Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cant post [Solved]


  • This topic is locked This topic is locked

#1
RUSTY2

RUSTY2

    Member

  • Member
  • PipPipPip
  • 211 posts

when i try and post I  get this

403 Forbidden
A potentially unsafe operation has been detected in your request to this site.


  • 0

Advertisements


#2
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 211 posts

It wont let me post the files from FRST64


  • 0

#3
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 211 posts

POPUPS  i will try again

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019 01
Ran by BR (administrator) on BRIAN-PC (10-02-2019 14:40:00)
Running from C:\Users\BR\Downloads
Loaded Profiles: BRIAN & bcom & BR (Available Profiles: BRIAN & bcom & BR)
Platform: Windows 7 Home Premium Service Pack 3 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Alibaba (China) Co., Ltd.) C:\Program Files (x86)\TradeManager\AliIM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
() C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
() C:\Program Files (x86)\TradeManager\aliapp.exe
() C:\Program Files (x86)\TradeManager\aliapp.exe
(阿里巴巴(中国)有限公司) C:\Users\BR\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [XeroxEndeavorBackgroundTask] => rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (WinZip Computing LLC -> Nico Mak Computing)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-06-18] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) [File not signed]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [26624 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-998330651-303224156-1059126384-1000\...\MountPoints2: {b8530093-6d0c-11e1-b88a-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-998330651-303224156-1059126384-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard Company -> Hewlett-Packard)
HKU\S-1-5-21-998330651-303224156-1059126384-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard Company -> Hewlett-Packard)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [aliim] => C:\Program Files (x86)\TradeManager\AliIM.exe [543232 2019-01-02] (Alibaba (China) Co., Ltd.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [HP Officejet 5740 series (NET)] => C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49762136 2018-08-08] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-06] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27831240 2018-03-13] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-19] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{975E2597-4892-450D-9E49-5CA092C4B97F}: [DhcpNameServer] 64.59.144.16 64.59.150.132
Tcpip\..\Interfaces\{BC556D6E-E0DC-496A-82C9-E12641CD952E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EF1371BB-7288-4F5F-870B-12C74F93F93F}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-998330651-303224156-1059126384-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-998330651-303224156-1059126384-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-998330651-303224156-1059126384-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-998330651-303224156-1059126384-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-998330651-303224156-1059126384-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-998330651-303224156-1059126384-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-998330651-303224156-1059126384-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {07C7C110-7846-4522-8DA7-7316F05F3171} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1000 -> {07C7C110-7846-4522-8DA7-7316F05F3171} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1000 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = hxxp://search.alot.com/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1003 -> {07C7C110-7846-4522-8DA7-7316F05F3171} URL =
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1004 -> {5C92EB9F-4A20-4856-8F45-C04A70AC3398} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corporation -> Microsoft Corp.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2018-03-07] (Skype Software Sarl -> Skype Technologies)

FireFox:
========
FF DefaultProfile: 7h47bk28.default-1425818769644-1541694642980
FF ProfilePath: C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\7h47bk28.default-1425818769644-1541694642980 [2019-02-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-13] [Legacy] [not signed]
FF HKU\S-1-5-21-998330651-303224156-1059126384-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-26] ()
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files (x86)\TradeManager\nptrademanager.dll [2017-08-23] ( )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\TradeManager\npwangwang.dll [2014-11-10] ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-07] (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [2015-02-09] (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @citrixonline.com/appdetectorplugin -> C:\Users\BR\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-28] (Citrix Online)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR DefaultSearchURL: Default -> hxxps://vancouver.craigslist.ca/favicon.ico
CHR Profile: C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default [2017-12-22]
CHR Extension: (Slides) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-11]
CHR Extension: (YouTube) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-11]
CHR Extension: (Adobe Acrobat) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-11]
CHR Extension: (Avast SafePrice) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-05]
CHR Extension: (Sheets) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-11]
CHR Extension: (Avast Online Security) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-22]
CHR Profile: C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default [2019-02-10]
CHR Extension: (Google Drive) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2019-02-10]
CHR Extension: (YouTube) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-22]
CHR Extension: (Adobe Acrobat) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-22]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-04]
CHR Extension: (Avast Online Security) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (craigslist: vancouver, BC jobs, apart...) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodmfgjfnfmcjhffmmaepknoggiokdhk [2018-09-05]
CHR Extension: (Gmail) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-18]
CHR Profile: C:\Users\BR\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 AliSafeEngine Service; C:\Program Files (x86)\AliSafeEngine\5.0.2\AliSafeEngine.exe [594080 2016-05-10] (TAOBAO (CHINA) SOFTWARE CO.,LTD. -> 阿里巴巴(中国)有限公司)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc. -> Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
S4 BackupService; C:\Users\BRIAN\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (Hewlett-Packard Company -> ArcSoft, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia -> Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia -> Secunia)
S4 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [376832 2013-01-09] (SafeNet, Inc.) [File not signed]
S4 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259872 2013-01-09] (SafeNet, Inc. -> SafeNet, Inc)
S4 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc. -> SafeNet, Inc.)
S4 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-06-07] (SolidWorks) [File not signed]
S4 SQLANYs_SmpParts; C:\Program Files (x86)\SQL Anywhere 10\win32\dbsrv10.exe [136568 2010-12-08] (iAnywhere Solutions, Inc. -> iAnywhere Solutions, Inc.)
S4 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-29] (Reason Software Company Inc. -> RaMMicHaeL)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
S4 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [2904176 2016-07-13] (TAOBAO (CHINA) SOFTWARE CO.,LTD. -> Alibaba Group)
R3 aswbIDSAgent; "C:\Program Files\AVAST Software\Avast\aswidsagent.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ahcix64s; C:\Windows\System32\DRIVERS\ahcix64s.sys [237936 2009-08-03] (ATI Technologies, Inc -> Advanced Micro Devices, Inc)
R0 amdsata; C:\Windows\System32\DRIVERS\amdsata.sys [67128 2009-08-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28216 2009-08-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37304 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [220688 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196264 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320888 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58160 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239808 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166472 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111992 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [218056 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-20] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10619296 2010-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2019-01-28] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2017-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia -> Secunia)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [239616 2009-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek )
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] (Intel® Code Signing External -> )
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63568 2012-12-11] (SafeNet, Inc. -> SafeNet, Inc.)
S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2012-10-16] (Windows ® 2000 DDK provider) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 utqyodqx; C:\Windows\SysWOW64\Drivers\utqyodqx.sys [7168 2015-12-31] () [File not signed]
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-10 14:37 - 2019-02-10 14:37 - 000000000 ____D C:\FRST
2019-01-28 09:06 - 2019-01-28 09:06 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-01-17 04:36 - 2019-01-17 04:35 - 000361352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-01-17 04:36 - 2019-01-17 04:35 - 000320888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-01-17 04:36 - 2019-01-17 04:35 - 000220688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-17 04:36 - 2019-01-17 04:35 - 000196264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-01-17 04:36 - 2019-01-17 04:35 - 000058160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-01-17 04:36 - 2019-01-17 04:35 - 000037304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-01-16 03:01 - 2019-01-16 03:01 - 000000000 ____D C:\MSIba4e3.tmp
2019-01-16 03:01 - 2019-01-16 03:01 - 000000000 ____D C:\_638336_

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-10 14:39 - 2012-04-13 07:31 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2019-02-10 14:34 - 2018-01-21 13:53 - 000003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AAEA059E-67E6-4D4B-A555-071AD2AC6636}
2019-02-10 03:25 - 2009-07-13 20:45 - 000015792 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-10 03:25 - 2009-07-13 20:45 - 000015792 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-04 17:17 - 2013-08-19 18:26 - 000000000 ____D C:\Program Files\CCleaner
2019-01-28 09:06 - 2018-11-09 10:37 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-01-23 06:26 - 2018-11-08 08:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-01-23 06:25 - 2012-04-26 05:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-20 08:36 - 2014-05-13 18:36 - 000000000 ____D C:\Program Files (x86)\TradeManager
2019-01-17 04:39 - 2017-03-16 02:48 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-01-17 04:35 - 2018-10-22 15:02 - 000042488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-01-17 04:35 - 2018-02-20 10:17 - 000239808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-01-17 04:35 - 2017-11-22 05:04 - 000203488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 001034056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000474648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000380144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000218056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000166472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000111992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000088144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000046584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2019-01-16 03:01 - 2012-05-12 02:02 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-16 03:01 - 2012-05-12 02:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Files in the root of some directories =======

2014-09-09 15:27 - 2014-09-09 15:30 - 000000000 _____ () C:\Users\BR\AppData\Roaming\bibstats
2014-10-27 08:16 - 2014-11-13 19:01 - 000000308 _____ () C:\Users\BR\AppData\Roaming\Rim.Desktop.Exception.log
2014-10-27 08:09 - 2014-11-28 09:44 - 000004042 _____ () C:\Users\BR\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-10-27 08:16 - 2014-11-13 19:01 - 000000308 _____ () C:\Users\BR\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-11 10:57 - 2014-11-11 10:57 - 000000044 _____ () C:\Users\BR\AppData\Roaming\WB.CFG
2017-01-14 12:04 - 2017-01-14 12:04 - 000000000 ____H () C:\Users\BR\AppData\Local\BITD200.tmp
2014-10-27 09:02 - 2014-10-27 09:02 - 000009728 _____ () C:\Users\BR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-12-27 11:56 - 2018-12-27 11:56 - 000000218 _____ () C:\Users\BR\AppData\Local\recently-used.xbel
2015-09-26 12:43 - 2015-09-26 12:43 - 000000017 _____ () C:\Users\BR\AppData\Local\resmon.resmoncfg
2012-06-07 20:09 - 2012-06-07 20:09 - 000000000 _____ () C:\Users\BR\AppData\Local\Temptable.xml
2012-09-23 13:15 - 2012-09-23 13:15 - 000137289 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.0
2012-09-23 13:15 - 2012-09-23 13:15 - 000132486 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.1
2012-09-23 13:15 - 2012-09-23 13:15 - 000132533 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.JPG
2012-09-23 13:15 - 2012-09-23 13:15 - 000003890 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001_navi.JPG
2012-10-03 17:21 - 2012-10-03 17:21 - 000121078 _____ () C:\Users\BR\AppData\Local\tmpNOMAD1.0
2012-10-03 17:21 - 2012-10-03 17:21 - 000044248 _____ () C:\Users\BR\AppData\Local\tmpNOMAD1.JPG
2012-10-03 17:18 - 2012-10-03 17:18 - 000112551 _____ () C:\Users\BR\AppData\Local\tmpNOMAD2.0
2012-10-03 17:18 - 2012-10-03 17:18 - 000040181 _____ () C:\Users\BR\AppData\Local\tmpNOMAD2.JPG
2012-10-03 17:21 - 2012-10-03 17:21 - 000115714 _____ () C:\Users\BR\AppData\Local\tmpNOMAD3.0
2012-10-03 17:21 - 2012-10-03 17:21 - 000038427 _____ () C:\Users\BR\AppData\Local\tmpNOMAD3.JPG
2012-10-03 17:22 - 2012-10-03 17:22 - 000134269 _____ () C:\Users\BR\AppData\Local\tmpNOMAD4.0
2012-10-03 17:22 - 2012-10-03 17:22 - 000049466 _____ () C:\Users\BR\AppData\Local\tmpNOMAD4.JPG
2012-10-03 17:22 - 2012-10-03 17:22 - 000135858 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.0
2012-10-03 17:22 - 2012-10-03 17:22 - 000050685 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.1
2012-10-03 17:22 - 2012-10-03 17:22 - 000050520 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.JPG
2012-10-03 17:23 - 2012-10-03 17:23 - 000136857 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.0
2012-10-03 17:23 - 2012-10-03 17:23 - 000049261 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.1
2012-10-03 17:23 - 2012-10-03 17:23 - 000049486 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.JPG
2012-08-22 15:05 - 2012-08-22 15:05 - 000006400 _____ () C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).0
2012-08-22 15:05 - 2012-08-22 15:05 - 000001969 _____ () C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).JPG
2017-01-14 11:57 - 2017-01-14 12:04 - 000000000 _____ () C:\Users\BR\AppData\Local\{7A3D3458-EB7D-4C05-A5E4-FDFD4ED3DCBD}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-02 00:00

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by BR (10-02-2019 14:41:34)
Running from C:\Users\BR\Downloads
Windows 7 Home Premium Service Pack 3 (X64) (2012-03-13 13:09:29)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-998330651-303224156-1059126384-500 - Administrator - Disabled)
bcom (S-1-5-21-998330651-303224156-1059126384-1003 - Administrator - Enabled) => C:\Users\bcom
BR (S-1-5-21-998330651-303224156-1059126384-1004 - Administrator - Enabled) => C:\Users\BR
BRIAN (S-1-5-21-998330651-303224156-1059126384-1000 - Administrator - Enabled) => C:\Users\BRIAN
Guest (S-1-5-21-998330651-303224156-1059126384-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

0501(English) (HKLM-x32\...\{15330BA2-F4F1-4D1C-A0D8-A9C5F9056672}) (Version: 1.00.0000 - Ruizhitianhong)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.07 beta (x64) (HKLM\...\7-Zip) (Version: 15.07 - Igor Pavlov)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.1 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (HKLM-x32\...\{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (HKLM-x32\...\{A7AEE29F-839E-46B5-B347-6D430618129F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Akamai) (Version:  - Akamai Technologies, Inc)
AliIM Plugins for Browser (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\AliIM Plugins for Browser) (Version: 1.0 - Alibaba(China) Co., Ltd)
AliSafeEngine 5.0.2 (HKLM-x32\...\AliSafeEngine) (Version: 5.0.2 - Alibaba, Inc.)
AliSetup 0.1.0.52 (HKLM-x32\...\AliSetup) (Version: 0.1.0.52 - °¢Àï°Í°Í£¨Öйú£©ÓÐÏÞ¹«Ë¾)
Any Video Converter 3.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
ArtCAM 2015 (64-bit) (HKLM-x32\...\ArtCAM 2015 (64-bit)) (Version: 2015 - Delcam Ltd)
ArtCAM 2015 R2 (64-bit) (HKLM-x32\...\ArtCAM 2015 R2 (64-bit)) (Version: 2015 R2 - Delcam Ltd)
ArtCAM 2015 R2 DL (64-bit) (HKLM-x32\...\ArtCAM 2015 R2 DL (64-bit)) (Version: 2015 R2 - Delcam Ltd)
Autodesk Pixlr (HKLM-x32\...\{B0547B43-3AEE-453C-9945-800DDF92052D}) (Version: 1.1.1.0 - Autodesk) Hidden
Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.1.1.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6100 (HKLM-x32\...\{0DEF8C02-2EAB-4BFE-A7E0-7990665DF1A9}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c6100_Help (HKLM-x32\...\{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}) (Version: 82.0.256.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{1B1BF50E-ACE8-4481-B362-89544FB1CD4B}) (Version: 1.0.357 - Citrix)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
Corel Applications (HKLM-x32\...\Corel Applications) (Version:  - )
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delcam Exchange 2015 R2 (64-bit) (HKLM\...\Delcam Exchange 7.9.10) (Version: 7.9.10 - Delcam)
Delcam Exchange 2015 R4 (64-bit) (HKLM\...\Delcam Exchange 8.1.10) (Version: 8.1.10 - Delcam)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
eDrawings 2015 x64 (HKLM\...\{1849FD9A-F1F7-4D0C-BEE6-59C3337E5410}) (Version: 15.2.0033 - Dassault Systèmes SolidWorks Corp)
EPS File Viewer (HKLM-x32\...\{35B4B5ED-41DE-4CAB-A757-F967474819DC}_is1) (Version:  - epsfileviewer.com)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free DWG Viewer 7.3 (HKLM-x32\...\{BC66852F-0928-494F-B3C1-5FF5DB4F88BC}) (Version: 7.3.0.174 - IGC)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
gsimple 2.05 (HKLM-x32\...\gsimple) (Version: 2.05 - S.Kontogiannis)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 5740 series Basic Device Software (HKLM\...\{B09B89DC-91EF-4965-800D-2A5807D117D1}) (Version: 40.11.1135.17143 - HP Inc.)
HP Officejet 5740 series Help (HKLM-x32\...\{F17D53C7-DCE8-469C-9690-CF8F5903519C}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.7 - Hewlett-Packard) Hidden
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2226 - Intel Corporation)
IrfanView 4.50 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Live Mail Password Decryptor (HKLM-x32\...\{2C7228FF-A6A8-49D1-BE08-7453AB5D0359}) (Version: 4.0 - SecurityXploded) Hidden
Logitech Harmony Remote Software (x86) (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Magical Jelly Bean PasswdFinder (HKLM-x32\...\PasswdFinder_is1) (Version: 1.0.0.29 - PasswdFinder)
Mail Undelete Recovery Toolbox Free 2.3 (HKLM-x32\...\Mail Undelete Recovery Toolbox Free_is1) (Version:  - Recovery Toolbox, Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Mozilla Firefox 47.0.2 (x86 en-US) (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NirSoft WebBrowserPassView (HKLM-x32\...\NirSoft WebBrowserPassView) (Version:  - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Photobucket Desktop (HKLM-x32\...\{D0916F1D-236D-4B9A-BCEA-F535444DCA41}) (Version: 1.0.3.1552 - Photobucket)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
Product Improvement Study for HP Officejet 5740 series (HKLM\...\{0E14A09E-FBF5-461C-A10B-62F231B1722C}) (Version: 40.11.1135.17143 - HP Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2216 - CyberLink Corp.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rosetta Stone Version 3 (HKLM-x32\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.7.0 - Rosetta Stone Ltd.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scanything V1.0.8 (HKLM-x32\...\Scanything) (Version: 1.0.8 - Scanything)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Sentinel Protection Installer 7.6.6 (HKLM-x32\...\{8C2218AC-D1B1-4530-9E67-15164E0E52AB}) (Version: 7.6.6 - SafeNet, Inc.)
Sentinel System Driver Installer 7.5.7 (HKLM-x32\...\{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}) (Version: 7.5.7 - SafeNet, Inc.)
SewArt (HKLM\...\{233A5312-C6B1-48DB-8F62-5E1E2975F499}) (Version: 1.8.8 - S & S Computing)
SewWhat-Pro (HKLM\...\{5DF40802-1935-4B9F-9B7C-B16B6B875461}) (Version: 3.9.7 - S & S Computing)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype version 8.28 (HKLM-x32\...\Skype_is1) (Version: 8.28 - Skype Technologies S.A.)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SmoothDraw version 4.0.5 (HKLM-x32\...\SmoothDraw_is1) (Version: 4.0.5 - )
SMPIS (HKLM-x32\...\{999052D7-44A2-49F8-9851-A3D2D297EE03}) (Version: 29.00.000 - Merry Mechanization Inc.)
SolidWorks 2011 x64 Edition SP02 (HKLM\...\{4F113377-0BA1-4552-9ABB-9BF220FAF132}) (Version: 19.120.49 - SolidWorks) Hidden
SolidWorks 2011 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20110-40200-1100-100) (Version: 19.2.0.49 - SolidWorks Corporation)
SolidWorks eDrawings 2011 SP02 (HKLM-x32\...\{67C6633B-5A12-4955-A5E4-98D703F9AFA3}) (Version: 11.2.113 - Dassault Systèmes SolidWorks Corp.)
SolidWorks eDrawings 2011 x64 Edition SP02 (HKLM\...\{455804F2-70A9-46BD-BEB8-957000EC20D4}) (Version: 11.2.113 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks Explorer 2011 SP02 (HKLM-x32\...\{5F590D74-AA75-410F-A778-3CDFCE12DCD4}) (Version: 19.20.49 - SolidWorks Corporation)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SQLAnywhere1000 (HKLM-x32\...\{349E9132-5101-4094-859E-0EEE6F3DDCD5}) (Version: 10.1.4157 - Merry Mechanization Inc)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TradeManager 2011 SP2 (HKLM-x32\...\TradeManager 2011 SP2) (Version:  - Alisoft)
TradeManager 2014 Beta1 (HKLM-x32\...\TradeManager) (Version:  - Alibaba (China) Network Technology Co., Ltd.)
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trendnet USBKVM Switcher (HKLM-x32\...\Trendnet USBKVM Switcher_is1) (Version:  - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.8 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.7.3 - Tweaking.com)
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A95E3E66-D5A4-404E-997D-02562AA492E8}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wilcom TrueSizer e3.0 (HKLM-x32\...\{90C3F44A-7F39-4AEA-AC41-E32F97208269}) (Version: 17.0.185.7427 - Wilcom) Hidden
Wilcom TrueSizer e3.0 (HKLM-x32\...\{E801DDB4-3CFC-496E-9E04-781EC2445D82}) (Version: 17.0.185.7427 - Wilcom)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}) (Version: 1.0.24.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll (Alibaba (China) Network Technology Co.,Ltd. -> )
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll (Alibaba (China) Network Technology Co.,Ltd. -> )
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-09-17] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2014-01-28] (WinZip Computing LLC -> Nico Mak Computing)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-04-26] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1-x32: [PhoXo] -> {47F14307-F923-44F9-86CB-A1E193DA6070} => C:\Program Files (x86)\PhoXo\ExploreMenu.dll -> No File
ContextMenuHandlers1-x32: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-09-17] (Igor Pavlov)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-09-17] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01B68D52-81A4-4E5D-A008-EBE7A5E1D7A8} - System32\Tasks\AdobeAAMUpdater-1.0-BRIAN-PC-BR => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {0EB491D2-3F87-4560-81FF-E86009C528CA} - System32\Tasks\{8B8FB205-9240-4AC7-98E1-1FC0022AA2DC} => C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
Task: {137B4BA2-DE24-4F80-BC1F-179956948A9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {13C746E5-D9D4-410F-8374-C85DD78CB304} - System32\Tasks\{05A9FC79-8345-4041-BAB5-63B4B01AD275} => C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
Task: {19835642-4FB1-409E-B1C8-8C8DAB245E33} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {261C88CB-C0A6-449C-8B7E-520CB4278507} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {2761B74C-FF47-4ABC-B888-2B671AC244E5} - System32\Tasks\{A5D314F0-456F-4CB4-B01B-01065EE19CB7} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {2A5E94B0-88B5-4A7C-AE52-03F3C01C221B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {35E21EB3-832F-4CF8-96D9-CA922B3FC962} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {379D608C-0688-4B10-B21D-50B5B2A22E4F} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink -> CyberLink)
Task: {3A971650-3B29-4284-8710-C3F626E29C5B} - System32\Tasks\HPCustPartic.exe_{48E34D62-7EF7-41D2-8CFC-FF6ACE1C8F6D} => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe (Hewlett Packard -> HP Inc.)
Task: {4B06D158-F426-4D63-842D-A8D695E38F5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {4E972E24-4BA2-47D5-BEFD-94D785AA4E8C} - System32\Tasks\{1D5C86AE-F4DD-4B79-A361-3F31B70CFCEF} => C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation -> TechSmith Corporation)
Task: {58044AB4-8524-4227-9073-AAA8DF62A596} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {6AB5DF9B-167C-4E53-B5F8-EC132C9AB8CD} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {7016C1DA-8A0A-4266-A065-4ECEF51B751B} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe (Hewlett-Packard Company -> )
Task: {76BFAC61-5025-4C95-9233-B223F5F3731E} - System32\Tasks\{8687F8BE-E36A-4EEF-AF42-1D43D36FA6D3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {7C5A95DD-03B0-42B0-AE44-40365D9FFEB6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {7F54A87F-3AB1-4857-8F5D-3B1374A9D962} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {80747828-AE28-4142-B594-2A8E87EF8F5F} - System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {85F928BF-474B-410C-955F-9BC4A5E814AE} - System32\Tasks\{ECC6E21C-0E02-48C1-81A6-B7DF3E56C4A3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MMI\MachineDriverInstaller.exe" -d C:\Users\BRIAN\Desktop -c C:\Users\BRIAN\Desktop\second-house.DXF
Task: {983288AE-7B6C-4262-A354-ED914BAB9B17} - System32\Tasks\{7ABB10C8-4419-4DA7-B870-5539FB2B4CFF} => C:\Program Files\Dassault Systemes\DraftSight\bin\DraftSight.exe
Task: {9898530D-7128-408C-A288-8A7655746A86} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {99DC5BAC-F1C3-4CDC-8CB1-F45B3B886E25} - System32\Tasks\{9D8A851B-EEC2-4D8A-87F8-B68A9BA893E4} => C:\Windows\system32\pcalua.exe -a "E:\English\JDPaint55 1048\JDPaint.exe" -d "E:\English\JDPaint55 1048"
Task: {9A3CE333-775C-4F78-992D-AA2801A46B4E} - System32\Tasks\{6F7F92BF-441E-4C9E-852D-876D6730FB99} => C:\Windows\system32\pcalua.exe -a L:\AutoCAD_2011_English_Win_64bit.exe -d L:\
Task: {9E7B5155-9C08-45C9-9779-27D04278AC5D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {A478F95E-3FEA-4AA2-9564-F616630E60FB} - System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A} => C:\Windows\system32\pcalua.exe -a "C:\Users\BR\Documents\SolidWorks Downloads\SolidWorks 2011 SP02\swwi\data\setup.exe" -d "C:\Users\BR\Documents\SolidWorks Downloads\SolidWorks 2011 SP02\swwi\data"
Task: {A6AC5370-51F9-4CFD-997A-8A157D90FF99} - System32\Tasks\HPCustParticipation HP Officejet 5740 series => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe (Hewlett Packard -> HP Inc.)
Task: {B1887102-041D-4F62-A50E-9FDD2221ED07} - System32\Tasks\SafeZone scheduled Autoupdate 1460721208 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {BC7A2992-A263-4155-B654-7C15A59B0C9D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {BEBB79F8-7713-4DBF-9FF9-0BA8E1E28A44} - System32\Tasks\{992C1360-B7C4-4ED1-9082-8E159FCB82C3} => C:\Windows\system32\pcalua.exe -a C:\Users\BR\Downloads\setup.exe -d C:\Users\BR\Downloads
Task: {C022465E-7A07-4924-8167-E4FCA8D56381} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {CA4307C5-0B5B-4183-AE41-368899A730FF} - System32\Tasks\{A75FBD77-F964-481B-B7EF-F4B1EA2968ED} => C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
Task: {D16D3224-3EE0-4200-9E22-85BF14CE0671} - System32\Tasks\{9C9F2E80-4ADE-449B-9057-40106FF8BC7F} => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
Task: {D5226923-4D3A-4364-BD39-D4CE1AE244C8} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Tweaking LLC -> Tweaking.com)
Task: {DD268EF9-0389-4933-BB76-5200E5670973} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {EF688760-AA89-4443-B5F1-5CEE174F3EBE} - System32\Tasks\{344968BF-A556-4FFC-984C-7E186895F06B} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\DriverAgent\dauninst.exe
Task: {F071B936-8E01-43A1-8968-3D7C08AC6606} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {FDFDEFE5-F9F6-4CA4-BCF3-CD265AA0EF41} - System32\Tasks\HPCustPartic.exe_{F94022F2-89C4-4C6F-A846-667671D2320F} => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe (Hewlett Packard -> HP Inc.)
Task: {FF68EC2C-3B0C-4266-A221-56BDB11B6623} - System32\Tasks\{9F1E4A2B-AEA4-4565-A49A-E488006A3FAF} => C:\Windows\system32\pcalua.exe -a C:\Users\BR\Downloads\Mach3Version3.043.066.exe -d C:\Users\BR\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\BR\Favorites\Fotor for desktop.lnk -> hxxp://www.fotor.com/desktop/index.htm

ShortcutWithArgument: C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\craigslist_ vancouver, BC jobs, apart.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=oodmfgjfnfmcjhffmmaepknoggiokdhk

==================== Loaded Modules (Whitelisted) ==============

2012-12-15 12:55 - 2005-03-12 00:07 - 000087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2018-01-04 23:13 - 2018-01-04 23:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-04 23:14 - 2018-01-04 23:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-11-09 10:37 - 2019-01-28 09:06 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-22 04:57 - 2018-11-22 04:57 - 000728792 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2018-01-22 02:15 - 2018-01-22 02:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-01-22 02:15 - 2018-01-22 02:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2015-10-10 14:17 - 2010-09-09 09:05 - 000593920 _____ () C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe
2015-08-18 11:05 - 2017-10-18 09:03 - 000108544 _____ () C:\Program Files (x86)\TradeManager\AliApp.exe
2016-05-22 18:32 - 2016-05-22 18:32 - 031680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2018-12-17 16:51 - 2018-12-11 21:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-17 16:51 - 2018-12-11 21:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2018-11-22 04:56 - 2018-11-22 04:56 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-11-22 04:57 - 2018-11-22 04:57 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-11-22 04:56 - 2018-11-22 04:56 - 000496344 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-11-22 04:56 - 2018-11-22 04:56 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-11-22 04:56 - 2018-11-22 04:56 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2019-02-10 12:00 - 2019-02-10 12:00 - 005741712 _____ () C:\Program Files\AVAST Software\Avast\defs\19021004\algo.dll
2018-03-03 16:06 - 2018-03-03 16:06 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-04 23:14 - 2018-01-04 23:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-04 23:14 - 2018-01-04 23:14 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-30 23:32 - 2014-10-07 19:12 - 000273408 _____ () C:\Program Files (x86)\TradeManager\pcre.dll
2015-03-30 23:32 - 2014-10-07 19:12 - 000361472 _____ () C:\Program Files (x86)\TradeManager\rv2archive.dll
2015-03-30 23:33 - 2019-01-02 19:59 - 000108032 _____ () C:\Program Files (x86)\TradeManager\rv2log.dll
2015-03-30 23:33 - 2019-01-02 19:59 - 000314880 _____ () C:\Program Files (x86)\TradeManager\rv2core.dll
2015-08-18 11:05 - 2017-09-14 19:56 - 042149888 _____ () C:\Program Files (x86)\TradeManager\aef.dll
2015-12-07 09:29 - 2018-11-19 18:37 - 000029696 _____ () C:\Program Files (x86)\TradeManager\AliProtect.dll
2015-09-15 23:06 - 2017-05-19 09:01 - 000147456 _____ () C:\Program Files (x86)\TradeManager\PerfTrace.dll
2015-02-09 18:40 - 2015-02-09 18:40 - 001554888 _____ () C:\Program Files (x86)\TradeManager\LIBEAY32.dll
2015-03-30 23:33 - 2019-01-02 19:59 - 000581632 _____ () C:\Program Files (x86)\TradeManager\uacagent.dll
2015-02-09 18:40 - 2015-02-09 18:40 - 000072192 _____ () C:\Program Files (x86)\TradeManager\zlibwapi.dll
2015-02-09 18:39 - 2015-02-09 18:39 - 000437216 _____ () C:\Program Files (x86)\TradeManager\collina.dll
2015-10-10 14:17 - 2007-07-17 15:26 - 000086016 _____ () C:\Program Files (x86)\Trendnet\USBKVM Switcher\kEYHOOK.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 002121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 007745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 000135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2016-08-24 07:45 - 2016-08-24 07:45 - 040523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-12-24 15:15 - 2015-12-24 15:15 - 000698152 _____ () C:\Users\BR\AppData\Roaming\TaobaoProtect\AliBench\AlibenchDLL.dll
2016-06-07 23:10 - 2016-06-07 23:10 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-07 23:10 - 2016-06-07 23:10 - 000205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-07 23:10 - 2016-06-07 23:10 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-07 23:10 - 2016-06-07 23:10 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-08-24 07:24 - 2016-08-24 07:24 - 000109760 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll
2016-06-07 23:10 - 2016-06-07 23:10 - 000166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Classes\.scr: scrfile =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxp://taobao.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\taobao.com -> hxxp://taobao.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2019-01-04 01:01 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\SQL Anywhere 10\win32;C:\Program Files (x86)\SQL Anywhere 10\Sybase Central 5.0.0\win32;%PROGRAMFILES%\Internet Explorer;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-998330651-303224156-1059126384-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BRIAN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-998330651-303224156-1059126384-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\bcom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\BR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: AliSafeEngine Service => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DraftSight API Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: SentinelKeysServer => 2
MSCONFIG\Services: SentinelProtectionServer => 2
MSCONFIG\Services: SentinelSecurityRuntime => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Unchecky => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: wwbizsrv => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{941584E1-854B-434D-85FE-08615386E6DD}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [UDP Query User{24DB1A02-894B-4B50-80C3-AF89B7F3A379}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [TCP Query User{0B6B3E9F-1303-4E14-8895-DA3ACC99F6CF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{1E3A6126-5910-4D3B-9911-15769D574BBB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{4CB72E1A-D77F-4284-B7EA-15ECCA2A0518}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [UDP Query User{849E739F-CA22-4888-A9A6-C5EE2B84C0D7}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [TCP Query User{B3B2AC8C-624A-4D95-AA88-2C109ACF15C1}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [UDP Query User{75B9D3FE-C59D-40B9-BB93-78365A52A88E}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{7BCA530D-AEF9-4312-AB98-5FA57B22C9D4}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS0312\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{DD0816DF-1A6D-46DE-B7FA-8F03EA897AFA}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS0312\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{7027FCA1-ED17-4B7B-9DEF-90707122CEED}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS03BC\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{4E250D65-5C7F-4C5C-8E68-F728A34421A7}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS03BC\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [TCP Query User{9F26BF52-B13B-471C-A6AC-44F98C53BC00}C:\program files (x86)\trademanager\aliim.exe] => (Allow) C:\program files (x86)\trademanager\aliim.exe (Alibaba (China) Co., Ltd.)
FirewallRules: [UDP Query User{E3DB5C18-C6C1-4FD6-A0D7-15EFCCE65DC2}C:\program files (x86)\trademanager\aliim.exe] => (Allow) C:\program files (x86)\trademanager\aliim.exe (Alibaba (China) Co., Ltd.)
FirewallRules: [{FEA0FE39-54A2-480A-9CAD-7D55D772EAA6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe No File
FirewallRules: [{9BF14085-062A-4EB5-A452-75190E55F47F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe No File
FirewallRules: [{B9C78521-F0A8-4E23-9136-149ADB9DB1A0}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe No File
FirewallRules: [{20D7AE74-B6A3-426F-B416-9DC325C694AA}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe No File
FirewallRules: [TCP Query User{DD81ED75-AA34-4A58-B5BA-EF7D04E2CE88}C:\program files (x86)\trademanager\aliim.exe] => (Block) C:\program files (x86)\trademanager\aliim.exe (Alibaba (China) Co., Ltd.)
FirewallRules: [UDP Query User{5F6A084B-A851-4FFB-BC11-EBF0148E87B4}C:\program files (x86)\trademanager\aliim.exe] => (Block) C:\program files (x86)\trademanager\aliim.exe (Alibaba (China) Co., Ltd.)
FirewallRules: [{1E665E32-F3CE-4E07-ADA2-EE9C6EB26E2D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CFE4F658-D641-404D-8048-318DD582A421}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{80D39522-104E-4FB8-AF99-1FAC08D8BAAE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C14434CB-10C7-4B29-8255-37412E9CC49F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{231BF8B0-E8AA-41FE-BA9A-568103FD2F6D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{753E03DD-946C-41B7-97D9-47B6B408B966}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{25DB26D6-7C8D-421E-BD9F-0EBCBFA140D4}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS35EA\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{BD5D4210-B6E5-45E3-881D-BAEC293F3BF7}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS35EA\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{26EAF1A7-27A7-40A1-8B97-244D92D509DD}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS3FFD\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{84C5F561-9393-4117-9C21-1602D63CDAA9}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS3FFD\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{066E33B9-FBB5-4872-A4EF-6ACA4D6C8780}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS4109\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{D8C0664B-C6D4-48BA-B1F4-5682814D8FAF}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS4109\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{14FC1362-862C-41E8-9E03-9DEAFB364DA3}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS416B\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{734FA13E-75FC-4204-82B7-5CBEADE5CEF1}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS416B\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{268CDBAB-5953-49C3-B923-E0C09378C160}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS7EF8\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{EB46FD57-3C8D-4324-BF80-8CACE5BC36F5}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS7EF8\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{F028B163-0059-448B-BB75-773426B9BFC0}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2E7E\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{2DE49187-0F5B-4044-84FE-0A669CC85F33}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2E7E\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{2F80605A-D7CD-4639-B271-0B88302D1B78}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2F2F\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{5F35F7C3-2461-4952-AA85-73CF95EA6F47}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2F2F\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{5A4F57BB-C9CE-45EC-B240-2C84F10D8EC1}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS334A\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{C0330068-E65D-41C2-87C9-CA6BA61A2EBD}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS334A\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{C21344CC-E893-44F5-8E7E-701F26AB182D}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{FA59B4A3-B4E9-4169-80CA-0ACAFF3299DB}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{D1A0FBE8-8102-4DCB-9C1B-4C6DA9A2E4B0}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\SendAFax.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{8BF19FE5-091A-4478-A1B9-B0F5988DB7EB}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{DDEF6243-1EA8-4B81-9D35-C268ABDF94F0}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{3C37859B-1FDB-4B6F-AC4C-69AA2592E700}] => (Allow) LPort=5357
FirewallRules: [{38935BAA-FB00-4F8E-AFF2-1ECFFCCB3402}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{83EF81F4-A047-486B-9ED7-788156AA5F02}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS492E\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{2CCFE143-FE63-463D-BF2D-38FA0542B828}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS492E\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{30090691-2965-4C2E-BCEA-F17CD8043B3C}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS71FF\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{368EF3B6-D448-4597-BDD7-C5370190596C}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS71FF\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{86C000D4-66B4-43D9-BBEC-01712566D1A2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF079C67-BCD2-4063-9247-D4264175A7A9}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7F9AC02C-F9FA-4201-9C09-C06F7B5B630D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{747DE1F7-7A8F-4729-8D96-E06E0C5A5FFA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{B41BAFD4-3B90-42C3-B49D-50BD0A8FC864}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{7FAC275E-EF51-4AE7-BF73-EB278A5117C5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E11B348-E024-4FA4-974E-4ABA18354EA8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{32037EE3-CB62-4E38-A5AA-9282CB2DB64D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{20886188-8858-4F5F-9AC5-E4B5623AA4DE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{93D40DB1-EC32-498A-9758-3B800ABFE9FE}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{8FC46BB2-1E50-404D-8BBE-126C9B8B60EC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7

==================== Restore Points =========================

10-01-2018 08:35:19 Installed DraftSight 2018 SP0 x64.
19-01-2018 03:00:20 Windows Update
21-01-2018 10:25:07 Restore Operation
21-01-2018 13:04:50 Revo Uninstaller's restore point - Magical Jelly Bean PasswdFinder
21-01-2018 13:11:00 Revo Uninstaller's restore point - Kodi
22-01-2018 03:01:23 Windows Update
25-01-2018 03:00:28 Windows Update
09-02-2018 03:52:36 Scheduled Checkpoint
14-02-2018 03:01:12 Windows Update
03-03-2018 18:18:02 Scheduled Checkpoint
12-03-2018 20:07:31 Scheduled Checkpoint
14-03-2018 02:00:44 Windows Update
14-03-2018 15:53:12 Installed iTunes
17-03-2018 14:16:49 Removed iTunes
17-03-2018 14:17:52 Removed iTunes
17-03-2018 14:24:12 Removed iTunes
17-03-2018 14:31:38 Installed iTunes
17-03-2018 14:52:14 Removed Apple Mobile Device Support
17-03-2018 14:53:16 Removed Apple Software Update
17-03-2018 14:54:19 Removed Apple Application Support (64-bit)
17-03-2018 14:55:37 Removed Apple Application Support (32-bit)
17-03-2018 14:56:05 Removed Apple Application Support (32-bit)
17-03-2018 14:57:51 Removed Bonjour
17-03-2018 14:58:30 Removed iTunes
17-03-2018 15:33:38 Installed iTunes
30-03-2018 02:00:42 Windows Update
07-04-2018 02:00:40 Windows Update
11-04-2018 02:00:45 Windows Update
18-04-2018 08:16:28 Scheduled Checkpoint
24-04-2018 10:49:08 Installed StudioTax 2017
26-04-2018 08:21:41 Removed StudioTax 2017
09-05-2018 02:01:01 Windows Update
31-05-2018 07:44:09 Removed Backup and Sync from Google
11-06-2018 00:47:39 Scheduled Checkpoint
13-06-2018 02:00:16 Windows Update
29-06-2018 23:15:46 Scheduled Checkpoint
08-07-2018 13:34:15 Scheduled Checkpoint
11-07-2018 02:00:25 Windows Update
20-07-2018 11:45:42 Removed DraftSight 2015 SP2 x64.
01-08-2018 09:08:55 Installed OpenOffice 4.1.5
01-08-2018 10:00:28 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
01-08-2018 16:08:43 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
02-08-2018 02:00:11 Windows Update
15-08-2018 02:01:24 Windows Update
29-08-2018 08:15:31 Scheduled Checkpoint
29-08-2018 08:36:30 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
29-08-2018 09:27:04 Restore Operation
13-09-2018 02:02:01 Windows Update
30-09-2018 08:09:53 Scheduled Checkpoint
08-10-2018 19:43:32 Installed Skype™ 7.41
11-10-2018 02:01:12 Windows Update
12-10-2018 02:01:15 Windows Update
25-10-2018 10:31:19 Scheduled Checkpoint
08-11-2018 06:38:47 Scheduled Checkpoint
14-11-2018 03:01:43 Windows Update
29-11-2018 00:02:46 Scheduled Checkpoint
09-12-2018 08:44:50 Scheduled Checkpoint
13-12-2018 03:00:26 Windows Update
20-12-2018 03:01:27 Windows Update
28-12-2018 09:24:34 Scheduled Checkpoint
09-01-2019 03:00:26 Windows Update
09-01-2019 05:32:54 Windows Update
16-01-2019 03:00:11 Windows Update
25-01-2019 00:09:48 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Qualcomm Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Description: Qualcomm Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/09/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/08/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/07/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/06/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/05/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/04/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/03/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

System errors:
=============
Error: (02/09/2019 07:29:29 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{BC556D6E-E0DC-496A-82C9-E12641CD952E}.
The backup browser is stopping.

Error: (02/09/2019 06:27:23 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MAINPC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC556D6E-E0DC-496A-82C9-E12641CD952E}.
The master browser is stopping or an election is being forced.

Error: (02/05/2019 09:01:18 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/05/2019 09:01:18 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/01/2019 10:30:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/31/2019 10:30:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/30/2019 10:30:43 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/29/2019 10:30:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

CodeIntegrity:
===================================

Date: 2018-11-14 03:40:07.722
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 12:29:59.014
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 12:29:58.733
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 05:07:52.175
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 05:07:52.034
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 04:51:43.641
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 04:51:43.314
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 04:29:01.016
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 86%
Total physical RAM: 7133.18 MB
Available physical RAM: 961.16 MB
Total Virtual: 14264.5 MB
Available Virtual: 7284.07 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920.39 GB) (Free:58.06 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.02 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{b853008b-6d0c-11e1-b88a-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#4
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 419 posts
Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you complete them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, remove it now. It is one is the leading causes of malware infecting a computer.
  • If you have questions about anything, please ask.
--------------------

Do you recognize the following programs?

File Association Helper
0501(English) Ruizhitianhong

AliIM Plugins for Browser
AliSafeEngine
AliSetup



What problems are you experiencing with this computer?

Thanks.
  • 0

#5
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 211 posts

dont recognize any of these

File Association Helper
0501(English) Ruizhitianhong

AliIM Plugins for Browser
AliSafeEngine
AliSetup

 

cant seem to stop popups


  • 0

#6
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 419 posts
Hi,

Press the Windows Key + R. This will open the Run box.
Type Appwiz.cpl and click OK.

A list of installed programs will appear. Uninstall the below programs by selecting them and clicking Uninstall:

0501(English) Ruizhitianhong
AliIM Plugins for Browser
AliSafeEngine
AliSetup



Follow the steps in the uninstaller to remove the program.

Once you have uninstalled the programs, please run a scan with FRST and copy/paste both the FRST.txt and Addition.txt logs into your next reply.

Thanks.
  • 0

#7
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 211 posts

great thanx

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019 01
Ran by BR (administrator) on BRIAN-PC (11-02-2019 07:13:28)
Running from C:\Users\BR\Downloads
Loaded Profiles: BRIAN & bcom & BR (Available Profiles: BRIAN & bcom & BR)
Platform: Windows 7 Home Premium Service Pack 3 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Alibaba (China) Co., Ltd.) C:\Program Files (x86)\TradeManager\AliIM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
() C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\TradeManager\aliapp.exe
() C:\Program Files (x86)\TradeManager\aliapp.exe
(阿里巴巴(中国)有限公司) C:\Users\BR\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [XeroxEndeavorBackgroundTask] => rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (WinZip Computing LLC -> Nico Mak Computing)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-06-18] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) [File not signed]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [26624 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-998330651-303224156-1059126384-1000\...\MountPoints2: {b8530093-6d0c-11e1-b88a-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-998330651-303224156-1059126384-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard Company -> Hewlett-Packard)
HKU\S-1-5-21-998330651-303224156-1059126384-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard Company -> Hewlett-Packard)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [aliim] => C:\Program Files (x86)\TradeManager\AliIM.exe [543232 2019-01-02] (Alibaba (China) Co., Ltd.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [ISUSPM Startup] => "c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [HP Officejet 5740 series (NET)] => C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49762136 2018-08-08] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-06] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27831240 2018-03-13] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\...\Drivers32-x32: [msacm.l3codecp] => C:\Windows\SysWOW64\l3codecp.acm [220672 2009-07-13] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-17] (Google Inc -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-19] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{975E2597-4892-450D-9E49-5CA092C4B97F}: [DhcpNameServer] 64.59.144.16 64.59.150.132
Tcpip\..\Interfaces\{BC556D6E-E0DC-496A-82C9-E12641CD952E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EF1371BB-7288-4F5F-870B-12C74F93F93F}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-998330651-303224156-1059126384-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-998330651-303224156-1059126384-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-998330651-303224156-1059126384-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-998330651-303224156-1059126384-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-998330651-303224156-1059126384-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-998330651-303224156-1059126384-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON/4
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-998330651-303224156-1059126384-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {07C7C110-7846-4522-8DA7-7316F05F3171} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1000 -> {07C7C110-7846-4522-8DA7-7316F05F3171} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1000 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = hxxp://search.alot.com/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1003 -> {07C7C110-7846-4522-8DA7-7316F05F3171} URL =
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1004 -> {5C92EB9F-4A20-4856-8F45-C04A70AC3398} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corporation -> Microsoft Corp.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2018-03-07] (Skype Software Sarl -> Skype Technologies)

FireFox:
========
FF DefaultProfile: 7h47bk28.default-1425818769644-1541694642980
FF ProfilePath: C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\7h47bk28.default-1425818769644-1541694642980 [2019-02-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-13] [Legacy] [not signed]
FF HKU\S-1-5-21-998330651-303224156-1059126384-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-26] ()
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\TradeManager\npwangwang.dll [2014-11-10] ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-07] (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [2015-02-09] (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @citrixonline.com/appdetectorplugin -> C:\Users\BR\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-28] (Citrix Online)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR DefaultSearchURL: Default -> hxxps://vancouver.craigslist.ca/favicon.ico
CHR Profile: C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default [2017-12-22]
CHR Extension: (Slides) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-11]
CHR Extension: (YouTube) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-11]
CHR Extension: (Adobe Acrobat) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-11]
CHR Extension: (Avast SafePrice) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-05]
CHR Extension: (Sheets) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-11]
CHR Extension: (Avast Online Security) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-22]
CHR Profile: C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default [2019-02-11]
CHR Extension: (Google Drive) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2019-02-10]
CHR Extension: (YouTube) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-22]
CHR Extension: (Adobe Acrobat) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-22]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-02-04]
CHR Extension: (Avast Online Security) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-17]
CHR Extension: (craigslist: vancouver, BC jobs, apart...) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodmfgjfnfmcjhffmmaepknoggiokdhk [2018-09-05]
CHR Extension: (Gmail) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-18]
CHR Profile: C:\Users\BR\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc. -> Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
S4 BackupService; C:\Users\BRIAN\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (Hewlett-Packard Company -> ArcSoft, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia -> Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia -> Secunia)
S4 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [376832 2013-01-09] (SafeNet, Inc.) [File not signed]
S4 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259872 2013-01-09] (SafeNet, Inc. -> SafeNet, Inc)
S4 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc. -> SafeNet, Inc.)
S4 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-06-07] (SolidWorks) [File not signed]
S4 SQLANYs_SmpParts; C:\Program Files (x86)\SQL Anywhere 10\win32\dbsrv10.exe [136568 2010-12-08] (iAnywhere Solutions, Inc. -> iAnywhere Solutions, Inc.)
S4 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-29] (Reason Software Company Inc. -> RaMMicHaeL)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
S4 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [2904176 2016-07-13] (TAOBAO (CHINA) SOFTWARE CO.,LTD. -> Alibaba Group)
R3 aswbIDSAgent; "C:\Program Files\AVAST Software\Avast\aswidsagent.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ahcix64s; C:\Windows\System32\DRIVERS\ahcix64s.sys [237936 2009-08-03] (ATI Technologies, Inc -> Advanced Micro Devices, Inc)
R0 amdsata; C:\Windows\System32\DRIVERS\amdsata.sys [67128 2009-08-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28216 2009-08-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37304 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [203488 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [220688 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196264 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320888 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58160 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239808 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46584 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42488 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [166472 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111992 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88144 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034056 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [474648 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [218056 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380144 2019-01-17] (AVAST Software s.r.o. -> AVAST Software)
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-20] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10619296 2010-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2019-01-28] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2017-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia -> Secunia)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [239616 2009-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek )
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] (Intel® Code Signing External -> )
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63568 2012-12-11] (SafeNet, Inc. -> SafeNet, Inc.)
S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2012-10-16] (Windows ® 2000 DDK provider) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 utqyodqx; C:\Windows\SysWOW64\Drivers\utqyodqx.sys [7168 2015-12-31] () [File not signed]
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-11 07:07 - 2019-02-11 07:07 - 000000000 ____D C:\MSI19de5.tmp
2019-02-10 14:37 - 2019-02-10 14:37 - 000000000 ____D C:\FRST
2019-01-28 09:06 - 2019-01-28 09:06 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-01-17 04:36 - 2019-01-17 04:35 - 000361352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-01-17 04:36 - 2019-01-17 04:35 - 000320888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-01-17 04:36 - 2019-01-17 04:35 - 000220688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-01-17 04:36 - 2019-01-17 04:35 - 000196264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-01-17 04:36 - 2019-01-17 04:35 - 000058160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-01-17 04:36 - 2019-01-17 04:35 - 000037304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-01-16 03:01 - 2019-01-16 03:01 - 000000000 ____D C:\MSIba4e3.tmp
2019-01-16 03:01 - 2019-01-16 03:01 - 000000000 ____D C:\_638336_

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-11 07:10 - 2018-01-21 13:53 - 000003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AAEA059E-67E6-4D4B-A555-071AD2AC6636}
2019-02-11 06:39 - 2012-04-13 07:31 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2019-02-11 04:31 - 2009-07-13 20:45 - 000015792 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-11 04:31 - 2009-07-13 20:45 - 000015792 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-04 17:17 - 2013-08-19 18:26 - 000000000 ____D C:\Program Files\CCleaner
2019-01-28 09:06 - 2018-11-09 10:37 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-01-23 06:26 - 2018-11-08 08:29 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-01-23 06:25 - 2012-04-26 05:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-20 08:36 - 2014-05-13 18:36 - 000000000 ____D C:\Program Files (x86)\TradeManager
2019-01-17 04:39 - 2017-03-16 02:48 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-01-17 04:35 - 2018-10-22 15:02 - 000042488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-01-17 04:35 - 2018-02-20 10:17 - 000239808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-01-17 04:35 - 2017-11-22 05:04 - 000203488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 001034056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000474648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000380144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000218056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000166472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000111992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000088144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-01-17 04:35 - 2016-04-15 03:50 - 000046584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2019-01-16 03:01 - 2012-05-12 02:02 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2019-01-16 03:01 - 2012-05-12 02:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Files in the root of some directories =======

2014-09-09 15:27 - 2014-09-09 15:30 - 000000000 _____ () C:\Users\BR\AppData\Roaming\bibstats
2014-10-27 08:16 - 2014-11-13 19:01 - 000000308 _____ () C:\Users\BR\AppData\Roaming\Rim.Desktop.Exception.log
2014-10-27 08:09 - 2014-11-28 09:44 - 000004042 _____ () C:\Users\BR\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-10-27 08:16 - 2014-11-13 19:01 - 000000308 _____ () C:\Users\BR\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-11 10:57 - 2014-11-11 10:57 - 000000044 _____ () C:\Users\BR\AppData\Roaming\WB.CFG
2017-01-14 12:04 - 2017-01-14 12:04 - 000000000 ____H () C:\Users\BR\AppData\Local\BITD200.tmp
2014-10-27 09:02 - 2014-10-27 09:02 - 000009728 _____ () C:\Users\BR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-12-27 11:56 - 2018-12-27 11:56 - 000000218 _____ () C:\Users\BR\AppData\Local\recently-used.xbel
2015-09-26 12:43 - 2015-09-26 12:43 - 000000017 _____ () C:\Users\BR\AppData\Local\resmon.resmoncfg
2012-06-07 20:09 - 2012-06-07 20:09 - 000000000 _____ () C:\Users\BR\AppData\Local\Temptable.xml
2012-09-23 13:15 - 2012-09-23 13:15 - 000137289 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.0
2012-09-23 13:15 - 2012-09-23 13:15 - 000132486 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.1
2012-09-23 13:15 - 2012-09-23 13:15 - 000132533 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.JPG
2012-09-23 13:15 - 2012-09-23 13:15 - 000003890 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001_navi.JPG
2012-10-03 17:21 - 2012-10-03 17:21 - 000121078 _____ () C:\Users\BR\AppData\Local\tmpNOMAD1.0
2012-10-03 17:21 - 2012-10-03 17:21 - 000044248 _____ () C:\Users\BR\AppData\Local\tmpNOMAD1.JPG
2012-10-03 17:18 - 2012-10-03 17:18 - 000112551 _____ () C:\Users\BR\AppData\Local\tmpNOMAD2.0
2012-10-03 17:18 - 2012-10-03 17:18 - 000040181 _____ () C:\Users\BR\AppData\Local\tmpNOMAD2.JPG
2012-10-03 17:21 - 2012-10-03 17:21 - 000115714 _____ () C:\Users\BR\AppData\Local\tmpNOMAD3.0
2012-10-03 17:21 - 2012-10-03 17:21 - 000038427 _____ () C:\Users\BR\AppData\Local\tmpNOMAD3.JPG
2012-10-03 17:22 - 2012-10-03 17:22 - 000134269 _____ () C:\Users\BR\AppData\Local\tmpNOMAD4.0
2012-10-03 17:22 - 2012-10-03 17:22 - 000049466 _____ () C:\Users\BR\AppData\Local\tmpNOMAD4.JPG
2012-10-03 17:22 - 2012-10-03 17:22 - 000135858 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.0
2012-10-03 17:22 - 2012-10-03 17:22 - 000050685 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.1
2012-10-03 17:22 - 2012-10-03 17:22 - 000050520 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.JPG
2012-10-03 17:23 - 2012-10-03 17:23 - 000136857 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.0
2012-10-03 17:23 - 2012-10-03 17:23 - 000049261 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.1
2012-10-03 17:23 - 2012-10-03 17:23 - 000049486 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.JPG
2012-08-22 15:05 - 2012-08-22 15:05 - 000006400 _____ () C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).0
2012-08-22 15:05 - 2012-08-22 15:05 - 000001969 _____ () C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).JPG
2017-01-14 11:57 - 2017-01-14 12:04 - 000000000 _____ () C:\Users\BR\AppData\Local\{7A3D3458-EB7D-4C05-A5E4-FDFD4ED3DCBD}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-02 00:00

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by BR (11-02-2019 07:14:54)
Running from C:\Users\BR\Downloads
Windows 7 Home Premium Service Pack 3 (X64) (2012-03-13 13:09:29)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-998330651-303224156-1059126384-500 - Administrator - Disabled)
bcom (S-1-5-21-998330651-303224156-1059126384-1003 - Administrator - Enabled) => C:\Users\bcom
BR (S-1-5-21-998330651-303224156-1059126384-1004 - Administrator - Enabled) => C:\Users\BR
BRIAN (S-1-5-21-998330651-303224156-1059126384-1000 - Administrator - Enabled) => C:\Users\BRIAN
Guest (S-1-5-21-998330651-303224156-1059126384-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.07 beta (x64) (HKLM\...\7-Zip) (Version: 15.07 - Igor Pavlov)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.1 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (HKLM-x32\...\{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (HKLM-x32\...\{A7AEE29F-839E-46B5-B347-6D430618129F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Akamai) (Version:  - Akamai Technologies, Inc)
Any Video Converter 3.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
ArtCAM 2015 (64-bit) (HKLM-x32\...\ArtCAM 2015 (64-bit)) (Version: 2015 - Delcam Ltd)
ArtCAM 2015 R2 (64-bit) (HKLM-x32\...\ArtCAM 2015 R2 (64-bit)) (Version: 2015 R2 - Delcam Ltd)
ArtCAM 2015 R2 DL (64-bit) (HKLM-x32\...\ArtCAM 2015 R2 DL (64-bit)) (Version: 2015 R2 - Delcam Ltd)
Autodesk Pixlr (HKLM-x32\...\{B0547B43-3AEE-453C-9945-800DDF92052D}) (Version: 1.1.1.0 - Autodesk) Hidden
Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.1.1.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6100 (HKLM-x32\...\{0DEF8C02-2EAB-4BFE-A7E0-7990665DF1A9}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c6100_Help (HKLM-x32\...\{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}) (Version: 82.0.256.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{1B1BF50E-ACE8-4481-B362-89544FB1CD4B}) (Version: 1.0.357 - Citrix)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
Corel Applications (HKLM-x32\...\Corel Applications) (Version:  - )
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delcam Exchange 2015 R2 (64-bit) (HKLM\...\Delcam Exchange 7.9.10) (Version: 7.9.10 - Delcam)
Delcam Exchange 2015 R4 (64-bit) (HKLM\...\Delcam Exchange 8.1.10) (Version: 8.1.10 - Delcam)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
eDrawings 2015 x64 (HKLM\...\{1849FD9A-F1F7-4D0C-BEE6-59C3337E5410}) (Version: 15.2.0033 - Dassault Systèmes SolidWorks Corp)
EPS File Viewer (HKLM-x32\...\{35B4B5ED-41DE-4CAB-A757-F967474819DC}_is1) (Version:  - epsfileviewer.com)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free DWG Viewer 7.3 (HKLM-x32\...\{BC66852F-0928-494F-B3C1-5FF5DB4F88BC}) (Version: 7.3.0.174 - IGC)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
gsimple 2.05 (HKLM-x32\...\gsimple) (Version: 2.05 - S.Kontogiannis)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 5740 series Basic Device Software (HKLM\...\{B09B89DC-91EF-4965-800D-2A5807D117D1}) (Version: 40.11.1135.17143 - HP Inc.)
HP Officejet 5740 series Help (HKLM-x32\...\{F17D53C7-DCE8-469C-9690-CF8F5903519C}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.7 - Hewlett-Packard) Hidden
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2226 - Intel Corporation)
IrfanView 4.50 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Live Mail Password Decryptor (HKLM-x32\...\{2C7228FF-A6A8-49D1-BE08-7453AB5D0359}) (Version: 4.0 - SecurityXploded) Hidden
Logitech Harmony Remote Software (x86) (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Magical Jelly Bean PasswdFinder (HKLM-x32\...\PasswdFinder_is1) (Version: 1.0.0.29 - PasswdFinder)
Mail Undelete Recovery Toolbox Free 2.3 (HKLM-x32\...\Mail Undelete Recovery Toolbox Free_is1) (Version:  - Recovery Toolbox, Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Mozilla Firefox 47.0.2 (x86 en-US) (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NirSoft WebBrowserPassView (HKLM-x32\...\NirSoft WebBrowserPassView) (Version:  - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Photobucket Desktop (HKLM-x32\...\{D0916F1D-236D-4B9A-BCEA-F535444DCA41}) (Version: 1.0.3.1552 - Photobucket)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
Product Improvement Study for HP Officejet 5740 series (HKLM\...\{0E14A09E-FBF5-461C-A10B-62F231B1722C}) (Version: 40.11.1135.17143 - HP Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2216 - CyberLink Corp.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rosetta Stone Version 3 (HKLM-x32\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.7.0 - Rosetta Stone Ltd.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scanything V1.0.8 (HKLM-x32\...\Scanything) (Version: 1.0.8 - Scanything)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Sentinel Protection Installer 7.6.6 (HKLM-x32\...\{8C2218AC-D1B1-4530-9E67-15164E0E52AB}) (Version: 7.6.6 - SafeNet, Inc.)
Sentinel System Driver Installer 7.5.7 (HKLM-x32\...\{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}) (Version: 7.5.7 - SafeNet, Inc.)
SewArt (HKLM\...\{233A5312-C6B1-48DB-8F62-5E1E2975F499}) (Version: 1.8.8 - S & S Computing)
SewWhat-Pro (HKLM\...\{5DF40802-1935-4B9F-9B7C-B16B6B875461}) (Version: 3.9.7 - S & S Computing)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype version 8.28 (HKLM-x32\...\Skype_is1) (Version: 8.28 - Skype Technologies S.A.)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SmoothDraw version 4.0.5 (HKLM-x32\...\SmoothDraw_is1) (Version: 4.0.5 - )
SMPIS (HKLM-x32\...\{999052D7-44A2-49F8-9851-A3D2D297EE03}) (Version: 29.00.000 - Merry Mechanization Inc.)
SolidWorks 2011 x64 Edition SP02 (HKLM\...\{4F113377-0BA1-4552-9ABB-9BF220FAF132}) (Version: 19.120.49 - SolidWorks) Hidden
SolidWorks 2011 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20110-40200-1100-100) (Version: 19.2.0.49 - SolidWorks Corporation)
SolidWorks eDrawings 2011 SP02 (HKLM-x32\...\{67C6633B-5A12-4955-A5E4-98D703F9AFA3}) (Version: 11.2.113 - Dassault Systèmes SolidWorks Corp.)
SolidWorks eDrawings 2011 x64 Edition SP02 (HKLM\...\{455804F2-70A9-46BD-BEB8-957000EC20D4}) (Version: 11.2.113 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks Explorer 2011 SP02 (HKLM-x32\...\{5F590D74-AA75-410F-A778-3CDFCE12DCD4}) (Version: 19.20.49 - SolidWorks Corporation)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SQLAnywhere1000 (HKLM-x32\...\{349E9132-5101-4094-859E-0EEE6F3DDCD5}) (Version: 10.1.4157 - Merry Mechanization Inc)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TradeManager 2011 SP2 (HKLM-x32\...\TradeManager 2011 SP2) (Version:  - Alisoft)
TradeManager 2014 Beta1 (HKLM-x32\...\TradeManager) (Version:  - Alibaba (China) Network Technology Co., Ltd.)
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trendnet USBKVM Switcher (HKLM-x32\...\Trendnet USBKVM Switcher_is1) (Version:  - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.8 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.7.3 - Tweaking.com)
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A95E3E66-D5A4-404E-997D-02562AA492E8}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wilcom TrueSizer e3.0 (HKLM-x32\...\{90C3F44A-7F39-4AEA-AC41-E32F97208269}) (Version: 17.0.185.7427 - Wilcom) Hidden
Wilcom TrueSizer e3.0 (HKLM-x32\...\{E801DDB4-3CFC-496E-9E04-781EC2445D82}) (Version: 17.0.185.7427 - Wilcom)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}) (Version: 1.0.24.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll (Alibaba (China) Network Technology Co.,Ltd. -> )
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll (Alibaba (China) Network Technology Co.,Ltd. -> )
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-09-17] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2014-01-28] (WinZip Computing LLC -> Nico Mak Computing)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-04-26] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1-x32: [PhoXo] -> {47F14307-F923-44F9-86CB-A1E193DA6070} => C:\Program Files (x86)\PhoXo\ExploreMenu.dll -> No File
ContextMenuHandlers1-x32: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-09-17] (Igor Pavlov)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-09-17] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-11-22] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01B68D52-81A4-4E5D-A008-EBE7A5E1D7A8} - System32\Tasks\AdobeAAMUpdater-1.0-BRIAN-PC-BR => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {0EB491D2-3F87-4560-81FF-E86009C528CA} - System32\Tasks\{8B8FB205-9240-4AC7-98E1-1FC0022AA2DC} => C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
Task: {137B4BA2-DE24-4F80-BC1F-179956948A9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {13C746E5-D9D4-410F-8374-C85DD78CB304} - System32\Tasks\{05A9FC79-8345-4041-BAB5-63B4B01AD275} => C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
Task: {19835642-4FB1-409E-B1C8-8C8DAB245E33} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {261C88CB-C0A6-449C-8B7E-520CB4278507} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {2761B74C-FF47-4ABC-B888-2B671AC244E5} - System32\Tasks\{A5D314F0-456F-4CB4-B01B-01065EE19CB7} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {2A5E94B0-88B5-4A7C-AE52-03F3C01C221B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {35E21EB3-832F-4CF8-96D9-CA922B3FC962} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {379D608C-0688-4B10-B21D-50B5B2A22E4F} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink -> CyberLink)
Task: {3A971650-3B29-4284-8710-C3F626E29C5B} - System32\Tasks\HPCustPartic.exe_{48E34D62-7EF7-41D2-8CFC-FF6ACE1C8F6D} => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe (Hewlett Packard -> HP Inc.)
Task: {4B06D158-F426-4D63-842D-A8D695E38F5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {4E972E24-4BA2-47D5-BEFD-94D785AA4E8C} - System32\Tasks\{1D5C86AE-F4DD-4B79-A361-3F31B70CFCEF} => C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation -> TechSmith Corporation)
Task: {58044AB4-8524-4227-9073-AAA8DF62A596} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {6AB5DF9B-167C-4E53-B5F8-EC132C9AB8CD} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {7016C1DA-8A0A-4266-A065-4ECEF51B751B} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe (Hewlett-Packard Company -> )
Task: {76BFAC61-5025-4C95-9233-B223F5F3731E} - System32\Tasks\{8687F8BE-E36A-4EEF-AF42-1D43D36FA6D3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {7C5A95DD-03B0-42B0-AE44-40365D9FFEB6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {7F54A87F-3AB1-4857-8F5D-3B1374A9D962} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {80747828-AE28-4142-B594-2A8E87EF8F5F} - System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {85F928BF-474B-410C-955F-9BC4A5E814AE} - System32\Tasks\{ECC6E21C-0E02-48C1-81A6-B7DF3E56C4A3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MMI\MachineDriverInstaller.exe" -d C:\Users\BRIAN\Desktop -c C:\Users\BRIAN\Desktop\second-house.DXF
Task: {983288AE-7B6C-4262-A354-ED914BAB9B17} - System32\Tasks\{7ABB10C8-4419-4DA7-B870-5539FB2B4CFF} => C:\Program Files\Dassault Systemes\DraftSight\bin\DraftSight.exe
Task: {9898530D-7128-408C-A288-8A7655746A86} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {99DC5BAC-F1C3-4CDC-8CB1-F45B3B886E25} - System32\Tasks\{9D8A851B-EEC2-4D8A-87F8-B68A9BA893E4} => C:\Windows\system32\pcalua.exe -a "E:\English\JDPaint55 1048\JDPaint.exe" -d "E:\English\JDPaint55 1048"
Task: {9A3CE333-775C-4F78-992D-AA2801A46B4E} - System32\Tasks\{6F7F92BF-441E-4C9E-852D-876D6730FB99} => C:\Windows\system32\pcalua.exe -a L:\AutoCAD_2011_English_Win_64bit.exe -d L:\
Task: {9E7B5155-9C08-45C9-9779-27D04278AC5D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {A478F95E-3FEA-4AA2-9564-F616630E60FB} - System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A} => C:\Windows\system32\pcalua.exe -a "C:\Users\BR\Documents\SolidWorks Downloads\SolidWorks 2011 SP02\swwi\data\setup.exe" -d "C:\Users\BR\Documents\SolidWorks Downloads\SolidWorks 2011 SP02\swwi\data"
Task: {A6AC5370-51F9-4CFD-997A-8A157D90FF99} - System32\Tasks\HPCustParticipation HP Officejet 5740 series => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe (Hewlett Packard -> HP Inc.)
Task: {B1887102-041D-4F62-A50E-9FDD2221ED07} - System32\Tasks\SafeZone scheduled Autoupdate 1460721208 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {BC7A2992-A263-4155-B654-7C15A59B0C9D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {BEBB79F8-7713-4DBF-9FF9-0BA8E1E28A44} - System32\Tasks\{992C1360-B7C4-4ED1-9082-8E159FCB82C3} => C:\Windows\system32\pcalua.exe -a C:\Users\BR\Downloads\setup.exe -d C:\Users\BR\Downloads
Task: {C022465E-7A07-4924-8167-E4FCA8D56381} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {CA4307C5-0B5B-4183-AE41-368899A730FF} - System32\Tasks\{A75FBD77-F964-481B-B7EF-F4B1EA2968ED} => C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
Task: {D16D3224-3EE0-4200-9E22-85BF14CE0671} - System32\Tasks\{9C9F2E80-4ADE-449B-9057-40106FF8BC7F} => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
Task: {D5226923-4D3A-4364-BD39-D4CE1AE244C8} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Tweaking LLC -> Tweaking.com)
Task: {DD268EF9-0389-4933-BB76-5200E5670973} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {EF688760-AA89-4443-B5F1-5CEE174F3EBE} - System32\Tasks\{344968BF-A556-4FFC-984C-7E186895F06B} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\DriverAgent\dauninst.exe
Task: {F071B936-8E01-43A1-8968-3D7C08AC6606} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {FDFDEFE5-F9F6-4CA4-BCF3-CD265AA0EF41} - System32\Tasks\HPCustPartic.exe_{F94022F2-89C4-4C6F-A846-667671D2320F} => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe (Hewlett Packard -> HP Inc.)
Task: {FF68EC2C-3B0C-4266-A221-56BDB11B6623} - System32\Tasks\{9F1E4A2B-AEA4-4565-A49A-E488006A3FAF} => C:\Windows\system32\pcalua.exe -a C:\Users\BR\Downloads\Mach3Version3.043.066.exe -d C:\Users\BR\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\BR\Favorites\Fotor for desktop.lnk -> hxxp://www.fotor.com/desktop/index.htm

ShortcutWithArgument: C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\craigslist_ vancouver, BC jobs, apart.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=oodmfgjfnfmcjhffmmaepknoggiokdhk

==================== Loaded Modules (Whitelisted) ==============

2012-12-15 12:55 - 2005-03-12 00:07 - 000087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2018-01-04 23:13 - 2018-01-04 23:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-04 23:14 - 2018-01-04 23:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-11-09 10:37 - 2019-01-28 09:06 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-22 04:57 - 2018-11-22 04:57 - 000728792 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2018-01-22 02:15 - 2018-01-22 02:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-01-22 02:15 - 2018-01-22 02:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2015-10-10 14:17 - 2010-09-09 09:05 - 000593920 _____ () C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe
2015-08-18 11:05 - 2017-10-18 09:03 - 000108544 _____ () C:\Program Files (x86)\TradeManager\AliApp.exe
2016-05-22 18:32 - 2016-05-22 18:32 - 031680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2018-12-17 16:51 - 2018-12-11 21:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-17 16:51 - 2018-12-11 21:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2018-11-22 04:56 - 2018-11-22 04:56 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-11-22 04:57 - 2018-11-22 04:57 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-11-22 04:56 - 2018-11-22 04:56 - 000496344 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-11-22 04:56 - 2018-11-22 04:56 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-11-22 04:56 - 2018-11-22 04:56 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2019-02-11 04:02 - 2019-02-11 04:02 - 005741712 _____ () C:\Program Files\AVAST Software\Avast\defs\19021102\algo.dll
2018-03-03 16:06 - 2018-03-03 16:06 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-04 23:14 - 2018-01-04 23:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-04 23:14 - 2018-01-04 23:14 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-30 23:32 - 2014-10-07 19:12 - 000273408 _____ () C:\Program Files (x86)\TradeManager\pcre.dll
2015-03-30 23:32 - 2014-10-07 19:12 - 000361472 _____ () C:\Program Files (x86)\TradeManager\rv2archive.dll
2015-03-30 23:33 - 2019-01-02 19:59 - 000108032 _____ () C:\Program Files (x86)\TradeManager\rv2log.dll
2015-03-30 23:33 - 2019-01-02 19:59 - 000314880 _____ () C:\Program Files (x86)\TradeManager\rv2core.dll
2015-08-18 11:05 - 2017-09-14 19:56 - 042149888 _____ () C:\Program Files (x86)\TradeManager\aef.dll
2015-12-07 09:29 - 2018-11-19 18:37 - 000029696 _____ () C:\Program Files (x86)\TradeManager\AliProtect.dll
2015-09-15 23:06 - 2017-05-19 09:01 - 000147456 _____ () C:\Program Files (x86)\TradeManager\PerfTrace.dll
2015-02-09 18:40 - 2015-02-09 18:40 - 001554888 _____ () C:\Program Files (x86)\TradeManager\LIBEAY32.dll
2015-03-30 23:33 - 2019-01-02 19:59 - 000581632 _____ () C:\Program Files (x86)\TradeManager\uacagent.dll
2015-02-09 18:40 - 2015-02-09 18:40 - 000072192 _____ () C:\Program Files (x86)\TradeManager\zlibwapi.dll
2015-02-09 18:39 - 2015-02-09 18:39 - 000437216 _____ () C:\Program Files (x86)\TradeManager\collina.dll
2015-10-10 14:17 - 2007-07-17 15:26 - 000086016 _____ () C:\Program Files (x86)\Trendnet\USBKVM Switcher\kEYHOOK.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 002121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 007745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-08-20 12:35 - 2009-08-20 12:35 - 000135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2016-08-24 07:45 - 2016-08-24 07:45 - 040523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-12-24 15:15 - 2015-12-24 15:15 - 000698152 _____ () C:\Users\BR\AppData\Roaming\TaobaoProtect\AliBench\AlibenchDLL.dll
2016-06-07 23:10 - 2016-06-07 23:10 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-07 23:10 - 2016-06-07 23:10 - 000205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-07 23:10 - 2016-06-07 23:10 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-07 23:10 - 2016-06-07 23:10 - 000125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-08-24 07:24 - 2016-08-24 07:24 - 000109760 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll
2016-06-07 23:10 - 2016-06-07 23:10 - 000166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Classes\.scr: scrfile =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxp://taobao.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\taobao.com -> hxxp://taobao.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2019-01-04 01:01 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\SQL Anywhere 10\win32;C:\Program Files (x86)\SQL Anywhere 10\Sybase Central 5.0.0\win32;%PROGRAMFILES%\Internet Explorer;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-998330651-303224156-1059126384-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BRIAN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-998330651-303224156-1059126384-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\bcom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\BR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: AliSafeEngine Service => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DraftSight API Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: SentinelKeysServer => 2
MSCONFIG\Services: SentinelProtectionServer => 2
MSCONFIG\Services: SentinelSecurityRuntime => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Unchecky => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: wwbizsrv => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{941584E1-854B-434D-85FE-08615386E6DD}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [UDP Query User{24DB1A02-894B-4B50-80C3-AF89B7F3A379}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [TCP Query User{0B6B3E9F-1303-4E14-8895-DA3ACC99F6CF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{1E3A6126-5910-4D3B-9911-15769D574BBB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{4CB72E1A-D77F-4284-B7EA-15ECCA2A0518}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [UDP Query User{849E739F-CA22-4888-A9A6-C5EE2B84C0D7}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [TCP Query User{B3B2AC8C-624A-4D95-AA88-2C109ACF15C1}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [UDP Query User{75B9D3FE-C59D-40B9-BB93-78365A52A88E}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{7BCA530D-AEF9-4312-AB98-5FA57B22C9D4}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS0312\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{DD0816DF-1A6D-46DE-B7FA-8F03EA897AFA}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS0312\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{7027FCA1-ED17-4B7B-9DEF-90707122CEED}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS03BC\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{4E250D65-5C7F-4C5C-8E68-F728A34421A7}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS03BC\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [TCP Query User{9F26BF52-B13B-471C-A6AC-44F98C53BC00}C:\program files (x86)\trademanager\aliim.exe] => (Allow) C:\program files (x86)\trademanager\aliim.exe (Alibaba (China) Co., Ltd.)
FirewallRules: [UDP Query User{E3DB5C18-C6C1-4FD6-A0D7-15EFCCE65DC2}C:\program files (x86)\trademanager\aliim.exe] => (Allow) C:\program files (x86)\trademanager\aliim.exe (Alibaba (China) Co., Ltd.)
FirewallRules: [{FEA0FE39-54A2-480A-9CAD-7D55D772EAA6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe No File
FirewallRules: [{9BF14085-062A-4EB5-A452-75190E55F47F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe No File
FirewallRules: [{B9C78521-F0A8-4E23-9136-149ADB9DB1A0}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe No File
FirewallRules: [{20D7AE74-B6A3-426F-B416-9DC325C694AA}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe No File
FirewallRules: [TCP Query User{DD81ED75-AA34-4A58-B5BA-EF7D04E2CE88}C:\program files (x86)\trademanager\aliim.exe] => (Block) C:\program files (x86)\trademanager\aliim.exe (Alibaba (China) Co., Ltd.)
FirewallRules: [UDP Query User{5F6A084B-A851-4FFB-BC11-EBF0148E87B4}C:\program files (x86)\trademanager\aliim.exe] => (Block) C:\program files (x86)\trademanager\aliim.exe (Alibaba (China) Co., Ltd.)
FirewallRules: [{1E665E32-F3CE-4E07-ADA2-EE9C6EB26E2D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CFE4F658-D641-404D-8048-318DD582A421}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{80D39522-104E-4FB8-AF99-1FAC08D8BAAE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C14434CB-10C7-4B29-8255-37412E9CC49F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{231BF8B0-E8AA-41FE-BA9A-568103FD2F6D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{753E03DD-946C-41B7-97D9-47B6B408B966}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{25DB26D6-7C8D-421E-BD9F-0EBCBFA140D4}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS35EA\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{BD5D4210-B6E5-45E3-881D-BAEC293F3BF7}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS35EA\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{26EAF1A7-27A7-40A1-8B97-244D92D509DD}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS3FFD\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{84C5F561-9393-4117-9C21-1602D63CDAA9}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS3FFD\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{066E33B9-FBB5-4872-A4EF-6ACA4D6C8780}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS4109\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{D8C0664B-C6D4-48BA-B1F4-5682814D8FAF}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS4109\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{14FC1362-862C-41E8-9E03-9DEAFB364DA3}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS416B\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{734FA13E-75FC-4204-82B7-5CBEADE5CEF1}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS416B\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{268CDBAB-5953-49C3-B923-E0C09378C160}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS7EF8\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{EB46FD57-3C8D-4324-BF80-8CACE5BC36F5}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS7EF8\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{F028B163-0059-448B-BB75-773426B9BFC0}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2E7E\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{2DE49187-0F5B-4044-84FE-0A669CC85F33}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2E7E\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{2F80605A-D7CD-4639-B271-0B88302D1B78}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2F2F\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{5F35F7C3-2461-4952-AA85-73CF95EA6F47}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2F2F\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{5A4F57BB-C9CE-45EC-B240-2C84F10D8EC1}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS334A\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{C0330068-E65D-41C2-87C9-CA6BA61A2EBD}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS334A\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{C21344CC-E893-44F5-8E7E-701F26AB182D}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{FA59B4A3-B4E9-4169-80CA-0ACAFF3299DB}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{D1A0FBE8-8102-4DCB-9C1B-4C6DA9A2E4B0}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\SendAFax.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{8BF19FE5-091A-4478-A1B9-B0F5988DB7EB}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{DDEF6243-1EA8-4B81-9D35-C268ABDF94F0}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{3C37859B-1FDB-4B6F-AC4C-69AA2592E700}] => (Allow) LPort=5357
FirewallRules: [{38935BAA-FB00-4F8E-AFF2-1ECFFCCB3402}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{83EF81F4-A047-486B-9ED7-788156AA5F02}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS492E\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{2CCFE143-FE63-463D-BF2D-38FA0542B828}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS492E\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{30090691-2965-4C2E-BCEA-F17CD8043B3C}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS71FF\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{368EF3B6-D448-4597-BDD7-C5370190596C}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS71FF\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{86C000D4-66B4-43D9-BBEC-01712566D1A2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF079C67-BCD2-4063-9247-D4264175A7A9}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7F9AC02C-F9FA-4201-9C09-C06F7B5B630D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{747DE1F7-7A8F-4729-8D96-E06E0C5A5FFA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{B41BAFD4-3B90-42C3-B49D-50BD0A8FC864}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{7FAC275E-EF51-4AE7-BF73-EB278A5117C5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E11B348-E024-4FA4-974E-4ABA18354EA8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{32037EE3-CB62-4E38-A5AA-9282CB2DB64D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{20886188-8858-4F5F-9AC5-E4B5623AA4DE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{93D40DB1-EC32-498A-9758-3B800ABFE9FE}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{8FC46BB2-1E50-404D-8BBE-126C9B8B60EC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7

==================== Restore Points =========================

19-01-2018 03:00:20 Windows Update
21-01-2018 10:25:07 Restore Operation
21-01-2018 13:04:50 Revo Uninstaller's restore point - Magical Jelly Bean PasswdFinder
21-01-2018 13:11:00 Revo Uninstaller's restore point - Kodi
22-01-2018 03:01:23 Windows Update
25-01-2018 03:00:28 Windows Update
09-02-2018 03:52:36 Scheduled Checkpoint
14-02-2018 03:01:12 Windows Update
03-03-2018 18:18:02 Scheduled Checkpoint
12-03-2018 20:07:31 Scheduled Checkpoint
14-03-2018 02:00:44 Windows Update
14-03-2018 15:53:12 Installed iTunes
17-03-2018 14:16:49 Removed iTunes
17-03-2018 14:17:52 Removed iTunes
17-03-2018 14:24:12 Removed iTunes
17-03-2018 14:31:38 Installed iTunes
17-03-2018 14:52:14 Removed Apple Mobile Device Support
17-03-2018 14:53:16 Removed Apple Software Update
17-03-2018 14:54:19 Removed Apple Application Support (64-bit)
17-03-2018 14:55:37 Removed Apple Application Support (32-bit)
17-03-2018 14:56:05 Removed Apple Application Support (32-bit)
17-03-2018 14:57:51 Removed Bonjour
17-03-2018 14:58:30 Removed iTunes
17-03-2018 15:33:38 Installed iTunes
30-03-2018 02:00:42 Windows Update
07-04-2018 02:00:40 Windows Update
11-04-2018 02:00:45 Windows Update
18-04-2018 08:16:28 Scheduled Checkpoint
24-04-2018 10:49:08 Installed StudioTax 2017
26-04-2018 08:21:41 Removed StudioTax 2017
09-05-2018 02:01:01 Windows Update
31-05-2018 07:44:09 Removed Backup and Sync from Google
11-06-2018 00:47:39 Scheduled Checkpoint
13-06-2018 02:00:16 Windows Update
29-06-2018 23:15:46 Scheduled Checkpoint
08-07-2018 13:34:15 Scheduled Checkpoint
11-07-2018 02:00:25 Windows Update
20-07-2018 11:45:42 Removed DraftSight 2015 SP2 x64.
01-08-2018 09:08:55 Installed OpenOffice 4.1.5
01-08-2018 10:00:28 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
01-08-2018 16:08:43 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
02-08-2018 02:00:11 Windows Update
15-08-2018 02:01:24 Windows Update
29-08-2018 08:15:31 Scheduled Checkpoint
29-08-2018 08:36:30 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
29-08-2018 09:27:04 Restore Operation
13-09-2018 02:02:01 Windows Update
30-09-2018 08:09:53 Scheduled Checkpoint
08-10-2018 19:43:32 Installed Skype™ 7.41
11-10-2018 02:01:12 Windows Update
12-10-2018 02:01:15 Windows Update
25-10-2018 10:31:19 Scheduled Checkpoint
08-11-2018 06:38:47 Scheduled Checkpoint
14-11-2018 03:01:43 Windows Update
29-11-2018 00:02:46 Scheduled Checkpoint
09-12-2018 08:44:50 Scheduled Checkpoint
13-12-2018 03:00:26 Windows Update
20-12-2018 03:01:27 Windows Update
28-12-2018 09:24:34 Scheduled Checkpoint
09-01-2019 03:00:26 Windows Update
09-01-2019 05:32:54 Windows Update
16-01-2019 03:00:11 Windows Update
25-01-2019 00:09:48 Scheduled Checkpoint
11-02-2019 07:05:09 Removed 0501(English)

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Qualcomm Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Description: Qualcomm Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/10/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/09/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/08/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/07/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/06/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/05/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/04/2019 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

System errors:
=============
Error: (02/09/2019 07:29:29 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{BC556D6E-E0DC-496A-82C9-E12641CD952E}.
The backup browser is stopping.

Error: (02/09/2019 06:27:23 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MAINPC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC556D6E-E0DC-496A-82C9-E12641CD952E}.
The master browser is stopping or an election is being forced.

Error: (02/05/2019 09:01:18 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/05/2019 09:01:18 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (02/01/2019 10:30:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/31/2019 10:30:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/30/2019 10:30:43 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/29/2019 10:30:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

CodeIntegrity:
===================================

Date: 2018-11-14 03:40:07.722
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 12:29:59.014
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 12:29:58.733
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 05:07:52.175
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 05:07:52.034
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 04:51:43.641
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 04:51:43.314
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 04:29:01.016
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 87%
Total physical RAM: 7133.18 MB
Available physical RAM: 910.68 MB
Total Virtual: 14264.5 MB
Available Virtual: 7293.42 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920.39 GB) (Free:70.59 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.02 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{b853008b-6d0c-11e1-b88a-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#8
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 419 posts
Hi,

Highlight the contents of the below code box and press Ctrl + C:
Start::

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [aliim] => C:\Program Files (x86)\TradeManager\AliIM.exe [543232 2019-01-02] (Alibaba (China) Co., Ltd.)

URLSearchHook: HKU\S-1-5-21-998330651-303224156-1059126384-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1003 -> {07C7C110-7846-4522-8DA7-7316F05F3171} URL =

FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\TradeManager\npwangwang.dll [2014-11-10] ( )
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [2015-02-09] (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]

S4 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [2904176 2016-07-13] (TAOBAO (CHINA) SOFTWARE CO.,LTD. -> Alibaba Group)

ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File

Task: {76BFAC61-5025-4C95-9233-B223F5F3731E} - System32\Tasks\{8687F8BE-E36A-4EEF-AF42-1D43D36FA6D3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {80747828-AE28-4142-B594-2A8E87EF8F5F} - System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {85F928BF-474B-410C-955F-9BC4A5E814AE} - System32\Tasks\{ECC6E21C-0E02-48C1-81A6-B7DF3E56C4A3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MMI\MachineDriverInstaller.exe" -d C:\Users\BRIAN\Desktop -c C:\Users\BRIAN\Desktop\second-house.DXF
Task: {A478F95E-3FEA-4AA2-9564-F616630E60FB} - System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A} => C:\Windows\system32\pcalua.exe -a "C:\Users\BR\Documents\SolidWorks Downloads\SolidWorks 2011 SP02\swwi\data\setup.exe" -d "C:\Users\BR\Documents\SolidWorks Downloads\SolidWorks 2011 SP02\swwi\data"

HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Classes\.scr: scrfile =>  <==== ATTENTION

IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxp://taobao.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\taobao.com -> hxxp://taobao.com

FirewallRules: [TCP Query User{DD81ED75-AA34-4A58-B5BA-EF7D04E2CE88}C:\program files (x86)\trademanager\aliim.exe] => (Block) C:\program files (x86)\trademanager\aliim.exe (Alibaba (China) Co., Ltd.)
FirewallRules: [UDP Query User{5F6A084B-A851-4FFB-BC11-EBF0148E87B4}C:\program files (x86)\trademanager\aliim.exe] => (Block) C:\program files (x86)\trademanager\aliim.exe (Alibaba (China) Co., Ltd.)

VirusTotal: C:\Windows\SysWOW64\Drivers\utqyodqx.sys
VirusTotal: C:\Users\BR\AppData\Roaming\bibstats
Folder: C:\MSIba4e3.tmp

C:\Program Files (x86)\TradeManager
C:\Users\BR\AppData\Roaming\TaobaoProtect
C:\Program Files (x86)\Alibaba

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.

Let me know how the computer is doing.

Thanks.
  • 0

#9
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 211 posts

Hi, it seems to be a lot better now , I have used my PC for about 1/2 hr with no popups 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by BR (11-02-2019 09:49:28) Run:1
Running from C:\Users\BR\Downloads
Loaded Profiles: BRIAN & bcom & BR (Available Profiles: BRIAN & bcom & BR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [aliim] => C:\Program Files (x86)\TradeManager\AliIM.exe [543232 2019-01-02] (Alibaba (China) Co., Ltd.)
URLSearchHook: HKU\S-1-5-21-998330651-303224156-1059126384-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1003 -> {07C7C110-7846-4522-8DA7-7316F05F3171} URL =
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\TradeManager\npwangwang.dll [2014-11-10] ( )
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [2015-02-09] (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]
S4 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [2904176 2016-07-13] (TAOBAO (CHINA) SOFTWARE CO.,LTD. -> Alibaba Group)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
Task: {76BFAC61-5025-4C95-9233-B223F5F3731E} - System32\Tasks\{8687F8BE-E36A-4EEF-AF42-1D43D36FA6D3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {80747828-AE28-4142-B594-2A8E87EF8F5F} - System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {85F928BF-474B-410C-955F-9BC4A5E814AE} - System32\Tasks\{ECC6E21C-0E02-48C1-81A6-B7DF3E56C4A3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MMI\MachineDriverInstaller.exe" -d C:\Users\BRIAN\Desktop -c C:\Users\BRIAN\Desktop\second-house.DXF
Task: {A478F95E-3FEA-4AA2-9564-F616630E60FB} - System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A} => C:\Windows\system32\pcalua.exe -a "C:\Users\BR\Documents\SolidWorks Downloads\SolidWorks 2011 SP02\swwi\data\setup.exe" -d "C:\Users\BR\Documents\SolidWorks Downloads\SolidWorks 2011 SP02\swwi\data"
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Classes\.scr: scrfile =>  <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxp://taobao.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\taobao.com -> hxxp://taobao.com
FirewallRules: [TCP Query User{DD81ED75-AA34-4A58-B5BA-EF7D04E2CE88}C:\program files (x86)\trademanager\aliim.exe] => (Block) C:\program files (x86)\trademanager\aliim.exe (Alibaba (China) Co., Ltd.)
FirewallRules: [UDP Query User{5F6A084B-A851-4FFB-BC11-EBF0148E87B4}C:\program files (x86)\trademanager\aliim.exe] => (Block) C:\program files (x86)\trademanager\aliim.exe (Alibaba (China) Co., Ltd.)
VirusTotal: C:\Windows\SysWOW64\Drivers\utqyodqx.sys
VirusTotal: C:\Users\BR\AppData\Roaming\bibstats
Folder: C:\MSIba4e3.tmp
C:\Program Files (x86)\TradeManager
C:\Users\BR\AppData\Roaming\TaobaoProtect
C:\Program Files (x86)\Alibaba

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Windows\CurrentVersion\Run\\aliim" => removed successfully
"HKU\S-1-5-21-998330651-303224156-1059126384-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-998330651-303224156-1059126384-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07C7C110-7846-4522-8DA7-7316F05F3171} => removed successfully
HKLM\Software\Classes\CLSID\{07C7C110-7846-4522-8DA7-7316F05F3171} => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@alibaba.com/npwangwang;version=1.0 => removed successfully
C:\Program Files (x86)\TradeManager\npwangwang.dll => moved successfully
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\MozillaPlugins\@alibaba.com/npAliSSOLogin;version=1.0 => removed successfully
Could not move "C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll" => Scheduled to move on reboot.
"HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\MozillaPlugins\FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]" => not found
"FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]" => not found
"HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\MozillaPlugins\FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]" => not found
"FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]" => not found
HKLM\System\CurrentControlSet\Services\wwbizsrv => removed successfully
wwbizsrv => service removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE => removed successfully
HKLM\Software\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76BFAC61-5025-4C95-9233-B223F5F3731E} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76BFAC61-5025-4C95-9233-B223F5F3731E} => removed successfully
C:\Windows\System32\Tasks\{8687F8BE-E36A-4EEF-AF42-1D43D36FA6D3} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8687F8BE-E36A-4EEF-AF42-1D43D36FA6D3} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80747828-AE28-4142-B594-2A8E87EF8F5F} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80747828-AE28-4142-B594-2A8E87EF8F5F} => removed successfully
Could not move "C:\Windows\System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C}" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{12FF90D0-0CA3-410B-8D51-6027360B341C} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85F928BF-474B-410C-955F-9BC4A5E814AE} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85F928BF-474B-410C-955F-9BC4A5E814AE} => removed successfully
Could not move "C:\Windows\System32\Tasks\{ECC6E21C-0E02-48C1-81A6-B7DF3E56C4A3}" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ECC6E21C-0E02-48C1-81A6-B7DF3E56C4A3} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A478F95E-3FEA-4AA2-9564-F616630E60FB} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A478F95E-3FEA-4AA2-9564-F616630E60FB} => removed successfully
Could not move "C:\Windows\System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A}" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A} => removed successfully
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Classes\.scr => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alipay.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alipay.com => not found
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alisoft.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alisoft.com => not found
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taobao.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taobao.com => not found
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alipay.com => removed successfully
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alipay.com => not found
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alisoft.com => removed successfully
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alisoft.com => not found
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taobao.com => removed successfully
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taobao.com => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DD81ED75-AA34-4A58-B5BA-EF7D04E2CE88}C:\program files (x86)\trademanager\aliim.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5F6A084B-A851-4FFB-BC11-EBF0148E87B4}C:\program files (x86)\trademanager\aliim.exe" => removed successfully
VirusTotal: C:\Windows\SysWOW64\Drivers\utqyodqx.sys => https://www.virustot...sis/1549463969/
VirusTotal: C:\Users\BR\AppData\Roaming\bibstats => D41D8CD98F00B204E9800998ECF8427E (0-byte MD5)

========================= Folder: C:\MSIba4e3.tmp ========================

====== End of Folder: ======

"C:\Program Files (x86)\TradeManager" folder move:

Could not move "C:\Program Files (x86)\TradeManager" => Scheduled to move on reboot.

"C:\Users\BR\AppData\Roaming\TaobaoProtect" folder move:

Could not move "C:\Users\BR\AppData\Roaming\TaobaoProtect" => Scheduled to move on reboot.

"C:\Program Files (x86)\Alibaba" folder move:

Could not move "C:\Program Files (x86)\Alibaba" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11964092 B
Java, Flash, Steam htmlcache => 1189 B
Windows/system/drivers => 295524196 B
Edge => 0 B
Chrome => 923670419 B
Firefox => 129154121 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
BRIAN => 63098956 B
LogMeInRemoteUser => 0 B
bcom => 18390299 B
BR => 3359348303 B

RecycleBin => 936897435 B
EmptyTemp: => 5.4 GB temporary data Removed.

================================

==== End of Fixlog 09:54:49 ====


  • 0

#10
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 211 posts

spoke too soon , they just started again. I did not  need to reboot should I ?


  • 0

Advertisements


#11
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 419 posts
Hi,

Looks like some parts of the infection are resisting removal. Please run the below FRST fix.

Highlight the contents of the below code box and press Ctrl + C:
Start::

CreateRestorePoint:
CloseProcesses:

S3 utqyodqx; C:\Windows\SysWOW64\Drivers\utqyodqx.sys [7168 2015-12-31] () [File not signed]
C:\Windows\SysWOW64\Drivers\utqyodqx.sys

Unlock: C:\Program Files (x86)\TradeManager
C:\Program Files (x86)\TradeManager
Unlock: C:\Users\BR\AppData\Roaming\TaobaoProtect
C:\Users\BR\AppData\Roaming\TaobaoProtect
Unlock: C:\Program Files (x86)\Alibaba
C:\Program Files (x86)\Alibaba
Unlock: C:\Windows\System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A}
C:\Windows\System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A}
Unlock: C:\Windows\System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C}
C:\Windows\System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C}

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.

Thanks.
  • 0

#12
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 211 posts

here is the file

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by BR (11-02-2019 10:17:08) Run:1
Running from C:\Users\BR\Downloads
Loaded Profiles: BRIAN & bcom & BR (Available Profiles: BRIAN & bcom & BR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
S3 utqyodqx; C:\Windows\SysWOW64\Drivers\utqyodqx.sys [7168 2015-12-31] () [File not signed]
C:\Windows\SysWOW64\Drivers\utqyodqx.sys
Unlock: C:\Program Files (x86)\TradeManager
C:\Program Files (x86)\TradeManager
Unlock: C:\Users\BR\AppData\Roaming\TaobaoProtect
C:\Users\BR\AppData\Roaming\TaobaoProtect
Unlock: C:\Program Files (x86)\Alibaba
C:\Program Files (x86)\Alibaba
Unlock: C:\Windows\System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A}
C:\Windows\System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A}
Unlock: C:\Windows\System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C}
C:\Windows\System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C}

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\utqyodqx => removed successfully
utqyodqx => service removed successfully
C:\Windows\SysWOW64\Drivers\utqyodqx.sys => moved successfully
"C:\Program Files (x86)\TradeManager" => was unlocked

"C:\Program Files (x86)\TradeManager" folder move:

Could not move "C:\Program Files (x86)\TradeManager" => Scheduled to move on reboot.

"C:\Users\BR\AppData\Roaming\TaobaoProtect" => was unlocked

"C:\Users\BR\AppData\Roaming\TaobaoProtect" folder move:

Could not move "C:\Users\BR\AppData\Roaming\TaobaoProtect" => Scheduled to move on reboot.

"C:\Program Files (x86)\Alibaba" => was unlocked

"C:\Program Files (x86)\Alibaba" folder move:

Could not move "C:\Program Files (x86)\Alibaba" => Scheduled to move on reboot.

"C:\Windows\System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A}" => was unlocked
Could not move "C:\Windows\System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A}" => Scheduled to move on reboot.
"C:\Windows\System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C}" => was unlocked
Could not move "C:\Windows\System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C}" => Scheduled to move on reboot.

==== End of Fixlog 10:18:30 ====


  • 0

#13
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 419 posts
Hi,

We'll try it in Safe Mode.

Press the Windows Key + R. This will open the Run box.
Type Notepad and click OK.

Copy the contents of the below code box to the new file:
 
Start

Unlock: C:\Program Files (x86)\TradeManager
C:\Program Files (x86)\TradeManager
Unlock: C:\Users\BR\AppData\Roaming\TaobaoProtect
C:\Users\BR\AppData\Roaming\TaobaoProtect
Unlock: C:\Program Files (x86)\Alibaba
C:\Program Files (x86)\Alibaba
Unlock: C:\Windows\System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A}
C:\Windows\System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A}
Unlock: C:\Windows\System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C}
C:\Windows\System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C}

End
Click on File > Save as. Save the file as fixlist.txt to the same location as FRST.
The location is in the 3rd line of the FRST.txt log you posted.

Reboot your computer. Tap the F8 key as soon as your computer starts to boot. You will see the "Advanced Boot Options" screen.
Use the arrow keys to select Safe Mode then press Enter. Your PC will boot to safe mode.

Run FRST64.exe and click Fix.
When the fix is complete the tool will create a log in the same directory as FRST. (Fixlog.txt)

Restart your computer to boot to Normal Mode again.

Please post the Fixlog.txt in your next reply.

Thanks.
  • 0

#14
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 211 posts

note sure how to do save file on notepad?

sorry

Click on File > Save as. Save the file as fixlist.txt to the same location as FRST.
The location is in the 3rd line of the FRST.txt log you posted.


  • 0

#15
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 419 posts
Hi,

Copy the contents of the codebox in my previous post to the Notepad document.

Then click the File button in the upper left corner, then Save.
Navigate to C:\Users\BR\Downloads in the "Save as" window. In the File name box, type fixlist.txt and click Save.

Then, boot to Safe Mode and run the fix as per the instructions in my previous post.
If you have any questions let me know.

Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP