntemp
2018-08-23 00:43 - 2018-08-23 00:43 - 000000000 ____D C:\ProgramData\Movavi Screen Recorder 9
2018-08-22 19:58 - 2018-08-22 19:59 - 010732412 _____ C:\Users\admin\Downloads\Hitachi NEXT_Operate & Run Services - draft_v3.pptx
2018-08-22 11:34 - 2018-09-12 12:08 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-08-22 11:34 - 2018-09-12 12:05 - 000000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-08-21 14:34 - 2018-08-21 14:34 - 000000000 ____D C:\Users\admin\Downloads\Bee.Gees_Their.Greatest.Hits_The.Record_2006
2018-08-19 14:36 - 2018-08-19 14:36 - 000021443 _____ C:\Users\admin\Desktop\TCP view.txt
2018-08-19 14:35 - 2018-08-19 14:35 - 000300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\admin\Desktop\Tcpview.exe
2018-08-19 14:32 - 2018-08-19 14:32 - 000000539 _____ C:\Users\admin\Desktop\adware scan details.txt
2018-08-19 14:28 - 2018-08-19 14:28 - 007395536 _____ (Malwarebytes) C:\Users\admin\Desktop\AdwCleaner.exe
2018-08-18 00:51 - 2018-08-18 00:53 - 000000000 ____D C:\Users\admin\Downloads\Waldorf Music - Largo 1.7.2 VSTi, VSTi3, AAX x86 x64
2018-08-15 22:32 - 2018-08-15 22:33 - 000000000 ____D C:\Users\admin\Downloads\SpyHunter 4.1.11.0 + Crack
2018-08-15 17:32 - 2018-08-15 17:32 - 005557184 ____R C:\Users\admin\Downloads\Hooked How to Build Habit-Forming Products.epub
2018-08-14 21:27 - 2018-08-14 21:28 - 000000000 ____D C:\Users\admin\Downloads\Watts Atelier Online Program
2018-08-14 14:45 - 2018-08-14 22:50 - 000000000 ____D C:\Users\admin\Downloads\VA-Essential_Techno_Vol_2-(FETTLP029)-WEB-2016-ENSLAVE
2018-08-14 14:45 - 2018-08-14 21:28 - 000000000 ____D C:\Users\admin\Downloads\VA-Techno_Pack_I-2016-BLXTN
2018-08-14 00:20 - 2018-08-14 00:20 - 000000000 ____D C:\Users\Public\PianoMarvel
2018-08-14 00:13 - 2018-08-25 00:49 - 000000000 ____D C:\Program Files (x86)\Piano Marvel Plugin
2018-08-14 00:13 - 2018-08-14 00:20 - 000002018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PianoMarvel.lnk
2018-08-14 00:13 - 2018-08-14 00:20 - 000002012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PianoMarvel.lnk
2018-08-14 00:13 - 2018-08-14 00:20 - 000002006 _____ C:\Users\Public\Desktop\PianoMarvel.lnk
2018-08-14 00:13 - 2018-08-14 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Piano Marvel Plugin
2018-08-14 00:02 - 2018-08-14 00:02 - 011838703 ____R C:\Users\admin\Downloads\Synthesia v0.8.2 - Portable Registered.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-12 12:17 - 2018-04-11 14:05 - 000000000 ____D C:\FRST
2018-09-12 12:16 - 2015-07-16 01:54 - 000000000 ____D C:\Program Files (x86)\Opera
2018-09-12 12:14 - 2013-10-03 14:31 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C711035-DCC3-4341-BF02-3175187079E5}
2018-09-12 12:13 - 2009-07-14 10:15 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-12 12:13 - 2009-07-14 10:15 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-12 12:11 - 2009-07-14 10:43 - 000787674 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-12 12:11 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2018-09-12 12:10 - 2015-12-12 11:43 - 000000000 ____D C:\Users\admin\AppData\Roaming\Copy
2018-09-12 12:08 - 2016-11-19 10:57 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2018-09-12 12:08 - 2015-07-16 01:48 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-09-12 12:07 - 2018-06-25 12:07 - 000000000 ____D C:\Users\admin\AppData\Local\AVAST Software
2018-09-12 12:06 - 2016-11-16 10:40 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-09-12 12:06 - 2016-06-14 12:47 - 000000000 ____D C:\Users\admin\AppData\Roaming\Raptr
2018-09-12 12:05 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-12 00:14 - 2015-07-14 11:32 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-09-12 00:11 - 2018-04-12 01:03 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-09-12 00:11 - 2018-04-09 14:02 - 000003458 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-admin-PC-admin
2018-09-12 00:11 - 2018-03-31 23:29 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-12 00:11 - 2017-03-28 19:43 - 000003294 _____ C:\Windows\System32\Tasks\{822DD3BB-AF44-46F7-801B-AAB2F89C8299}
2018-09-12 00:11 - 2016-11-14 21:29 - 000003538 _____ C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2018-09-12 00:11 - 2016-10-28 15:49 - 000003420 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2018-09-12 00:11 - 2016-09-29 13:18 - 000003298 _____ C:\Windows\System32\Tasks\IntelBootstrapCCDashExe
2018-09-12 00:11 - 2016-05-29 12:42 - 000003814 _____ C:\Windows\System32\Tasks\CTServiceInstaller
2018-09-12 00:11 - 2016-04-08 23:23 - 000004450 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-09-12 00:11 - 2016-02-23 23:40 - 000003182 _____ C:\Windows\System32\Tasks\{68AB93FC-B0D3-44E2-9018-1D061AF7E310}
2018-09-12 00:11 - 2016-02-01 18:15 - 000003654 _____ C:\Windows\System32\Tasks\Red Giant Link
2018-09-12 00:11 - 2015-07-16 01:55 - 000003820 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1436991915
2018-09-12 00:11 - 2015-07-16 01:48 - 000003914 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-09-12 00:11 - 2015-07-16 01:48 - 000003662 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-09-12 00:11 - 2015-07-14 12:22 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-12 00:11 - 2015-07-14 11:31 - 000003272 _____ C:\Windows\System32\Tasks\SamsungMagician
2018-09-12 00:11 - 2014-12-12 19:51 - 000003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2018-09-12 00:11 - 2013-10-03 14:40 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-09-12 00:11 - 2013-10-03 14:40 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-09-11 23:12 - 2017-01-08 01:03 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2018-09-11 23:06 - 2017-01-08 01:03 - 000000000 ____D C:\ProgramData\NCH Software
2018-09-11 23:06 - 2017-01-08 01:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2018-09-11 23:06 - 2017-01-08 01:03 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-09-11 23:04 - 2017-04-18 14:18 - 000000000 ____D C:\Users\admin\AppData\Local\Wondershare
2018-09-11 23:04 - 2017-04-18 13:07 - 000000000 ____D C:\Users\admin\AppData\Roaming\Wondershare
2018-09-11 21:07 - 2018-04-12 01:03 - 000163392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-09-11 19:16 - 2018-07-27 15:31 - 000000000 ____D C:\Program Files\Malwarebytes
2018-09-11 19:16 - 2015-07-19 15:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-11 19:12 - 2018-08-08 13:48 - 000000000 ____D C:\Program Files\CCleaner
2018-09-11 19:12 - 2018-04-10 19:05 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-09-11 19:11 - 2015-07-16 00:50 - 000000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2018-09-11 18:36 - 2015-07-15 10:55 - 000000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2018-09-11 12:02 - 2016-02-09 12:51 - 000000000 ___SD C:\Users\admin\AppData\LocalLow\Temp
2018-09-11 04:33 - 2013-10-03 14:44 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc
2018-09-10 17:18 - 2014-05-03 00:47 - 000000000 ____D C:\ProgramData\TEMP
2018-09-10 14:18 - 2015-07-16 00:40 - 000000034 _____ C:\Users\admin\AppData\Roaming\AdobeWLCMCache.dat
2018-09-10 10:35 - 2018-05-18 13:44 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-10 10:35 - 2009-07-14 08:50 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-09-10 10:34 - 2018-05-18 13:44 - 000002390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-09-10 10:34 - 2018-05-18 13:44 - 000002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-09-10 10:34 - 2018-05-18 13:44 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-09-10 10:34 - 2018-05-18 13:44 - 000002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-09-10 10:34 - 2018-05-18 13:44 - 000002347 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-09-10 10:34 - 2018-05-18 13:44 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-09-10 10:34 - 2018-05-18 13:44 - 000002335 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-09-10 10:33 - 2018-05-15 14:05 - 000000000 ____D C:\Program Files\Microsoft Office
2018-09-10 10:26 - 2013-10-03 14:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-09-09 18:29 - 2014-12-12 20:14 - 000000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2018-09-09 15:49 - 2016-01-11 18:08 - 000000000 ____D C:\ProgramData\Ableton
2018-09-09 15:20 - 2018-04-18 00:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-09-09 13:36 - 2013-10-03 14:40 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-09-09 13:27 - 2018-01-03 00:07 - 000000000 ____D C:\Users\admin\AppData\Roaming\Ample Sound
2018-09-09 13:07 - 2016-10-01 22:51 - 000000000 ____D C:\Users\admin\Documents\Simple Sticky Notes
2018-09-09 13:05 - 2017-10-24 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-09-09 13:05 - 2016-03-14 17:50 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-09-09 13:03 - 2016-03-14 17:48 - 000000000 ____D C:\Program Files (x86)\Image-Line
2018-09-08 22:12 - 2016-01-21 19:42 - 000000000 ____D C:\Program Files\VSTPlugIns
2018-09-08 21:59 - 2018-07-22 18:49 - 000000000 ____D C:\ProgramData\ValhallaPlate
2018-09-08 19:24 - 2016-02-17 17:22 - 000000000 ____D C:\Users\admin\AppData\Local\SquirrelTemp
2018-09-07 22:58 - 2013-10-03 14:44 - 000000000 ____D C:\Program Files (x86)\The KMPlayer
2018-09-07 13:12 - 2015-11-23 11:51 - 000000000 ____D C:\Users\admin\AppData\Roaming\PrimoPDF
2018-09-06 17:31 - 2013-10-03 14:23 - 000000000 ____D C:\Users\admin
2018-09-06 17:29 - 2015-07-16 00:19 - 000000000 ____D C:\Users\admin\Documents\Adobe
2018-09-05 21:07 - 2018-04-12 01:03 - 000215728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-09-05 09:26 - 2009-07-14 10:15 - 008666984 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-05 01:30 - 2015-08-14 17:41 - 000001456 _____ C:\Users\admin\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-09-05 00:00 - 2013-10-03 14:26 - 000870616 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-04 23:04 - 2018-04-12 01:03 - 000467320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-09-03 21:38 - 2016-03-13 01:05 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2018-09-03 21:38 - 2016-03-13 01:05 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2018-09-01 13:19 - 2018-06-08 11:34 - 000001281 _____ C:\Users\Public\Desktop\Skype.lnk
2018-09-01 13:19 - 2018-01-09 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-08-31 18:46 - 2015-12-18 11:07 - 000001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC.lnk
2018-08-31 18:42 - 2015-07-16 00:17 - 000000000 ____D C:\Program Files\Adobe
2018-08-31 18:42 - 2013-10-03 14:42 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-08-31 13:07 - 2018-04-12 01:03 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-08-31 13:07 - 2018-04-12 01:03 - 000381560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-08-31 13:07 - 2018-04-12 01:03 - 000346664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbloga.sys
2018-08-31 13:07 - 2018-04-12 01:03 - 000249016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-08-31 13:07 - 2018-04-12 01:03 - 000229384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2018-08-31 13:07 - 2018-04-12 01:03 - 000201320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsha.sys
2018-08-31 13:07 - 2018-04-12 01:03 - 000199712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-08-31 13:07 - 2018-04-12 01:03 - 000111864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-08-31 13:07 - 2018-04-12 01:03 - 000087904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-08-31 13:07 - 2018-04-12 01:03 - 000059568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniva.sys
2018-08-31 13:07 - 2018-04-12 01:03 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-08-31 13:07 - 2018-04-12 01:03 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-08-30 19:38 - 2017-05-02 18:28 - 000000000 ____D C:\Users\admin\dwhelper
2018-08-28 16:43 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\system32\NDF
2018-08-28 14:38 - 2016-10-25 21:40 - 000000000 ____D C:\Users\admin\AppData\LocalLow\AMD
2018-08-28 13:19 - 2018-04-18 00:43 - 000000000 ____D C:\Users\admin\AppData\Local\Deployment
2018-08-28 12:35 - 2016-04-02 23:53 - 000000000 ____D C:\Windows\pss
2018-08-27 23:26 - 2016-06-14 12:50 - 000000000 ____D C:\Users\admin\AppData\Local\AMD
2018-08-27 23:25 - 2018-05-26 13:04 - 000322081 ____N C:\Windows\Minidump\082718-15584-01.dmp
2018-08-27 23:25 - 2015-07-14 12:21 - 000000000 ____D C:\Windows\Minidump
2018-08-27 23:25 - 2015-07-14 11:26 - 000000000 ____D C:\Program Files\AMD
2018-08-27 23:24 - 2016-06-14 12:47 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-08-27 23:21 - 2017-09-26 23:38 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-08-27 23:19 - 2015-07-14 11:24 - 000000000 ____D C:\AMD
2018-08-27 23:11 - 2014-05-03 00:08 - 000000000 ____D C:\Program Files\Intel
2018-08-27 22:57 - 2015-07-15 12:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-08-27 22:57 - 2014-05-03 00:44 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2018-08-27 20:29 - 2016-05-16 15:14 - 000000000 ____D C:\Users\admin\AppData\LocalLow\WebEx
2018-08-27 18:42 - 2017-04-18 13:06 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-08-27 18:41 - 2017-04-18 13:07 - 000000000 ____D C:\ProgramData\Wondershare
2018-08-27 18:41 - 2017-04-18 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-08-27 18:41 - 2017-04-18 13:07 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-08-27 17:04 - 2013-10-03 14:46 - 000000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2018-08-27 15:36 - 2015-07-16 00:17 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-08-27 14:27 - 2015-07-15 11:05 - 000000000 ____D C:\Users\admin\AppData\Roaming\FileZilla
2018-08-26 00:01 - 2016-10-28 15:49 - 000000000 ___RD C:\Users\admin\iCloudDrive
2018-08-25 02:12 - 2016-01-21 19:42 - 000000000 ____D C:\Program Files\Common Files\VST3
2018-08-24 02:29 - 2017-10-08 15:56 - 000000000 ____D C:\Users\admin\AppData\Roaming\WordPress.com
2018-08-23 12:09 - 2015-07-15 11:05 - 000000000 ____D C:\Users\admin\AppData\Local\Ares
2018-08-20 15:45 - 2018-08-08 13:48 - 000000851 _____ C:\Users\Public\Desktop\Speccy.lnk
2018-08-19 20:25 - 2017-11-11 13:54 - 000000000 ____D C:\ProgramData\MEGAsync
2018-08-19 14:24 - 2017-09-09 00:26 - 000000000 ____D C:\Users\admin\Documents\Tencent Files
2018-08-19 14:17 - 2016-02-17 17:22 - 000000000 ____D C:\Users\admin\AppData\Local\slack
2018-08-15 16:34 - 2015-07-15 11:05 - 000002108 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2018-08-15 16:34 - 2015-07-15 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-08-15 16:34 - 2015-07-15 11:05 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2018-08-14 00:08 - 2017-10-24 23:37 - 000000000 ____D C:\Users\admin\AppData\Roaming\Synthesia

==================== Files in the root of some directories =======

2018-04-26 13:48 - 2018-04-26 13:48 - 000021368 _____ (Schneider Electric) C:\Users\admin\en_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000021368 _____ (Schneider Electric) C:\Users\admin\es_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000021880 _____ (Schneider Electric) C:\Users\admin\fr_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000021880 _____ (Schneider Electric) C:\Users\admin\grm_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000021368 _____ (Schneider Electric) C:\Users\admin\it_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000020344 _____ (Schneider Electric) C:\Users\admin\jp_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 001079808 _____ (Microsoft Corporation) C:\Users\admin\mfc80u.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000626688 _____ (Microsoft Corporation) C:\Users\admin\msvcr80.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 013923704 _____ (Schneider Electric) C:\Users\admin\PCPE Setup.exe
2018-04-26 13:48 - 2018-04-26 13:48 - 000021368 _____ (Schneider Electric) C:\Users\admin\pt_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000018808 _____ () C:\Users\admin\ResourceReader.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000020856 _____ (Schneider Electric) C:\Users\admin\ru_res.dll
2018-04-26 13:48 - 2018-04-26 13:48 - 000019832 _____ (Schneider Electric) C:\Users\admin\zh_res.dll
2018-09-11 18:29 - 2018-09-11 18:29 - 000000205 _____ () C:\ProgramData\ethrfvdggbvd.exe
2015-10-11 01:38 - 2018-08-07 03:55 - 000002568 ___SH () C:\ProgramData\win_mpwd_sys.dat
2018-09-11 18:33 - 2018-09-11 18:33 - 000000116 _____ () C:\ProgramData\ythdg.exe
2014-05-03 00:50 - 2009-06-25 21:56 - 000488392 _____ (Softtouch Software Design) C:\Program Files (x86)\Hidden Files Scanner.exe
2014-05-03 00:50 - 2012-01-02 02:21 - 001647000 _____ (IObit) C:\Program Files (x86)\iobit-uninstaller.exe
2015-07-16 00:40 - 2018-09-10 14:18 - 000000034 _____ () C:\Users\admin\AppData\Roaming\AdobeWLCMCache.dat
2016-05-08 03:43 - 2016-05-08 03:43 - 000000112 _____ () C:\Users\admin\AppData\Roaming\JP2K CS6 Prefs
2016-04-29 20:07 - 2016-04-29 21:00 - 000000009 _____ () C:\Users\admin\AppData\Roaming\update.dat
2017-07-29 23:36 - 2017-07-29 23:36 - 000000009 ___SH () C:\Users\admin\AppData\Roaming\windata.xpd
2016-06-09 22:03 - 2016-06-09 22:03 - 266040255 _____ () C:\Users\admin\AppData\Local\ACCCx3_6_0_248.zip.aamdownload
2016-06-09 22:03 - 2016-06-09 22:03 - 000003014 _____ () C:\Users\admin\AppData\Local\ACCCx3_6_0_248.zip.aamdownload.aamd
2018-03-14 20:03 - 2018-03-14 20:03 - 366870165 _____ () C:\Users\admin\AppData\Local\ACCCx4_4_1_298.zip.aamdownload
2018-03-14 20:03 - 2018-03-14 20:03 - 000004029 _____ () C:\Users\admin\AppData\Local\ACCCx4_4_1_298.zip.aamdownload.aamd
2015-08-14 17:41 - 2018-09-05 01:30 - 000001456 _____ () C:\Users\admin\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-14 23:26 - 2017-12-13 14:38 - 000000278 _____ () C:\Users\admin\AppData\Local\HackLogs.dat
2018-04-10 16:38 - 2018-04-10 16:38 - 000140800 _____ () C:\Users\admin\AppData\Local\installer.dat
2015-11-27 05:16 - 2017-04-11 05:05 - 000000600 _____ () C:\Users\admin\AppData\Local\PUTTY.RND
2015-07-19 16:26 - 2015-07-19 16:26 - 000000218 _____ () C:\Users\admin\AppData\Local\recently-used.xbel
2018-03-09 16:05 - 2018-03-09 16:05 - 000007605 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2015-10-11 01:38 - 2018-08-07 03:55 - 000000700 ___SH () C:\Users\admin\AppData\Local\systemFL7.dat
2017-04-18 12:47 - 2017-04-18 17:53 - 000000192 _____ () C:\Users\admin\AppData\Local\uts.ini
2015-10-11 01:38 - 2018-08-07 03:55 - 000003292 ___SH () C:\Users\admin\AppData\Local\win_fldb_sys.dat
2015-10-11 01:38 - 2018-08-07 03:55 - 000003465 ___SH () C:\Users\admin\AppData\Local\win_stlthdb_sys.dat
2015-07-25 11:46 - 2015-07-25 11:46 - 000000000 _____ () C:\Users\admin\AppData\Local\{2F5AD524-8915-4066-86B8-FFA0324509E5}
2016-10-26 01:52 - 2016-10-26 01:52 - 000000000 _____ () C:\Users\admin\AppData\Local\{4D7498BE-0D4D-42E8-8795-BD38719C6AFD}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-06 11:41

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.09.2018
Ran by admin (12-09-2018 12:17:54)
Running from C:\Users\admin\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-10-03 08:53:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-3425645261-2527552339-4145300971-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3425645261-2527552339-4145300971-500 - Administrator - Disabled)
Guest (S-1-5-21-3425645261-2527552339-4145300971-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )
µTorrent (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\uTorrent) (Version: 3.5.4.44520 - BitTorrent Inc.)
4K Video Downloader 4.4 (HKLM-x32\...\{17CEAB50-0275-4D5E-9C11-CF2963C59FA1}) (Version: 4.4.6.2295 - Open Media LLC)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
ABBYY FineReader 11 Corporate Edition (HKLM-x32\...\{F1100000-0010-0000-0000-074957833700}) (Version: 11.0.460 - ABBYY)
Ableton Live 9 Lite (HKLM\...\{9130C3A8-3BEA-4A24-88F9-50EFB036F999}) (Version: 9.0.0.0 - Ableton)
adobe (HKLM\...\{BE494C33-675E-437C-833B-3D37369995FC}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe After (HKLM\...\{6A915992-D887-4897-82F5-950EDD12DEB1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_0_1) (Version: 14.0.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\{F2321021-4348-11E4-B1DF-BDB415F23EC6}) (Version: 17.1.0 - Adobe Systems Incorporated)
Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB9}) (Version: 12.1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_1) (Version: 19.1.1 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{FD8FD2BD-A82D-C528-EDA0-A6635F47C19C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.5.1 - Advanced Micro Devices, Inc.)
Ample Bass P Lite II version 2.3.1 (HKLM-x32\...\{26ACA0DD-7C66-40D7-B992-CC27CA024F2A}_is1) (Version: 2.3.1 - Ample Sound Technology Co., Ltd.)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 6.2.0.0 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Ares (HKLM-x32\...\Ares) (Version: 2.4.6-Build#3072 - AresGalaxy)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.3.16 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.6.2349 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 68.0.746.60 - AVAST Software)
Basic FX Suite (HKLM\...\{C22B4160-10E1-409E-9407-B643D5000AF5}) (Version: 1.0.1 - Yamaha Corporation) Hidden
Basic FX Suite (HKLM-x32\...\InstallShield_{C22B4160-10E1-409E-9407-B643D5000AF5}) (Version: 1.0.1 - Yamaha Corporation)
Bass Station 2.1 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.1 - Novation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BPM Counter 2.1.0.0 (HKLM-x32\...\BPM Counter_is1) (Version: 2.1.0.0 - AbyssMedia.com)
Business-in-a-Box 2016 (HKLM-x32\...\Business-in-a-Box 2016) (Version: 7.1.4 - Biztree Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
Capture NX-D (HKLM\...\{794529D3-D489-4CF2-B2ED-CF241809E5EC}) (Version: 1.4.3 - Nikon Corporation)
Catalyst Control Center Next Localization BR (HKLM\...\{0898F764-D48A-DE16-BEE6-3D003B701FFD}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{FDADC57D-5D12-1669-E15E-07C9D55DDD78}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{60DA95E6-3B1C-811E-9356-BD8ECE030749}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{07FC7436-E7B5-2646-BA48-32D7E9A8C666}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{E04C7D42-CAA0-CCAF-5916-E0C49E129BE2}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D9929D54-2DA6-34B9-D9B8-3AA168A12E56}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{A621A41A-BDA2-8E01-B073-394C3EEF28BF}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{581A480E-F28E-5153-8B41-F77EFBA3AD34}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{2FFD48A8-D2E9-C256-4C04-82472D531802}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{40B17B27-AE12-072A-5041-4835EA7D8530}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{3E293710-1410-87AF-B5E4-5AD5D6E3362C}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{AA758256-BAB5-5FC0-954C-DA2C953D2786}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{433E7A26-1C27-1FBB-A2A8-347D4833B34E}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07B5AB95-77AD-AC26-496B-722066229B87}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3FFB59B6-520F-37D8-DC0A-61FBC1C74DFC}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{9141FD82-4253-9CA6-1A73-31F2A2FFB0A4}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{ED18DB34-7C6F-2B5C-32DB-1E2762E432C5}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{6D08D442-48EC-FC20-A2B5-1FA8E88AD9E7}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{49691258-4A4D-F4C5-4C0C-C21860490650}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{10E9C0F4-AA89-7426-54C2-4F53DE895682}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{2522CA6D-EF72-C63C-D2B9-CDC55F01E7B1}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
CGS17_Setup_x64 (HKLM\...\{A6B7D078-EDC4-4D8A-BD3D-CB2B11440219}) (Version: 17.6 - Corel Corporation) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cold Turkey (HKLM-x32\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 2.1.3 - Cold Turkey)
Color Wheel Pro 2.0 (HKLM-x32\...\Color Wheel Pro_is1) (Version:  - QSX Software Group)
Convert EPUB to PDF 6.6.0 (HKLM-x32\...\{C860AFE7-2A99-4AF6-AB03-116EFC14AD30}) (Version: 6.6.0 - EPUB Converter)
Copy (HKLM\...\{580C53DC-DBA8-457B-8766-34C60F754BBD}) (Version: 3.2.1.481 - Barracuda Networks, Inc.)
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{3B4AE1A9-C026-4D08-8004-DA9A85A411A4}) (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - BR (x64) (HKLM\...\{FC41DFBE-6C39-4C84-949B-7CB1E6460C7A}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (HKLM\...\{2C91CB9D-323D-43E5-A433-229B71CFB773}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (HKLM\...\{9178F0A8-B6F6-4DA7-AD63-317CC4875F4B}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (HKLM\...\{BD036E95-A9CD-4DED-B744-95AB1DCAFF0C}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - CS (x64) (HKLM\...\{FA987EBD-79D8-4A2C-8018-4095AD215D3C}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - CT (x64) (HKLM\...\{1F83F9CC-9CAC-4612-859D-891654C9DC0F}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (HKLM\...\{5162E418-BB43-4C8F-ACD6-069645EF98C3}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - CZ (x64) (HKLM\...\{DCCD0EF6-DFCF-4D31-B71D-2AAC24C6AB16}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - DE (x64) (HKLM\...\{8EA70EAF-41AB-491C-A163-9BA1ADA004EB}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (HKLM\...\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (HKLM\...\{3BB8EB77-737B-4B32-BAB9-08C7110C46BD}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - ES (x64) (HKLM\...\{65168D5C-A6DD-4C1B-BF5C-860A39CDD05E}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (HKLM\...\{D10A5CFA-FE33-4F06-AE37-554604F00A52}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (HKLM\...\{5406029B-67AD-4F8E-9F2D-F1959CD9CD86}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FR (x64) (HKLM\...\{FC9BCB82-55E3-4328-868F-B19112B07B93}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IT (x64) (HKLM\...\{811C0940-9502-4A27-A9C5-A9A7ED853BD9}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - JP (x64) (HKLM\...\{5025968D-10D4-44B2-A31C-42E020CDE399}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - NL (x64) (HKLM\...\{6533647D-136C-43B8-8966-712EF27F5CEE}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (HKLM\...\{C922F325-DD52-4E22-B204-431A06E63E51}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (HKLM\...\{1A73168F-5983-46A6-AAAB-FD83BC231E02}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PL (x64) (HKLM\...\{2EF3A93A-569E-4FD7-A5DF-64AF588B4FBA}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (HKLM\...\{C57EDB5A-AC8E-4E03-9F1A-DC013A2BB9B2}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - RU (x64) (HKLM\...\{8C196158-5F89-4C88-AA33-2D57D67AA5D7}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (HKLM\...\{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (HKLM\...\{5672E0DC-7489-4EAC-8CFD-E01B3868FCB5}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (HKLM\...\{966996DC-D67C-40E3-8BD4-31FA0F093571}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.6 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.6.0.1021 - Corel Corporation)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
CVPiano-Modeled (HKLM-x32\...\CVPiano-Modeled) (Version:  - )
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dee2 (remove only) (HKLM-x32\...\Dee2) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 57.4.89 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.127.1 - Dropbox, Inc.) Hidden
Easy MP3 Cutter 3.0 (HKLM-x32\...\Easy MP3 Cutter_is1) (Version:  - ManiacTools.com)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.1.1175 - Steinberg Media Technologies GmbH)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - )
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVEREST Ultimate Edition v5.01 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.01 - Lavalys, Inc.)
FileZilla Client 3.35.2 (HKLM-x32\...\FileZilla Client) (Version: 3.35.2 - Tim Kosse)
Filter Forge 4.008 (HKLM-x32\...\Filter Forge 4_is1) (Version:  - Filter Forge, Inc.)
Find my Font (Free) (HKLM-x32\...\Find my Font (Free)) (Version: 3.3.14 - Softonium Developments)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FlacSquisher 1.3.7 (HKLM-x32\...\FlacSquisher) (Version: 1.3.7 - FlacSquisher)
Folder Lock (HKLM-x32\...\Folder Lock) (Version:  - New Softwares.net)
FonePaw Android Data Recovery 1.3.0 (HKLM-x32\...\{10E7BD57-C5FE-484f-A3F2-A1755286C0A7}_is1) (Version: 1.3.0 - FonePaw)
FortiClient SSLVPN v4.0.2303 (HKLM-x32\...\{A34DCE59-0004-0000-2303-3F8A9926B752}) (Version: 4.0.2303 - Fortinet Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Free MP4 To MP3 Converter (HKLM-x32\...\{8CD154FF-D5CC-4960-A483-90C556620658}) (Version: 2.0.0 - Free MP4 To MP3 Converter)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video Cutter Joiner 10.6 (HKLM-x32\...\{AADB57C3-2FA6-4F38-9D92-4016017ADBDC}}_is1) (Version: 10.6 - DVDVideoMedia, Inc.)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
glimpses (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\glimpses) (Version: 0.4.0.39922 - glimpses)
GnuCash 2.6.7 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Earth (HKLM-x32\...\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}) (Version: 4.2.198.2451 - Google)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8301}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
High-Definition Video Playback (HKLM-x32\...\{9193490D-5229-4FC4-9BB9-A6D63C09574A}) (Version: 11.1.10400.2.65 - Nero AG) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
HY-Plugins HY-SeqCollection (HKLM\...\HY-SeqCollection_is1) (Version: 1.1.6 - HY-Plugins)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
IETester v0.5.4 (remove only) (HKLM-x32\...\IETester) (Version: 0.5.4 - Core Services)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.16.1063 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.4.65 - Intel Corporation)
Intel® CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 162 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
Kingo ROOT version 1.5.1.3006 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.5.1.3006 - Kingosoft Technology Ltd.)
K-Lite Mega Codec Pack 14.4.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.4.0 - KLCP)
KORG Legacy Collection - MS-20 (HKLM\...\{D9163B30-035A-45E8-A7FB-FC3D700DA159}) (Version: 1.3.0 - KORG Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Make Your Words Sell! (HKLM-x32\...\MYWSuninstall) (Version:  - )
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Max 7 (64-bit) (HKLM\...\{23261731-0D66-4BDF-8221-D388AC2863FB}) (Version: 7.3.4 - Cycling '74)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Melodics version 1.0.2032.0 (HKLM\...\Melodics_is1) (Version: 1.0.2032.0 - )
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.10730.20088 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft SharePoint Designer 2013 (HKLM\...\Office15.SharePointDesigner) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.16.1247.518 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{0E8D886F-3205-4472-848E-990F400FF218}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{46EA439E-2D16-49B6-AA80-00DE992FE7CE}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{5CBDF0C2-6FD1-4A32-9A0A-143D9AB91CCE}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{68ADAEAA-DABD-45C1-9CC2-F995407549CD}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{8DD62FB6-083D-40B9-9D7D-48449FDDDED5}) (Version: 7601 - Microsoft)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{C6DB958A-50CC-481B-9ED8-3BAD236F7B49}) (Version: 7601 - Microsoft)
MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version:  - MixMeister Technology LLC)
MobiKin Doctor for Android (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MobiKin Doctor for Android) (Version: 1.1.0.39 - MobiKin)
Mobirise4 (HKLM-x32\...\Mobirise4_is1) (Version:  - Mobirise.com)
Motifmate version 1.0.1 (HKLM-x32\...\{C23D9323-077D-44FB-96F1-B80B7E8AD3C1}_is1) (Version: 1.0.1 - Hidayat Sagita)
Motion Factory (HKLM-x32\...\{64356D78-E83D-4A5D-BC70-CC72B361306E}) (Version: 2.39 - Pixflow Studio)
Movavi Screen Capture Studio 8 (HKLM-x32\...\Movavi Screen Capture Studio 8) (Version: 8.6.0 - Movavi)
Mozilla Firefox 62.0 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0 (x64 en-US)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
mysms version 2.1.1 (HKLM-x32\...\{48F31003-B5A3-4E17-917A-5DDFF60B9FA2}_is1) (Version: 2.1.1 - Up to Eleven Digital Solutions GmbH)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.1.177 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.9.132 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.7.0.797 - Native Instruments)
Nero 11 (HKLM-x32\...\{F021D637-BBDA-486B-96F0-225B62596C3B}) (Version: 11.0.11000 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
Network Recording Player (HKLM-x32\...\{CF0ADA34-2FFE-4798-A5FB-7374642CC3DC}) (Version: 31.20.2.18 - Cisco WebEx LLC)
NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version:  - Softperfect)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.3.0 - Nikon Corporation)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
Noun Project version 1.0 (HKLM-x32\...\645D82A9-AA15-40F4-8436-8B311D62480E_is1) (Version: 1.0 - Noun Project)
Novation USB Audio Driver 2.7 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.7 - Novation DMS Ltd.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.10730.20088 - Microsoft Corporation) Hidden
Office Tab (HKLM\...\{DE469D65-1DEB-4058-BF95-C642D733668D}_is1) (Version: 11.00 - Addin Technology Inc.)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PCDJ DEX 3  (HKLM-x32\...\PCDJdex3_is1) (Version:  - PCDJ)
Piano Marvel Plugin (HKLM-x32\...\{329A7F39-9AE2-41A9-956F-04DAB42379D1}) (Version: 10.14.0 - Piano Marvel LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.2.2 - Nikon Corporation)
Pingendo (HKLM-x32\...\Pingendo 4) (Version: 2.0 - Pingendo)
Pioneer MIX 64bit Driver (HKLM\...\Pioneer MIX) (Version: 5.3.0.0036 - Pioneer DJ Corporation.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
PrimoPDF -- by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 4.16 - NCH Software)
PSD Repair Kit 2.1 (HKLM-x32\...\PSD Repair Kit_is1) (Version:  - Recovery Toolbox, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Qustodio (HKLM-x32\...\Qustodio) (Version:  - Qustodio)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.11-r125663-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.0.34 - Red Giant, LLC)
rekordbox 5.3.0 64bit (HKLM\...\Pioneer rekordbox 5.3.0) (Version: 5.3.0.0036 - Pioneer DJ)
Rob Papen Predator2 (HKLM\...\Predator2_is1) (Version: 1.0.3 - Rob Papen)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
R-Studio 7.2 (HKLM-x32\...\R-Studio 7.2NSIS) (Version: 7.2.155105 - R-Tools Technology Inc.)
Ruby 2.2.5-p319-x64 (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\{A98E44F8-6401-400F-830E-B1A2919C22BD}_is1) (Version: 2.2.5-p319 - RubyInstaller Team)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0017-0000-1000-0000000FF1CE}_Office15.SharePointDesigner_{67A083C6-0A9E-48E8-BC90-C1EDA8028ED4}) (Version:  - Microsoft)
Simple Sticky Notes 3.5 (HKLM-x32\...\Simple Sticky Notes_is1) (Version:  - Simnet Ltd.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.29 (HKLM-x32\...\Skype_is1) (Version: 8.29 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.17.201512161456 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
STCServ (HKLM\...\{A954D353-9DAF-4916-8E71-F1E959EBCD1E}) (Version: 3.0.0.1783 - Intel Corporation) Hidden
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Download Assistant (HKLM-x32\...\Steinberg Download Assistant) (Version: 1.12.1 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Steinberg UR242 Applications (HKLM\...\{8866D66E-BFFE-47B1-972F-A59FB9CD6452}) (Version: 1.0.1 - Yamaha Corporation) Hidden
Steinberg UR242 Applications (HKLM-x32\...\InstallShield_{8866D66E-BFFE-47B1-972F-A59FB9CD6452}) (Version: 1.0.1 - Yamaha Corporation)
Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version:  - )
Synapse Audio The Legend (HKLM\...\The Legend_is1) (Version: 1.2.1 - Team V.R)
Syncrosoft License Control (HKLM-x32\...\Syncrosoft License Control) (Version:  - SIA Syncrosoft)
Synthesia (HKLM-x32\...\Synthesia) (Version: 10.3 - Synthesia LLC)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.76421 - TeamViewer)
TempoPerfect Metronome Software (HKLM-x32\...\TempoPerfect) (Version: 4.08 - NCH Software)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
Togu Audio Line TAL-Mod (HKLM\...\TAL-Mod_is1) (Version: 1.1.2 - Togu Audio Line)
TopStyle (Version 3) (HKLM-x32\...\TopStyle (Version 3)) (Version: 3.1.0 - Bradbury Software, LLC)
Trapcode Suite v12.1.6 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.6 - Red Giant, LLC)
TruePianos 1.9.5 40-day Test Version (HKLM\...\TruePianos 40-day Test Version_is1) (Version:  - 4Front Technologies)
Update for Skype for Business 2015 (KB4022170) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.SharePointDesigner_{623DC402-8FDC-490D-9881-E60F5337036E}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4011238) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{F26F0631-BD36-41CC-80B8-4E90A43A2EE0}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4011238) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{F26F0631-BD36-41CC-80B8-4E90A43A2EE0}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4011238) 64-Bit Edition (HKLM\...\{90160000-012B-0419-1000-0000000FF1CE}_Office16.PROPLUS_{F26F0631-BD36-41CC-80B8-4E90A43A2EE0}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4011238) 64-Bit Edition (HKLM\...\{90160000-012B-0422-1000-0000000FF1CE}_Office16.PROPLUS_{F26F0631-BD36-41CC-80B8-4E90A43A2EE0}) (Version:  - Microsoft)
VCV Rack (HKLM\...\VCV Rack) (Version:  - VCV)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Virtual MIDI Piano Keyboard (HKLM-x32\...\Virtual MIDI Piano Keyboard) (Version: 0.6.2 - VMPK)
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Community 2017 (HKLM-x32\...\abe09f3f) (Version: 15.7.27703.2035 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voxengo SPAN (HKLM\...\Voxengo SPAN_is1) (Version: 2.7 - Voxengo)
vs_filehandler_amd64 (HKLM-x32\...\{B6600254-A9D1-4265-826B-28B0E28C1F37}) (Version: 15.7.27617 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{EF15DAFE-8E43-48E6-AE94-CBA196675318}) (Version: 15.7.27617 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{8EB2C670-04C2-482D-BACD-B4095E27FD39}) (Version: 15.6.27309 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{F5BCAD30-D22C-4B08-A581-1EBE3A35C6B1}) (Version: 15.7.27617 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
V-Station 2.3 (HKLM-x32\...\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1) (Version: 2.3 - Novation)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-2) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-2) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{9ac678f8-9535-4e78-9706-4b969f03d0ba}) (Version: 2.0.1025.2130 - Lavasoft)
welcome (HKLM-x32\...\{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}) (Version: 11.0.21500.0.4 - Nero AG) Hidden
WhatsApp (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\WhatsApp) (Version: 0.3.557 - WhatsApp)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - ASUS Tek. Corporation (ATP) Mouse  (07/27/2015 7.0.0.7) (HKLM\...\A877FD5856151D202B724718A4F58CF0089A558C) (Version: 07/27/2015 7.0.0.7 - ASUS Tek. Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinHTTrack Website Copier 3.49-2 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 11.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}) (Version: 11.1.7466 - WinZip Computing, S.L. )
Wondershare Dr.Fone for Android(Build 5.6.3.27) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 5.6.3.27 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare Video Converter Ultimate(Build 10.2.5.166) (HKLM-x32\...\Video Converter Ultimate_is1) (Version: 10.2.5.166 - Wondershare Software)
WordPress.com (HKLM-x32\...\WordPress.com) (Version:  - Automattic, Inc.)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yamaha Steinberg USB Driver (HKLM\...\{D4BC559E-F2C0-4BE8-9344-645D6F0D2929}) (Version: 1.9.5 - Yamaha Corporation) Hidden
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{D4BC559E-F2C0-4BE8-9344-645D6F0D2929}) (Version: 1.9.5 - Yamaha Corporation)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.4.2012.1 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000_Classes\CLSID\{12259DCB-7652-BA42-4A4A-FB36C150F6A0}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-31] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-31] (AVAST Software)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-02-08] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-16] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-31] (AVAST Software)
ContextMenuHandlers1: [CopyShExt] -> {D8CAB8C2-9E58-471C-BD75-2ED1BA091CE8} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ContextMenuHandlers1: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2012-01-19] (ABBYY.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2014-09-11] (Foxit Software Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-31] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers4-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-03-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [CopyShExt] -> {D8CAB8C2-9E58-471C-BD75-2ED1BA091CE8} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.24.0.dll [2018-09-11] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-09-17] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-31] (AVAST Software)
ContextMenuHandlers6: [CopyShExt] -> {D8CAB8C2-9E58-471C-BD75-2ED1BA091CE8} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ContextMenuHandlers6: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2012-01-19] (ABBYY.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02840A8A-091F-43AA-9EE8-6F22D2AC5561} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-18] (Google Inc.)
Task: {0B8F53E8-0BD3-4E03-BC1B-C363C31C5872} - System32\Tasks\AdobeGCInvoker-1.0-admin-PC-admin => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {0DD0D783-A829-4A76-8E41-62EDD7BD7488} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {28E9FDD0-0C36-4BE4-A12E-C1B8442733F9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-30] (Microsoft Corporation)
Task: {2984C8DB-4658-45F9-9DB7-CFD00BFE4437} - System32\Tasks\{68AB93FC-B0D3-44E2-9018-1D061AF7E310} => C:\Windows\system32\pcalua.exe -a "C:\Users\admin\Desktop\bluetooth soft\sp69896.exe" -d "C:\Users\admin\Desktop\bluetooth soft"
Task: {2A05313B-B7BD-4E4A-9059-427D0D82F532} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-31] (AVAST Software)
Task: {2C48BE84-EA53-4120-8663-893A52804B05} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-09-10] (Microsoft Corporation)
Task: {32F601E7-B182-45A7-8E25-8E5B128FF14A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-09-10] (Microsoft Corporation)
Task: {3540BB2D-25DC-42B5-824B-169808F293FA} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3425645261-2527552339-4145300971-1000 => C:\ProgramData\MEGAsync\MEGAupdater.exe [2018-08-19] (Mega Limited)
Task: {38CB3EC4-29E3-4ECE-937D-F734E894C5D1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-08-04] (Adobe Systems Incorporated)
Task: {4564EF68-7DF7-4BD5-B180-DE60D44F5F95} - System32\Tasks\{822DD3BB-AF44-46F7-801B-AAB2F89C8299} => C:\Windows\system32\pcalua.exe -a "C:\Users\admin\Downloads\Password Recovery Bundle 2016\Password Recovery Bundle 2016.exe" -d "C:\Users\admin\Downloads\Password Recovery Bundle 2016"
Task: {47ACB40B-FFD2-4406-94CE-9D7381EA77CD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-08-18] (AVAST Software)
Task: {581E3700-3422-4AF1-9012-B15B386F02B6} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2018-01-10] (Apple Inc.)
Task: {6182BDD4-03C1-4207-983F-8051355634F0} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.)
Task: {72C7A881-6934-4F01-82E7-601251A9663F} - System32\Tasks\CTServiceInstaller => C:\Program Files (x86)\Cold Turkey\\CTServiceInstaller.exe [2016-04-07] (Felix Belzile)
Task: {7FDBC698-131A-4F52-A3C4-F4BEC82A7852} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-09-10] (Microsoft Corporation)
Task: {878945EA-8601-40D1-81D5-CE78DE09BBBE} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-08-31] (AVAST Software)
Task: {8B4166BB-5396-4C6B-A162-FA8B1C8FEBA3} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2016-09-22] (AsusTek)
Task: {8D5C7AA7-0D3A-499F-9B46-B012E3BE530C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {911E261F-0D37-4FC1-B208-5DBFD154C746} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-30] (Microsoft Corporation)
Task: {937E1FF6-2B02-403F-ADB3-D8C27CAF0B91} - System32\Tasks\Opera scheduled Autoupdate 1436991915 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {95FF0F79-9EE7-4A7C-88C1-88C37CA46AA9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {A6AA7B33-5EEF-47C9-9EAA-100A0E2B406A} - System32\Tasks\klcp_update => CodecTweakTool.exe
Task: {AA828BBF-7A62-4518-A082-4E8CDF37BC90} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\osfinstaller.exe [2018-09-10] (Microsoft Corporation)
Task: {B2B79B6D-CC47-4BD6-A6F4-B99E9628A779} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel® Corporation)
Task: {D4E41DCC-C6C2-4872-BF94-6A2F7C87AE6A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {E035CA81-A42C-4146-846B-0F3CC697CA9F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-29] (Adobe Systems Incorporated)
Task: {E994D334-A634-4CDA-8D5B-AA3ED4D50B66} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-08-31] (AVAST Software)
Task: {EA223253-F33E-4C19-9479-D80AAA69E445} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-18] (Google Inc.)
Task: {F72FE40F-3CA6-4034-9C18-D25C12274D6C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-09-10] (Microsoft Corporation)
Task: {FAC02C86-317C-4638-A899-979B62784B1E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {FE6E7C7B-34B8-4099-BC56-837A08328E84} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2014-09-05] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.2.5-p319-x64\Interactive Ruby.lnk -> C:\Ruby22-x64\bin\irb.bat ()

ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.2.5-p319-x64\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby22-x64\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Nimbus Screenshot App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aecjogkncpbkjfobfnoaiepipllcadhe

==================== Loaded Modules (Whitelisted) ==============

2013-10-03 14:50 - 2012-10-04 19:49 - 000087152 _____ () C:\Windows\System32\cpwmon64.dll
2014-05-03 00:49 - 2009-07-31 07:28 - 000090624 _____ () C:\Windows\System32\Primomonnt.dll
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-04-18 12:47 - 2017-03-27 11:32 - 000017384 _____ () C:\Users\admin\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
2016-04-29 20:38 - 2017-01-25 22:01 - 000066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2018-08-06 13:41 - 2018-08-06 13:41 - 000054440 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2017-10-19 03:21 - 2017-10-19 03:21 - 000598528 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2015-04-16 01:43 - 2015-04-16 01:43 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-08-31 13:07 - 2018-08-31 13:07 - 000703192 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2016-10-23 23:12 - 2016-09-19 12:09 - 000813056 _____ () C:\Program Files\NetWorx\sqlite.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-08-31 13:07 - 2018-08-31 13:07 - 000575704 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-08-31 13:07 - 2018-08-31 13:07 - 000896216 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-08-31 13:07 - 2018-08-31 13:07 - 000541400 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-08-31 13:07 - 2018-08-31 13:07 - 000151768 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-08-31 13:07 - 2018-08-31 13:07 - 000986840 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-09-12 12:06 - 2018-09-12 12:06 - 005691536 _____ () C:\Program Files\AVAST Software\Avast\defs\18091114\algo.dll
2016-05-29 12:42 - 2014-03-02 22:35 - 000075776 _____ () C:\Program Files (x86)\Cold Turkey\PcapDotNet.Core.dll
2018-04-12 01:03 - 2018-04-12 01:03 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-09 22:30 - 2018-08-28 19:44 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-09-01 13:18 - 2018-08-28 19:44 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-09-01 13:18 - 2018-08-28 19:44 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2015-05-08 07:07 - 2015-05-08 07:07 - 000087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 005812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2017-05-05 00:31 - 2017-05-05 00:31 - 000067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 001662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2015-05-08 07:08 - 2015-05-08 07:08 - 000110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2015-05-08 07:07 - 2015-05-08 07:07 - 000010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2015-05-08 07:19 - 2015-05-08 07:19 - 000417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2015-05-08 07:09 - 2015-05-08 07:09 - 000167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-11-14 03:29 - 2015-11-14 03:29 - 000113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-11-14 03:29 - 2015-11-14 03:29 - 002396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2015-05-08 07:07 - 2015-05-08 07:07 - 000583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2017-05-04 23:03 - 2017-05-04 23:03 - 002717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2015-05-08 07:19 - 2015-05-08 07:19 - 001213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2015-05-08 07:25 - 2015-05-08 07:25 - 000055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 001183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 001306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 001640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 001053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2018-01-09 22:30 - 2018-08-28 19:44 - 002725400 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-01-09 22:30 - 2018-08-28 19:44 - 000033304 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-09-01 13:18 - 2018-08-28 19:44 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-09-01 13:18 - 2018-08-28 19:44 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-09-01 13:19 - 2018-08-28 19:44 - 002384840 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [163]
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [376]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\qengine => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-08-07 04:12 - 2018-09-11 18:38 - 016777739 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PianoMarvel.lnk => C:\Windows\pss\PianoMarvel.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Slack.lnk => C:\Windows\pss\Slack.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AirBackupHelper => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: BIBLauncher => C:\Program Files (x86)\Business-in-a-Box 2016\BIBLauncher.exe
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: join.me.launcher => C:\Users\admin\AppData\Local\join.me.launcher\join.me.launcher.exe
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: PianoMarvel => C:\Program Files (x86)\Piano Marvel Plugin\PianoMarvel.exe
MSCONFIG\startupreg: QQIntl => "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Windscribe => "C:\Program Files (x86)\Windscribe\Windscribe.exe" -os_restart
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{043C9221-CBC6-4B1F-8774-F69AD3D3BF8F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E74EA1F1-4495-493B-AE7F-C8337F231162}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{5905E122-16F2-460A-A451-5E9F43332F9C}] => (Block) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{4CF0A193-6A12-4A4E-8857-4F40F69B2464}] => (Block) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{F1012D99-6C18-41DE-A06C-9666FECD23D3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{CA6EB034-8007-456B-BE4D-ADBB3B70CB34}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{17EB3DC7-A4AA-4F0C-8582-54C1BC7E4D42}] => (Block) %ProgramFiles%\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{C2445C4D-0793-4D43-9D09-3ABF52DC729A}] => (Block) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{C7547AB8-BFAD-4A8B-8617-09DCBE3528EE}] => (Block) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{9C02F32A-93DA-4BD8-84E1-7678A220F79F}] => (Block) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{77E5ED42-7DBD-4E1A-B5CF-6E81D4FE64B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ACB3012C-F37F-42E5-83D4-D59123CF9B71}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2D82E1DC-F7AD-4B15-87F3-6B35559DC716}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D138686F-2BBB-4622-9CF1-D795EC9CEFB3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4379F70F-E065-4ECF-AC61-973D0090E582}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{969144DA-9EAD-442C-B3D7-334BB27B87E5}] => (Block) C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{B72B8C94-1CC3-4533-8B9A-D4EEC89784F6}] => (Block) %ProgramFiles% (x86)\Rockstar Games\Max Payne 3\MaxPayne3.exe
FirewallRules: [{E7CF6113-FE6B-4689-BEF7-C3D9ADDAF153}] => (Block) %ProgramFiles% (x86)\Rockstar Games\Max Payne 3\PlayMaxPayne3.exe
FirewallRules: [{C7D63E5B-94FF-47B0-9560-FED1A51FCE31}] => (Block) %ProgramFiles% (x86)\Rockstar Games\Max Payne 3\MaxPayne3.exe
FirewallRules: [{0BC12591-DDCE-47DF-A36B-3F466F4B95B1}] => (Block) %ProgramFiles% (x86)\Rockstar Games\Max Payne 3\PlayMaxPayne3.exe
FirewallRules: [{42E782B5-2471-46D6-9166-24A628BCC53F}] => (Allow) C:\Users\admin\AppData\Roaming\Copy\CopyAgent.exe
FirewallRules: [{7B325C15-1693-48EF-853B-E58290EADEAF}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC\Support Files\AfterFX.exe
FirewallRules: [{B98AED66-FEB2-4783-A4C2-2CCB2F3B9DA6}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC\Support Files\AfterFX.exe
FirewallRules: [{6CE3AEFC-CB3D-46FB-9933-C5404AA4E9BA}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{54DBC99B-7206-4069-97E8-DC3725706C76}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{F0C86F97-39D2-4DEB-B3C4-C612C8F35A00}] => (Block) %SystemDrive%\Users\All Users\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{82CB8739-10C3-4FEA-8DAF-5989F85F2053}] => (Block) %SystemDrive%\Users\All Users\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{5ACF6BD3-802B-4D1D-8AE3-D82C24F94203}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL.exe
FirewallRules: [{7DAFC937-D519-4AD9-80C9-A03111FF6667}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL64.exe
FirewallRules: [{B7F4450A-C7FC-4BAC-80B6-FA240DB25433}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL.exe
FirewallRules: [{F3B17F6B-F97D-4049-B35E-C14355B9D9C8}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL64.exe
FirewallRules: [{AC7D6303-AE1B-4D38-988E-2A5851A2C3FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E0E69B55-9F07-4156-B5F7-08AF96C8C338}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9ED9BD5D-F731-48B1-B745-B346FCC147B8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{17585E12-FA11-452D-A7C0-9F3D2DCA6DEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2590E8C7-32E8-4DB4-949D-B0ABC65B1817}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{0EDD97F2-FA04-4CAC-A9AE-28F249E36A72}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{3A25D3EC-FF68-44C9-8257-22361C381C84}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{1E143B94-083C-4269-ADD4-C2E99D9A5EFC}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{F2B65DBB-96C8-4DD9-83B1-E6746D9CB696}] => (Allow) LPort=8317
FirewallRules: [{5903F95B-6A95-4DBD-BD87-330C895B6AA0}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{93FD86F5-E05D-4D6B-AA71-D2B8BAA5CF82}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{9D168888-E399-4C29-8E8E-8D5E10F7DCC7}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{3BA62ED7-0927-48AD-A947-9E464BADC2D4}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{CA98DC1F-7F1A-402D-AA3B-AB4E1D6525B6}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{A75AC4F9-F772-41F7-83CD-EBA4351F4C33}] => (Allow) C:\Program Files (x86)\ASUS\Share Link\ShareLink.exe
FirewallRules: [{D84D5BD8-9C9D-4641-AE50-0BA286A1E83D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EB70F318-9E04-45D5-99A3-4AF22A661B72}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{22A0C02E-F0F5-409F-BA78-F44F340E32DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{985DE91F-4D35-4D2C-8D49-A4A788E2418F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{27091ABA-9CA4-48DB-9206-1468071A79E4}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{3341E0BE-E07D-4BA4-9907-F855033C6323}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{6C80338D-54D3-43D2-835A-FE9F30EAF22F}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC\Support Files\AfterFX.exe
FirewallRules: [{C154A22D-83E0-4084-9FAE-FEE67D0ED72A}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC\Support Files\AfterFX.exe
FirewallRules: [{5A5FE7F7-9025-4C41-BFBA-3CD198C1D7EE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{3CF144EB-FFAD-46C6-8008-2543995C3939}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{40F04704-90C7-41A8-8B28-23AE48592AFE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{0F492CDA-8B04-4CD9-87C2-89FDD942A00C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{1E41DFFA-2DEB-4B3D-98BE-3E6D57A0B72F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{0C2F7663-464C-4B11-A44F-F14405327EB2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D55B0850-4589-45BE-9081-FB02EEAB1B46}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DA7EBF3C-BA24-4494-824B-8F05FE254F3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2BA206D1-7114-4930-9092-F10C649460E4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{64C9C05A-4A59-46B5-A496-D735BE4981BB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{78A19015-A668-422E-8AE4-D54E391069D8}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
FirewallRules: [{6E16C685-812E-4CF8-982B-27AD73072E39}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
FirewallRules: [{2BC4CCE2-EED9-43BB-9EF9-307A123BC5CF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C4DFA73E-4C3C-4141-A9BF-C983D835C761}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0FBA391B-775C-4CD6-8982-909AD20F35D5}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{F2C3095B-2E2D-4E70-80F3-5F697252F27A}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{17159627-268E-487E-8258-7DF328FC3EC7}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{CF480408-E873-4C7F-AC88-BFAB9C294B74}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{20B2FA6B-BFA7-4C06-9461-97B14AD220E7}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{4A6A2D3D-DE9C-46C4-B1C7-CCF3A8CA6D7F}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{E58ECEFD-7032-4303-AD8D-36C560A8464B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{793E2D35-8720-41CC-8A42-A4772F9254AD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6F058CC7-84AC-4434-9CE5-209B4B7F029F}] => (Allow) C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{5ACEA921-18FA-4297-9C48-DC0F76E4ED5A}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1FC73964-26EA-4A02-86BA-2821ED31E1A2}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{142E6444-ED0B-4775-A3AA-66C7F9D4443B}] => (Allow) LPort=1688
FirewallRules: [{C577D418-6AD9-4D93-9F82-C93EF0258501}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B335DBDE-94BB-46BA-9F01-068810772682}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{55470E71-588A-4CA1-A960-FE48400EC23E}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8D613672-2594-4971-8112-81DF6CF48859}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{935795DE-37EA-45F9-A453-0081FF9D9BAA}] => (Allow) LPort=1688
FirewallRules: [{E45F41B0-32DF-44B5-913C-EF68192F2EB7}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.3.0\rekordbox.exe
FirewallRules: [{F4ED626A-34B2-4BB8-A973-1DEE1A7E5F1A}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.3.0\psvnfsd.exe
FirewallRules: [{D477863E-3791-4DCC-B9B6-BF4A8CAB829B}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.3.0\psvlinksysmgr.exe
FirewallRules: [{D3B65CFC-80AB-4CEB-BB86-A8B60F90822A}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.3.0\edb_streamd.exe
FirewallRules: [{1FE2BDF9-FC5D-48A4-8D9D-BAF722E97D16}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.3.0\ls-unity-rekordbox-win-64bit.exe
FirewallRules: [{5AE4C096-F7F7-4CC3-81DC-F23E90527ED6}] => (Allow) C:\Program Files\Pioneer\rekordbox 5.3.0\rbHttpServer.exe
FirewallRules: [{C263B17B-9C5D-4AB3-A588-B08AB45E9E98}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{77D7D1BF-99AF-43D7-8451-7EFA1AA1DB18}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{7E214461-42C6-42D3-AC61-52B9EFDE0E3F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{49AF5F55-4A11-49F2-9646-DAA2643ADF0E}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2017\Support Files\AfterFX.exe
FirewallRules: [{E2D307BA-670C-44A4-B53E-1EA4932A783D}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC 2017\Support Files\AfterFX.exe
FirewallRules: [{24A259B3-BED8-49C5-8D1E-B0E6606F09AB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{5B7F0EAF-6D25-4BDA-807C-72B12604261D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{417EF53A-1287-4C12-8A79-A2B40FEAFE49}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{CC961703-FD1D-4E00-BBA0-6B60858F4EDA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{BBA3692F-B262-411A-9A0E-16F1BCFFEFF7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{57B5A480-C1A0-4C8F-964F-DC14C70BBA4F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{82151B86-880D-4F77-8FCE-4E019E87AD46}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5AC0441C-86F6-4BC4-BECB-CE597FA2E4FC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2ABD2424-F7DE-4028-8808-B67C84B617DA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2018 12:16:09 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\GoogleUpdateHelper.msi

Error: (09/12/2018 12:08:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/12/2018 12:08:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/12/2018 12:08:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/12/2018 12:08:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/12/2018 12:08:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/12/2018 12:08:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/12/2018 12:08:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (09/12/2018 12:08:27 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/12/2018 12:07:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Printer Cache service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/12/2018 12:06:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (09/12/2018 12:06:27 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (09/11/2018 07:26:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Printer Cache service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/11/2018 07:25:43 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (09/11/2018 07:25:43 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (09/11/2018 07:15:54 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 32%
Total physical RAM: 16244.9 MB
Available physical RAM: 10932.93 MB
Total Virtual: 32487.99 MB
Available Virtual: 25706.56 MB

==================== Drives ================================

Drive c: (WINDOWS-SSD) (Fixed) (Total:232.79 GB) (Free:29.75 GB) NTFS
Drive d: (WINDOWS) (Fixed) (Total:150.39 GB) (Free:115.1 GB) NTFS
Drive e: (SKA and Digital Painting) (Fixed) (Total:150.39 GB) (Free:12.32 GB) NTFS
Drive f: (PERSONAL FILES) (Fixed) (Total:150.39 GB) (Free:5.75 GB) NTFS
Drive g: (MUSIC) (Fixed) (Total:150.39 GB) (Free:7.35 GB) NTFS
Drive h: (GAMES) (Fixed) (Total:150.39 GB) (Free:24.49 GB) NTFS
Drive i: (SOFTWARES) (Fixed) (Total:179.46 GB) (Free:6.1 GB) NTFS
Drive j: (YG786A0) (CDROM) (Total:0.36 GB) (Free:0 GB) CDFS
Drive m: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:200.66 GB) NTFS
Drive q: (MOVIES) (Fixed) (Total:466.8 GB) (Free:17.2 GB) NTFS
Drive r: (MOVIES AND MUSIC) (Fixed) (Total:466.8 GB) (Free:35.63 GB) NTFS
Drive s: (MUSIC PRODUCTION - DJING) (Fixed) (Total:466.8 GB) (Free:285.56 GB) NTFS
Drive t: (STUDY) (Fixed) (Total:462.62 GB) (Free:69.84 GB) NTFS

\\?\Volume{8c40a4c4-2c1c-11e3-9f03-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS
\\?\Volume{a578a6ce-29e7-11e5-889c-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5D5D1032)
Partition 1: (Not Active) - (Size=466.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=466.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=462.6 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: F70EC33E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2CBCDF0E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=630.6 GB) - (Type=0F Extended)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.

==================== End of Addition.txt ============================

Attached Files


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   6.23KB   181 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0

#14
Dave_83

Dave_83

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

FRST is done fixed it with fixlist.txt, attached is the file.

 

It did reboot after the fix and i noticed, no spike in CPU usage, it was normal.

 

Scanned with FRST again, attached are both of the logs, files are attached. Thank you, this part was resolved, i was worried about CPU running at 100% for a longer time.

 

Could i know what was the issue actually?

Attached Files


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Looks like you installed something called Microtask:

 

2018-09-11 18:27 - 2018-09-11 18:35 - 000000000 ____D C:\Program Files\Microtask

 

at the same time it installed:

2018-09-11 18:34 - 2018-09-11 18:42 - 000000000 ____D C:\Program Files (x86)\Sheep
2018-09-11 18:34 - 2018-09-11 18:41 - 000000000 ____D C:\Users\admin\AppData\Roaming\Windows RTL Handler
2018-09-11 18:34 - 2018-09-11 18:34 - 000000000 ____D C:\Users\admin\AppData\Local\AdvinstAnalytics
2018-09-11 18:33 - 2018-09-11 19:24 - 000000000 ____D C:\Windows\SysWOW64\jkuaqtmc
2018-09-11 18:33 - 2018-09-11 18:35 - 000000000 ____D C:\Users\admin\AppData\Local\SharePal
2018-09-11 18:33 - 2018-09-11 18:35 - 000000000 ____D C:\Users\admin\AppData\Local\IIIQF
2018-09-11 18:33 - 2018-09-11 18:33 - 000000116 _____ C:\ProgramData\ythdg.exe
2018-09-11 18:29 - 2018-09-11 18:29 - 000000205 _____ C:\ProgramData\ethrfvdggbvd.exe
2018-09-11 18:29 - 2018-09-11 18:29 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microtask
2018-09-11 18:29 - 2018-09-11 18:29 - 000000000 ____D C:\Users\admin\AppData\Roaming\Cache
2018-09-11 18:29 - 2018-09-11 18:29 - 000000000 ____D C:\Users\admin\AppData\Local\Turbo.net
 

The ones in bold are randomly named exe files.  No telling what they do.  Virustotal didn't find any anti-virus that didn't like the second one but randomly named files are almost always malware.  The rest are all directories.  No telling what was in them.  I had FRST remove everything installed at the same time.

 

I see I missed one entry:

 

S2 printercache.exe; "C:\Users\admin\AppData\Roaming\Cache\daemon\printercache.exe" [X]
 

 

If you copy the above line and open notepad then paste it in and save the file as fixlist in the same directory as FRST then run FRST and hit Fix it will clear it.

 

 

 

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP