Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

pop up all the time now


  • Please log in to reply

#1
RUSTY2

RUSTY2

    Member

  • Member
  • PipPipPip
  • 214 posts

thank you for your help again!!

having pop up for a few months now , only a few when i first start my pc but lately cant get rid of them . Ran malwarbytes but it showed  no problem

any help will be appreciated 

Brian

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/24/20
Scan Time: 8:25 AM
Log File: 116c3c51-3ec6-11ea-890b-e0cb4e7d728e.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.14493
License: Free

-System Information-
OS: Windows 7 Service Pack 3
CPU: x64
File System: NTFS
User: BRIAN-PC\BR

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 397304
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 18 min, 28 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,274 posts
  • MVP


  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.



 


  • 0

#3
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 214 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2020 01
Ran by BR (administrator) on BRIAN-PC (HP-Pavilion BK235AA-ABL p6332c) (25-01-2020 08:14:29)
Running from C:\Users\BR\Downloads
Loaded Profiles: BR (Available Profiles: BRIAN & bcom & BR)
Platform: Windows 7 Home Premium Service Pack 3 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Trendnet\USBKVM Switcher\USBKVM.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Macrovision Corporation) [File not signed] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Software Sarl -> Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(WinZip Computing LLC -> Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [XeroxEndeavorBackgroundTask] => C:\Windows\system32\xrWCbgnd.dll [58368 2009-07-13] (Microsoft Windows -> Xerox Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (WinZip Computing LLC -> Nico Mak Computing)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-12-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-06-18] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [ISUSPM Startup] => "c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [HP Officejet 5740 series (NET)] => C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe [3769992 2017-05-23] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-06] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [Ozeki Phone System XE Service monitor] => "C:\Program Files\Ozeki\Ozeki Phone System XE\ServiceMonitor.exe"
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27821512 2018-03-13] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91503464 2019-12-13] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2014-07-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BootExecute: autocheck autochk * bootdelete
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01B68D52-81A4-4E5D-A008-EBE7A5E1D7A8} - System32\Tasks\AdobeAAMUpdater-1.0-BRIAN-PC-BR => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {0EB491D2-3F87-4560-81FF-E86009C528CA} - System32\Tasks\{8B8FB205-9240-4AC7-98E1-1FC0022AA2DC} => C:\Program Files (x86)\Skype\Phone\Skype.exe [27821512 2018-03-13] (Skype Software Sarl -> Skype Technologies S.A.)
Task: {137B4BA2-DE24-4F80-BC1F-179956948A9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269000 2015-10-26] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {13C746E5-D9D4-410F-8374-C85DD78CB304} - System32\Tasks\{05A9FC79-8345-4041-BAB5-63B4B01AD275} => C:\Program Files (x86)\Skype\Phone\Skype.exe [27821512 2018-03-13] (Skype Software Sarl -> Skype Technologies S.A.)
Task: {15D83288-E8EC-4399-BBA8-6E0D31A93A1D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {19835642-4FB1-409E-B1C8-8C8DAB245E33} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {261C88CB-C0A6-449C-8B7E-520CB4278507} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-07] (Google Inc -> Google Inc.)
Task: {2761B74C-FF47-4ABC-B888-2B671AC244E5} - System32\Tasks\{A5D314F0-456F-4CB4-B01B-01065EE19CB7} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {2A5E94B0-88B5-4A7C-AE52-03F3C01C221B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {35E21EB3-832F-4CF8-96D9-CA922B3FC962} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {379D608C-0688-4B10-B21D-50B5B2A22E4F} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [210216 2009-10-22] (CyberLink -> CyberLink)
Task: {3A971650-3B29-4284-8710-C3F626E29C5B} - System32\Tasks\HPCustPartic.exe_{48E34D62-7EF7-41D2-8CFC-FF6ACE1C8F6D} => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe [6438536 2017-05-23] (Hewlett Packard -> HP Inc.)
Task: {4B06D158-F426-4D63-842D-A8D695E38F5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-07] (Google Inc -> Google Inc.)
Task: {4E972E24-4BA2-47D5-BEFD-94D785AA4E8C} - System32\Tasks\{1D5C86AE-F4DD-4B79-A361-3F31B70CFCEF} => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation -> TechSmith Corporation)
Task: {58044AB4-8524-4227-9073-AAA8DF62A596} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {6AB5DF9B-167C-4E53-B5F8-EC132C9AB8CD} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {7016C1DA-8A0A-4266-A065-4ECEF51B751B} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [26680 2009-10-20] (Hewlett-Packard Company -> )
Task: {751FC730-C3F0-4E4C-A355-2DDD1C8042A0} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {7C5A95DD-03B0-42B0-AE44-40365D9FFEB6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {84F573DF-E519-4BA8-8531-0D95980676D3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {983288AE-7B6C-4262-A354-ED914BAB9B17} - System32\Tasks\{7ABB10C8-4419-4DA7-B870-5539FB2B4CFF} => C:\Program Files\Dassault Systemes\DraftSight\bin\DraftSight.exe
Task: {9898530D-7128-408C-A288-8A7655746A86} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {99DC5BAC-F1C3-4CDC-8CB1-F45B3B886E25} - System32\Tasks\{9D8A851B-EEC2-4D8A-87F8-B68A9BA893E4} => C:\Windows\system32\pcalua.exe -a "E:\English\JDPaint55 1048\JDPaint.exe" -d "E:\English\JDPaint55 1048"
Task: {9A3CE333-775C-4F78-992D-AA2801A46B4E} - System32\Tasks\{6F7F92BF-441E-4C9E-852D-876D6730FB99} => C:\Windows\system32\pcalua.exe -a L:\AutoCAD_2011_English_Win_64bit.exe -d L:\
Task: {9E7B5155-9C08-45C9-9779-27D04278AC5D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-06] (Piriform Ltd -> Piriform Ltd)
Task: {A6AC5370-51F9-4CFD-997A-8A157D90FF99} - System32\Tasks\HPCustParticipation HP Officejet 5740 series => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe [6438536 2017-05-23] (Hewlett Packard -> HP Inc.)
Task: {B1887102-041D-4F62-A50E-9FDD2221ED07} - System32\Tasks\SafeZone scheduled Autoupdate 1460721208 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {BEBB79F8-7713-4DBF-9FF9-0BA8E1E28A44} - System32\Tasks\{992C1360-B7C4-4ED1-9082-8E159FCB82C3} => C:\Windows\system32\pcalua.exe -a C:\Users\BR\Downloads\setup.exe -d C:\Users\BR\Downloads
Task: {CA4307C5-0B5B-4183-AE41-368899A730FF} - System32\Tasks\{A75FBD77-F964-481B-B7EF-F4B1EA2968ED} => C:\Program Files (x86)\Skype\Phone\Skype.exe [27821512 2018-03-13] (Skype Software Sarl -> Skype Technologies S.A.)
Task: {D16D3224-3EE0-4200-9E22-85BF14CE0671} - System32\Tasks\{9C9F2E80-4ADE-449B-9057-40106FF8BC7F} => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91503464 2019-12-13] (Skype Software Sarl -> Skype Technologies S.A.)
Task: {D5226923-4D3A-4364-BD39-D4CE1AE244C8} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [66816 2015-03-11] (Tweaking LLC -> Tweaking.com)
Task: {DD268EF9-0389-4933-BB76-5200E5670973} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC4FBFEB-BFDC-48EE-B167-145BF1279500} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {EF688760-AA89-4443-B5F1-5CEE174F3EBE} - System32\Tasks\{344968BF-A556-4FFC-984C-7E186895F06B} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\DriverAgent\dauninst.exe
Task: {F071B936-8E01-43A1-8968-3D7C08AC6606} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {FDFDEFE5-F9F6-4CA4-BCF3-CD265AA0EF41} - System32\Tasks\HPCustPartic.exe_{F94022F2-89C4-4C6F-A846-667671D2320F} => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe [6438536 2017-05-23] (Hewlett Packard -> HP Inc.)
Task: {FF68EC2C-3B0C-4266-A221-56BDB11B6623} - System32\Tasks\{9F1E4A2B-AEA4-4565-A49A-E488006A3FAF} => C:\Windows\system32\pcalua.exe -a C:\Users\BR\Downloads\Mach3Version3.043.066.exe -d C:\Users\BR\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 10 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{975E2597-4892-450D-9E49-5CA092C4B97F}: [DhcpNameServer] 64.59.144.16 64.59.150.132
Tcpip\..\Interfaces\{BC556D6E-E0DC-496A-82C9-E12641CD952E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EF1371BB-7288-4F5F-870B-12C74F93F93F}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {07C7C110-7846-4522-8DA7-7316F05F3171} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1004 -> {5C92EB9F-4A20-4856-8F45-C04A70AC3398} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-02-15] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corporation -> Microsoft Corp.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2018-03-07] (Skype Software Sarl -> Skype Technologies)

FireFox:
========
FF DefaultProfile: k3qr4zmn.default-1425818769644-1570208607069
FF ProfilePath: C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\k3qr4zmn.default-1425818769644-1570208607069 [2020-01-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-13] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-26] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-26] (Adobe Systems Incorporated -> )
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @citrixonline.com/appdetectorplugin -> C:\Users\BR\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-28] (Citrix Online -> Citrix Online)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default [2019-09-24]
CHR DownloadDir: C:\Users\BR\Desktop
CHR HomePage: Backup Default -> hxxp://www.google.com/ig
CHR Extension: (Slides) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-11]
CHR Extension: (YouTube) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-11]
CHR Extension: (Adobe Acrobat) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-11]
CHR Extension: (Avast SafePrice) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-05]
CHR Extension: (Sheets) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-11]
CHR Extension: (Avast Online Security) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-11]
CHR Extension: (Chrome Media Router) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-22]
CHR Profile: C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default [2020-01-25]
CHR Notifications: Default -> hxxps://all3dp.com; hxxps://ca.letgo.com; hxxps://drfone.wondershare.com; hxxps://fres-news.com; hxxps://mail.google.com; hxxps://www.backyardboss.net; hxxps://www.bookingbuddy.com; hxxps://www.chatfieldcourt.com; hxxps://www.cruisecritic.com; hxxps://www.dxfdownloads.com; hxxps://www.dxfforcnc.com; hxxps://www.esky.com; hxxps://www.ironplanet.com; hxxps://www.jetsetter.com; hxxps://www.kijiji.ca; hxxps://www.letgo.com; hxxps://www.reddit.com; hxxps://www.wegotravel.ca; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR DefaultSearchURL: Default -> hxxps://ca.letgo.com/icons/android-chrome-36x36.png
CHR Extension: (Google Drive) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2019-05-30]
CHR Extension: (YouTube) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-22]
CHR Extension: (Adobe Acrobat) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-09-29]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-12-18]
CHR Extension: (Avast Online Security) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-01-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (letgo-web) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkjbfeahmkobkcbpjmjbdfcegiapnlc [2019-06-15]
CHR Extension: (craigslist: vancouver, BC jobs, apart...) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodmfgjfnfmcjhffmmaepknoggiokdhk [2020-01-25]
CHR Extension: (Gmail) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-11]
CHR Profile: C:\Users\BR\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-24]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-10-07] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
S4 BackupService; C:\Users\BRIAN\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (Hewlett-Packard Company -> ArcSoft, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia -> Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia -> Secunia)
S4 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-06-07] (SolidWorks) [File not signed]
S4 SQLANYs_SmpParts; C:\Program Files (x86)\SQL Anywhere 10\win32\dbsrv10.exe [136568 2010-12-08] (iAnywhere Solutions, Inc. -> iAnywhere Solutions, Inc.)
S4 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-29] (Reason Software Company Inc. -> RaMMicHaeL)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ahcix64s; C:\Windows\System32\DRIVERS\ahcix64s.sys [237936 2009-08-03] (ATI Technologies, Inc -> Advanced Micro Devices, Inc)
R0 amdsata; C:\Windows\System32\DRIVERS\amdsata.sys [67128 2009-08-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28216 2009-08-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-20] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S0 czhwah; C:\Windows\SysWOW64\drivers\deakun.sys [61440 2019-02-11] () [File not signed]
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2020-01-18] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2017-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia -> Secunia)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [239616 2009-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek )
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] (Intel® Code Signing External -> )
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63568 2012-12-11] (SafeNet, Inc. -> SafeNet, Inc.)
S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2012-10-16] (Windows ® 2000 DDK provider) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S0 ynub; C:\Windows\SysWOW64\drivers\owgosexc.sys [61440 2019-02-11] () [File not signed]
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-18 13:05 - 2020-01-18 13:05 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-01-12 08:25 - 2020-01-12 08:25 - 000000000 ____D C:\Program Files\iPod
2020-01-12 08:24 - 2020-01-12 08:25 - 000000000 ____D C:\Program Files\iTunes
2020-01-12 08:23 - 2020-01-12 08:23 - 000000000 ____D C:\Windows\system32\Tasks\Apple
2020-01-12 08:23 - 2020-01-12 08:23 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2020-01-12 08:22 - 2020-01-12 08:22 - 000000000 ____D C:\Program Files\Bonjour
2020-01-12 08:22 - 2020-01-12 08:22 - 000000000 ____D C:\Program Files (x86)\Bonjour
2020-01-12 08:22 - 2020-01-12 08:22 - 000000000 ____D C:\MSI3877b.tmp
2020-01-12 08:22 - 2020-01-12 08:22 - 000000000 ____D C:\MSI38778.tmp
2020-01-12 08:22 - 2020-01-12 08:22 - 000000000 ____D C:\MSI38772.tmp
2020-01-12 08:22 - 2020-01-12 08:22 - 000000000 ____D C:\MSI3876b.tmp
2020-01-12 08:21 - 2020-01-12 08:21 - 000000000 ____D C:\MSI38765.tmp
2020-01-12 08:20 - 2020-01-12 08:20 - 000000000 ____D C:\MSI3875f.tmp
2020-01-12 08:20 - 2020-01-12 08:20 - 000000000 ____D C:\MSI35cc6.tmp
2020-01-12 08:04 - 2020-01-12 08:04 - 000000000 ____D C:\MSI3382d.tmp
2020-01-12 07:53 - 2020-01-12 07:53 - 000000000 ____D C:\MSI337a0.tmp
2020-01-12 07:52 - 2020-01-12 07:52 - 000000000 ____D C:\MSI33777.tmp
2020-01-12 07:50 - 2020-01-12 07:50 - 000000000 ____D C:\MSI33161.tmp
2020-01-12 07:48 - 2020-01-12 07:48 - 000000000 ____D C:\MSI32b4a.tmp
2020-01-12 07:35 - 2020-01-12 07:35 - 000000000 ____D C:\MSI32b45.tmp
2020-01-12 07:35 - 2020-01-12 07:35 - 000000000 ____D C:\MSI32b3e.tmp
2020-01-12 07:35 - 2020-01-12 07:35 - 000000000 ____D C:\MSI32b38.tmp
2020-01-12 07:34 - 2020-01-12 07:34 - 000000000 ____D C:\MSI32b32.tmp
2020-01-12 07:15 - 2020-01-12 07:15 - 000000000 ____D C:\Program Files\DigiDNA

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-25 08:15 - 2019-02-10 14:37 - 000000000 ____D C:\FRST
2020-01-25 08:14 - 2018-01-21 13:53 - 000003914 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{AAEA059E-67E6-4D4B-A555-071AD2AC6636}
2020-01-25 07:39 - 2012-04-13 07:31 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2020-01-25 04:51 - 2009-07-13 20:45 - 000015792 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-01-25 04:51 - 2009-07-13 20:45 - 000015792 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-01-24 08:42 - 2009-07-13 21:13 - 000786622 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-24 08:42 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2020-01-18 15:09 - 2018-10-08 19:41 - 000002980 _____ C:\Windows\system32\Tasks\{9C9F2E80-4ADE-449B-9057-40106FF8BC7F}
2020-01-18 15:09 - 2018-09-06 05:17 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-01-18 15:09 - 2018-07-20 11:43 - 000002988 _____ C:\Windows\system32\Tasks\{7ABB10C8-4419-4DA7-B870-5539FB2B4CFF}
2020-01-18 15:09 - 2018-07-08 11:16 - 000002940 _____ C:\Windows\system32\Tasks\HPCustPartic.exe_{F94022F2-89C4-4C6F-A846-667671D2320F}
2020-01-18 15:09 - 2017-11-15 16:40 - 000002948 _____ C:\Windows\system32\Tasks\{A75FBD77-F964-481B-B7EF-F4B1EA2968ED}
2020-01-18 15:09 - 2017-11-15 16:40 - 000002948 _____ C:\Windows\system32\Tasks\{8B8FB205-9240-4AC7-98E1-1FC0022AA2DC}
2020-01-18 15:09 - 2017-08-09 01:06 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-01-18 15:09 - 2017-07-12 08:29 - 000003066 _____ C:\Windows\system32\Tasks\{344968BF-A556-4FFC-984C-7E186895F06B}
2020-01-18 15:09 - 2017-03-19 08:15 - 000003892 _____ C:\Windows\system32\Tasks\SafeZone scheduled Autoupdate 1460721208
2020-01-18 15:09 - 2016-04-15 03:50 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2020-01-18 15:09 - 2015-12-31 17:41 - 000002952 _____ C:\Windows\system32\Tasks\{1D5C86AE-F4DD-4B79-A361-3F31B70CFCEF}
2020-01-18 15:09 - 2015-12-31 15:47 - 000003648 _____ C:\Windows\system32\Tasks\Tweaking.com - Windows Repair Tray Icon
2020-01-18 15:09 - 2015-09-14 16:14 - 000003128 _____ C:\Windows\system32\Tasks\{9D8A851B-EEC2-4D8A-87F8-B68A9BA893E4}
2020-01-18 15:09 - 2015-08-19 04:44 - 000002948 _____ C:\Windows\system32\Tasks\{05A9FC79-8345-4041-BAB5-63B4B01AD275}
2020-01-18 15:09 - 2015-06-07 08:28 - 000002940 _____ C:\Windows\system32\Tasks\HPCustPartic.exe_{48E34D62-7EF7-41D2-8CFC-FF6ACE1C8F6D}
2020-01-18 15:09 - 2015-06-07 08:15 - 000003556 _____ C:\Windows\system32\Tasks\HPCustParticipation HP Officejet 5740 series
2020-01-18 15:09 - 2014-09-04 11:21 - 000003496 _____ C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-BRIAN-PC-BR
2020-01-18 15:09 - 2014-05-02 18:02 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-01-18 15:09 - 2014-05-02 18:02 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-01-18 15:09 - 2013-11-18 09:26 - 000003132 _____ C:\Windows\system32\Tasks\{9F1E4A2B-AEA4-4565-A49A-E488006A3FAF}
2020-01-18 15:09 - 2013-08-27 17:19 - 000003076 _____ C:\Windows\system32\Tasks\{6F7F92BF-441E-4C9E-852D-876D6730FB99}
2020-01-18 15:09 - 2013-08-19 18:26 - 000002766 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-01-18 15:09 - 2013-08-16 12:05 - 000003062 _____ C:\Windows\system32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2020-01-18 15:09 - 2013-08-16 12:05 - 000003060 _____ C:\Windows\system32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2020-01-18 15:09 - 2012-06-07 12:42 - 000003100 _____ C:\Windows\system32\Tasks\{992C1360-B7C4-4ED1-9082-8E159FCB82C3}
2020-01-18 15:09 - 2012-04-13 07:31 - 000003768 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-01-18 15:09 - 2012-03-13 06:53 - 000003032 _____ C:\Windows\system32\Tasks\{A5D314F0-456F-4CB4-B01B-01065EE19CB7}
2020-01-18 15:09 - 2012-03-13 06:03 - 000003926 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{04763158-D395-4D60-AA42-FEC1973CEF7F}
2020-01-18 15:09 - 2012-03-13 05:12 - 000003706 _____ C:\Windows\system32\Tasks\RecoveryCDWin7
2020-01-18 15:09 - 2009-12-17 12:25 - 000003164 _____ C:\Windows\system32\Tasks\DVDAgent
2020-01-18 15:09 - 2009-12-17 12:24 - 000003200 _____ C:\Windows\system32\Tasks\CLMLSvc
2020-01-18 13:10 - 2017-03-16 02:48 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-01-18 13:04 - 2015-10-08 11:40 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2020-01-18 13:03 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-12 08:22 - 2014-11-15 16:08 - 000000000 ____D C:\Program Files\Common Files\Apple

==================== Files in the root of some directories ========

2014-09-09 15:27 - 2014-09-09 15:30 - 000000000 _____ () C:\Users\BR\AppData\Roaming\bibstats
2014-10-27 08:16 - 2014-11-13 19:01 - 000000308 _____ () C:\Users\BR\AppData\Roaming\Rim.Desktop.Exception.log
2014-10-27 08:09 - 2014-11-28 09:44 - 000004042 _____ () C:\Users\BR\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-10-27 08:16 - 2014-11-13 19:01 - 000000308 _____ () C:\Users\BR\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-11 10:57 - 2014-11-11 10:57 - 000000044 _____ () C:\Users\BR\AppData\Roaming\WB.CFG
2017-01-14 12:04 - 2017-01-14 12:04 - 000000000 ____H () C:\Users\BR\AppData\Local\BITD200.tmp
2014-10-27 09:02 - 2014-10-27 09:02 - 000009728 _____ () C:\Users\BR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-01-08 13:25 - 2020-01-08 13:25 - 000000218 _____ () C:\Users\BR\AppData\Local\recently-used.xbel
2015-09-26 12:43 - 2015-09-26 12:43 - 000000017 _____ () C:\Users\BR\AppData\Local\resmon.resmoncfg
2012-06-07 20:09 - 2012-06-07 20:09 - 000000000 _____ () C:\Users\BR\AppData\Local\Temptable.xml
2012-09-23 13:15 - 2012-09-23 13:15 - 000137289 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.0
2012-09-23 13:15 - 2012-09-23 13:15 - 000132486 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.1
2012-09-23 13:15 - 2012-09-23 13:15 - 000132533 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.JPG
2012-09-23 13:15 - 2012-09-23 13:15 - 000003890 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001_navi.JPG
2012-10-03 17:21 - 2012-10-03 17:21 - 000121078 _____ () C:\Users\BR\AppData\Local\tmpNOMAD1.0
2012-10-03 17:21 - 2012-10-03 17:21 - 000044248 _____ () C:\Users\BR\AppData\Local\tmpNOMAD1.JPG
2012-10-03 17:18 - 2012-10-03 17:18 - 000112551 _____ () C:\Users\BR\AppData\Local\tmpNOMAD2.0
2012-10-03 17:18 - 2012-10-03 17:18 - 000040181 _____ () C:\Users\BR\AppData\Local\tmpNOMAD2.JPG
2012-10-03 17:21 - 2012-10-03 17:21 - 000115714 _____ () C:\Users\BR\AppData\Local\tmpNOMAD3.0
2012-10-03 17:21 - 2012-10-03 17:21 - 000038427 _____ () C:\Users\BR\AppData\Local\tmpNOMAD3.JPG
2012-10-03 17:22 - 2012-10-03 17:22 - 000134269 _____ () C:\Users\BR\AppData\Local\tmpNOMAD4.0
2012-10-03 17:22 - 2012-10-03 17:22 - 000049466 _____ () C:\Users\BR\AppData\Local\tmpNOMAD4.JPG
2012-10-03 17:22 - 2012-10-03 17:22 - 000135858 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.0
2012-10-03 17:22 - 2012-10-03 17:22 - 000050685 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.1
2012-10-03 17:22 - 2012-10-03 17:22 - 000050520 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.JPG
2012-10-03 17:23 - 2012-10-03 17:23 - 000136857 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.0
2012-10-03 17:23 - 2012-10-03 17:23 - 000049261 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.1
2012-10-03 17:23 - 2012-10-03 17:23 - 000049486 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.JPG
2012-08-22 15:05 - 2012-08-22 15:05 - 000006400 _____ () C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).0
2012-08-22 15:05 - 2012-08-22 15:05 - 000001969 _____ () C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).JPG
2017-01-14 11:57 - 2017-01-14 12:04 - 000000000 _____ () C:\Users\BR\AppData\Local\{7A3D3458-EB7D-4C05-A5E4-FDFD4ED3DCBD}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

ATTENTION: ==> Could not access BCD.  ->

LastRegBack: 2020-01-18 13:57
==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-01-2020 01
Ran by BR (25-01-2020 08:17:22)
Running from C:\Users\BR\Downloads
Windows 7 Home Premium Service Pack 3 (X64) (2012-03-13 13:09:29)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-998330651-303224156-1059126384-500 - Administrator - Disabled)
bcom (S-1-5-21-998330651-303224156-1059126384-1003 - Administrator - Enabled) => C:\Users\bcom
BR (S-1-5-21-998330651-303224156-1059126384-1004 - Administrator - Enabled) => C:\Users\BR
BRIAN (S-1-5-21-998330651-303224156-1059126384-1000 - Administrator - Enabled) => C:\Users\BRIAN
Guest (S-1-5-21-998330651-303224156-1059126384-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.07 beta (x64) (HKLM\...\7-Zip) (Version: 15.07 - Igor Pavlov)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.1 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (HKLM-x32\...\{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (HKLM-x32\...\{A7AEE29F-839E-46B5-B347-6D430618129F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Akamai) (Version:  - Akamai Technologies, Inc)
Any Video Converter 3.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{45DDDFED-AABC-450C-B49C-5B4A5E547F5B}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Autodesk Pixlr (HKLM-x32\...\{B0547B43-3AEE-453C-9945-800DDF92052D}) (Version: 1.1.1.0 - Autodesk) Hidden
Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.1.1.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6100 (HKLM-x32\...\{0DEF8C02-2EAB-4BFE-A7E0-7990665DF1A9}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c6100_Help (HKLM-x32\...\{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}) (Version: 82.0.256.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{1B1BF50E-ACE8-4481-B362-89544FB1CD4B}) (Version: 1.0.357 - Citrix)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
Corel Applications (HKLM-x32\...\Corel Applications) (Version:  - )
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Garmin USB Drivers (HKLM\...\{956B3B73-29E8-423C-8973-D8085DE69E13}) (Version: 2.3.1.2 - Garmin Ltd or its subsidiaries)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
Google Earth Pro (HKLM-x32\...\{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}) (Version: 7.3.2.5776 - Google)
Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
gsimple 2.05 (HKLM-x32\...\gsimple) (Version: 2.05 - S.Kontogiannis)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 5740 series Basic Device Software (HKLM\...\{B09B89DC-91EF-4965-800D-2A5807D117D1}) (Version: 40.11.1135.17143 - HP Inc.)
HP Officejet 5740 series Help (HKLM-x32\...\{F17D53C7-DCE8-469C-9690-CF8F5903519C}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.7 - Hewlett-Packard) Hidden
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2226 - Intel Corporation)
iTunes (HKLM\...\{9C96D8AC-EE43-4B47-877C-D11595511C8E}) (Version: 12.10.3.1 - Apple Inc.)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
Live Mail Password Decryptor (HKLM-x32\...\{2C7228FF-A6A8-49D1-BE08-7453AB5D0359}) (Version: 4.0 - SecurityXploded) Hidden
Logitech Harmony Remote Software (x86) (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Magical Jelly Bean PasswdFinder (HKLM-x32\...\PasswdFinder_is1) (Version: 1.0.0.29 - PasswdFinder)
Mail Undelete Recovery Toolbox Free 2.3 (HKLM-x32\...\Mail Undelete Recovery Toolbox Free_is1) (Version:  - Recovery Toolbox, Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 47.0.2 (x86 en-US) (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NirSoft WebBrowserPassView (HKLM-x32\...\NirSoft WebBrowserPassView) (Version:  - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Photobucket Desktop (HKLM-x32\...\{D0916F1D-236D-4B9A-BCEA-F535444DCA41}) (Version: 1.0.3.1552 - Photobucket)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
Product Improvement Study for HP Officejet 5740 series (HKLM\...\{0E14A09E-FBF5-461C-A10B-62F231B1722C}) (Version: 40.11.1135.17143 - HP Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2216 - CyberLink Corp.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rosetta Stone Version 3 (HKLM-x32\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.7.0 - Rosetta Stone Ltd.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scanything V1.0.8 (HKLM-x32\...\Scanything) (Version: 1.0.8 - Scanything)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Sentinel System Driver Installer 7.5.7 (HKLM-x32\...\{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}) (Version: 7.5.7 - SafeNet, Inc.)
SewArt (HKLM\...\{233A5312-C6B1-48DB-8F62-5E1E2975F499}) (Version: 1.8.8 - S & S Computing)
SewWhat-Pro (HKLM\...\{5DF40802-1935-4B9F-9B7C-B16B6B875461}) (Version: 3.9.7 - S & S Computing)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype version 8.55 (HKLM-x32\...\Skype_is1) (Version: 8.55 - Skype Technologies S.A.)
Skype™ 7.41 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 7.41.101 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolidWorks 2011 x64 Edition SP02 (HKLM\...\{4F113377-0BA1-4552-9ABB-9BF220FAF132}) (Version: 19.120.49 - SolidWorks) Hidden
SolidWorks eDrawings 2011 x64 Edition SP02 (HKLM\...\{455804F2-70A9-46BD-BEB8-957000EC20D4}) (Version: 11.2.113 - Dassault Systèmes SolidWorks Corp.) Hidden
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
SQLAnywhere1000 (HKLM-x32\...\{349E9132-5101-4094-859E-0EEE6F3DDCD5}) (Version: 10.1.4157 - Merry Mechanization Inc)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trendnet USBKVM Switcher (HKLM-x32\...\Trendnet USBKVM Switcher_is1) (Version:  - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.8 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.7.3 - Tweaking.com)
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A95E3E66-D5A4-404E-997D-02562AA492E8}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wilcom TrueSizer e3.0 (HKLM-x32\...\{90C3F44A-7F39-4AEA-AC41-E32F97208269}) (Version: 17.0.185.7427 - Wilcom) Hidden
Wilcom TrueSizer e3.0 (HKLM-x32\...\{E801DDB4-3CFC-496E-9E04-781EC2445D82}) (Version: 17.0.185.7427 - Wilcom)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}) (Version: 1.0.24.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll => No File
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll => No File
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-09-17] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [FileAssociationHelper] -> {D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} => C:\Program Files\File Association Helper\FAHDll.dll [2014-01-28] (WinZip Computing LLC -> Nico Mak Computing)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-04-26] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1-x32: [PhoXo] -> {47F14307-F923-44F9-86CB-A1E193DA6070} => C:\Program Files (x86)\PhoXo\ExploreMenu.dll -> No File
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-09-17] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-09-17] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-09] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\BR\Favorites\Fotor for desktop.lnk -> hxxp://www.fotor.com/desktop/index.htm
ShortcutWithArgument: C:\Users\BR\Desktop\letgo-web.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ogkjbfeahmkobkcbpjmjbdfcegiapnlc
ShortcutWithArgument: C:\Users\BR\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_pjkljhegncpnkpknbcohdijeoejaedia\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=pjkljhegncpnkpknbcohdijeoejaedia
ShortcutWithArgument: C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\craigslist_ vancouver, BC jobs, apart.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=oodmfgjfnfmcjhffmmaepknoggiokdhk
ShortcutWithArgument: C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\letgo-web.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ogkjbfeahmkobkcbpjmjbdfcegiapnlc
ShortcutWithArgument: C:\Users\BR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=pjkljhegncpnkpknbcohdijeoejaedia
ShortcutWithArgument: C:\Users\BR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\letgo-web.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ogkjbfeahmkobkcbpjmjbdfcegiapnlc

==================== Loaded Modules (Whitelisted) =============

2016-06-07 23:10 - 2016-06-07 23:10 - 000125440 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-06-07 23:10 - 2016-06-07 23:10 - 000118272 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-07 23:10 - 2016-06-07 23:10 - 000166400 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-06-07 23:10 - 2016-06-07 23:10 - 000205824 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-07 23:10 - 2016-06-07 23:10 - 000117248 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2019-12-08 12:26 - 2019-12-13 17:52 - 001899520 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2019-12-08 12:26 - 2019-12-13 17:52 - 006668800 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2019-12-08 12:26 - 2019-12-13 17:52 - 000259584 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\swiftshader\libegl.dll
2019-12-08 12:26 - 2019-12-13 17:52 - 003044352 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\swiftshader\libglesv2.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () [File not signed] C:\Program Files (x86)\Skype\Phone\skypert.dll
2015-10-10 14:17 - 2007-07-17 15:26 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Trendnet\USBKVM Switcher\kEYHOOK.dll
2012-12-15 12:55 - 2005-03-12 00:07 - 000087040 _____ () [File not signed] C:\Windows\System32\pdfcmnnt.dll
2009-09-20 09:53 - 2009-09-20 09:53 - 000538112 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll
2009-09-20 09:53 - 2009-09-20 09:53 - 000015360 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2009-09-20 09:53 - 2009-09-20 09:53 - 000274432 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000249344 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000213504 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000133120 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000049664 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll
2009-05-21 19:09 - 2009-05-21 19:09 - 000338432 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll
2009-05-21 19:05 - 2009-05-21 19:05 - 000326144 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll
2009-09-20 11:36 - 2009-09-20 11:36 - 000150528 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll
2009-09-20 11:36 - 2009-09-20 11:36 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.rsc
2009-09-20 11:36 - 2009-09-20 11:36 - 000205824 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll
2009-05-21 19:09 - 2009-05-21 19:09 - 000554496 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
2010-10-22 12:08 - 2010-10-22 12:08 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2013-09-11 22:10 - 2013-09-11 22:10 - 000328704 _____ (Hewlett-Packard Co.) [File not signed] C:\Windows\System32\hpinksts7012LM.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2005-09-23 03:26 - 2005-09-23 03:26 - 000123904 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\csm.dll
2005-09-23 03:33 - 2005-09-23 03:33 - 000247296 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll
2017-10-05 22:05 - 2017-10-05 22:05 - 002969600 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmCodecs.dll
2017-10-05 22:08 - 2017-10-05 22:08 - 000941056 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmMediaManager.dll
2017-10-05 22:03 - 2017-10-05 22:03 - 000654848 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmPal.dll
2017-10-05 22:07 - 2017-10-05 22:07 - 010914816 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmPltfm.dll
2017-10-05 22:04 - 2017-10-05 22:04 - 000089088 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2004-02-23 11:42 - 2004-02-23 11:42 - 001386496 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\MSVBVM60.DLL
2012-03-16 02:02 - 2012-03-16 02:02 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2017-10-05 22:16 - 2017-10-05 22:16 - 027716608 ____R (Skype Technologies S.A.) [File not signed] C:\Program Files (x86)\Skype\Phone\SkypeSkylib.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2019-01-04 01:01 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\SQL Anywhere 10\win32;C:\Program Files (x86)\SQL Anywhere 10\Sybase Central 5.0.0\win32;%PROGRAMFILES%\Internet Explorer;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\BR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: AliSafeEngine Service => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DraftSight API Service => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: SentinelKeysServer => 2
MSCONFIG\Services: SentinelProtectionServer => 2
MSCONFIG\Services: SentinelSecurityRuntime => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Unchecky => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: wwbizsrv => 2

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{941584E1-854B-434D-85FE-08615386E6DD}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [UDP Query User{24DB1A02-894B-4B50-80C3-AF89B7F3A379}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [TCP Query User{0B6B3E9F-1303-4E14-8895-DA3ACC99F6CF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{1E3A6126-5910-4D3B-9911-15769D574BBB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{4CB72E1A-D77F-4284-B7EA-15ECCA2A0518}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{849E739F-CA22-4888-A9A6-C5EE2B84C0D7}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{B3B2AC8C-624A-4D95-AA88-2C109ACF15C1}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [UDP Query User{75B9D3FE-C59D-40B9-BB93-78365A52A88E}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{7BCA530D-AEF9-4312-AB98-5FA57B22C9D4}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS0312\HPDiagnosticCoreUI.exe No File
FirewallRules: [{DD0816DF-1A6D-46DE-B7FA-8F03EA897AFA}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS0312\HPDiagnosticCoreUI.exe No File
FirewallRules: [{7027FCA1-ED17-4B7B-9DEF-90707122CEED}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS03BC\HPDiagnosticCoreUI.exe No File
FirewallRules: [{4E250D65-5C7F-4C5C-8E68-F728A34421A7}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS03BC\HPDiagnosticCoreUI.exe No File
FirewallRules: [TCP Query User{9F26BF52-B13B-471C-A6AC-44F98C53BC00}C:\program files (x86)\trademanager\aliim.exe] => (Allow) C:\program files (x86)\trademanager\aliim.exe No File
FirewallRules: [UDP Query User{E3DB5C18-C6C1-4FD6-A0D7-15EFCCE65DC2}C:\program files (x86)\trademanager\aliim.exe] => (Allow) C:\program files (x86)\trademanager\aliim.exe No File
FirewallRules: [{FEA0FE39-54A2-480A-9CAD-7D55D772EAA6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe No File
FirewallRules: [{9BF14085-062A-4EB5-A452-75190E55F47F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe No File
FirewallRules: [{B9C78521-F0A8-4E23-9136-149ADB9DB1A0}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe No File
FirewallRules: [{20D7AE74-B6A3-426F-B416-9DC325C694AA}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe No File
FirewallRules: [{25DB26D6-7C8D-421E-BD9F-0EBCBFA140D4}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS35EA\HPDiagnosticCoreUI.exe No File
FirewallRules: [{BD5D4210-B6E5-45E3-881D-BAEC293F3BF7}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS35EA\HPDiagnosticCoreUI.exe No File
FirewallRules: [{26EAF1A7-27A7-40A1-8B97-244D92D509DD}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS3FFD\HPDiagnosticCoreUI.exe No File
FirewallRules: [{84C5F561-9393-4117-9C21-1602D63CDAA9}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS3FFD\HPDiagnosticCoreUI.exe No File
FirewallRules: [{066E33B9-FBB5-4872-A4EF-6ACA4D6C8780}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS4109\HPDiagnosticCoreUI.exe No File
FirewallRules: [{D8C0664B-C6D4-48BA-B1F4-5682814D8FAF}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS4109\HPDiagnosticCoreUI.exe No File
FirewallRules: [{14FC1362-862C-41E8-9E03-9DEAFB364DA3}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS416B\HPDiagnosticCoreUI.exe No File
FirewallRules: [{734FA13E-75FC-4204-82B7-5CBEADE5CEF1}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS416B\HPDiagnosticCoreUI.exe No File
FirewallRules: [{268CDBAB-5953-49C3-B923-E0C09378C160}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS7EF8\HPDiagnosticCoreUI.exe No File
FirewallRules: [{EB46FD57-3C8D-4324-BF80-8CACE5BC36F5}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS7EF8\HPDiagnosticCoreUI.exe No File
FirewallRules: [{F028B163-0059-448B-BB75-773426B9BFC0}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2E7E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{2DE49187-0F5B-4044-84FE-0A669CC85F33}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2E7E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{2F80605A-D7CD-4639-B271-0B88302D1B78}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2F2F\HPDiagnosticCoreUI.exe No File
FirewallRules: [{5F35F7C3-2461-4952-AA85-73CF95EA6F47}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2F2F\HPDiagnosticCoreUI.exe No File
FirewallRules: [{5A4F57BB-C9CE-45EC-B240-2C84F10D8EC1}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS334A\HPDiagnosticCoreUI.exe No File
FirewallRules: [{C0330068-E65D-41C2-87C9-CA6BA61A2EBD}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS334A\HPDiagnosticCoreUI.exe No File
FirewallRules: [{C21344CC-E893-44F5-8E7E-701F26AB182D}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{FA59B4A3-B4E9-4169-80CA-0ACAFF3299DB}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{D1A0FBE8-8102-4DCB-9C1B-4C6DA9A2E4B0}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\SendAFax.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{8BF19FE5-091A-4478-A1B9-B0F5988DB7EB}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{DDEF6243-1EA8-4B81-9D35-C268ABDF94F0}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{3C37859B-1FDB-4B6F-AC4C-69AA2592E700}] => (Allow) LPort=5357
FirewallRules: [{38935BAA-FB00-4F8E-AFF2-1ECFFCCB3402}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{83EF81F4-A047-486B-9ED7-788156AA5F02}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS492E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{2CCFE143-FE63-463D-BF2D-38FA0542B828}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS492E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{30090691-2965-4C2E-BCEA-F17CD8043B3C}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS71FF\HPDiagnosticCoreUI.exe No File
FirewallRules: [{368EF3B6-D448-4597-BDD7-C5370190596C}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS71FF\HPDiagnosticCoreUI.exe No File
FirewallRules: [{7F9AC02C-F9FA-4201-9C09-C06F7B5B630D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{747DE1F7-7A8F-4729-8D96-E06E0C5A5FFA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{B41BAFD4-3B90-42C3-B49D-50BD0A8FC864}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{7FAC275E-EF51-4AE7-BF73-EB278A5117C5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E11B348-E024-4FA4-974E-4ABA18354EA8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{32037EE3-CB62-4E38-A5AA-9282CB2DB64D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{63B2AC6C-B348-4C36-A5A2-D3897AD25E9E}C:\users\br\downloads\lastskype\skype.exe] => (Allow) C:\users\br\downloads\lastskype\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{4C186173-6240-41E4-B952-BD8BEE541592}C:\users\br\downloads\lastskype\skype.exe] => (Allow) C:\users\br\downloads\lastskype\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D122C3F6-5ADB-4E6D-92C7-92BBD59D7880}] => (Allow) LPort=5060
FirewallRules: [{94C1293C-FDD6-4C82-9154-F8E4044A5BC3}] => (Allow) LPort=5060
FirewallRules: [{BBB75CFF-EC99-4774-8155-547F28809543}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D01CFA03-1BA8-4EA9-A86F-CC6E770F03C2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2B99D4FD-F3D3-451D-A0C4-183222C8745F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9BBD7D73-8AA0-4574-80C0-423169522C48}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{981237FF-8ED1-4BB2-BE45-3263D7508E01}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B527783B-C33A-4F54-893A-C2D6F033491C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2BF29DDB-82EC-47D1-BC27-63311912B242}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AEC82EC9-7004-4C5C-A960-6FD1A11D564B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{71F37F46-916E-45CF-9F3B-B92AF2D83A04}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{709BC2A4-9C30-4A50-9DE6-AA734B0C02CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7

==================== Restore Points =========================

20-12-2018 03:01:27 Windows Update
28-12-2018 09:24:34 Scheduled Checkpoint
09-01-2019 03:00:26 Windows Update
09-01-2019 05:32:54 Windows Update
16-01-2019 03:00:11 Windows Update
25-01-2019 00:09:48 Scheduled Checkpoint
11-02-2019 07:05:09 Removed 0501(English)
11-02-2019 09:49:29 Restore Point Created by FRST
11-02-2019 10:17:08 Restore Point Created by FRST
13-02-2019 03:01:14 Windows Update
15-02-2019 07:29:49 Removed Java 8 Update 66
13-03-2019 02:01:10 Windows Update
14-03-2019 02:01:00 Windows Update
24-03-2019 23:09:19 Scheduled Checkpoint
27-03-2019 02:00:13 Windows Update
04-04-2019 02:00:13 Windows Update
11-04-2019 02:00:14 Windows Update
14-04-2019 02:00:59 Windows Update
30-04-2019 23:00:59 Scheduled Checkpoint
15-05-2019 02:00:27 Windows Update
03-06-2019 23:05:17 Scheduled Checkpoint
14-06-2019 16:18:20 Removed Sentinel Protection Installer 7.6.6
14-06-2019 16:20:36 Removed Free DWG Viewer 7.3.
14-06-2019 16:24:23 Removed LightScribe System Software.
14-06-2019 16:26:00 Configured PowerStarter
14-06-2019 16:26:45 Configured HP
14-06-2019 16:28:53 Configured Power2Go
14-06-2019 16:31:31 Removed SMPIS.
14-06-2019 16:33:45 Removed SQLAnywhere1000.
14-06-2019 16:37:35 Revo Uninstaller's restore point - ArtCAM 2015 (64-bit)
14-06-2019 16:38:41 Revo Uninstaller's restore point - ArtCAM 2015 (64-bit)
15-06-2019 02:00:44 Windows Update
16-06-2019 02:00:23 Windows Update
16-06-2019 06:08:34 Revo Uninstaller's restore point - SolidWorks 2011 x64 Edition SP02
16-06-2019 06:12:22 Revo Uninstaller's restore point - SolidWorks Explorer 2011 SP02
16-06-2019 06:13:50 Removed SolidWorks Explorer 2011 SP02.
16-06-2019 06:16:38 Removed SolidWorks eDrawings 2011 SP02.
27-06-2019 22:38:00 Scheduled Checkpoint
11-07-2019 02:00:14 Windows Update
25-07-2019 02:00:34 Windows Update
14-08-2019 02:00:20 Windows Update
11-09-2019 02:00:42 Windows Update
12-09-2019 02:00:28 Windows Update
15-09-2019 02:00:12 Windows Update
16-09-2019 02:00:22 Windows Update
02-10-2019 22:44:37 Scheduled Checkpoint
04-10-2019 02:00:17 Windows Update
09-10-2019 02:00:32 Windows Update
13-11-2019 03:00:20 Windows Update
14-11-2019 03:00:15 Windows Update
30-11-2019 11:25:23 Scheduled Checkpoint
08-12-2019 11:38:38 Installed Skype™ 7.41
08-12-2019 11:58:20 Installed Skype™ 7.41
11-12-2019 03:00:26 Windows Update
21-12-2019 01:43:33 Scheduled Checkpoint
04-01-2020 11:53:57 Scheduled Checkpoint
12-01-2020 07:45:51 Removed Apple Application Support (64-bit)
12-01-2020 07:47:23 Removed Apple Application Support (64-bit)
12-01-2020 07:49:55 Removed Apple Application Support (32-bit)
12-01-2020 07:51:40 Removed Bonjour
12-01-2020 07:52:38 Removed Apple Mobile Device Support
12-01-2020 08:03:42 Removed iTunes
12-01-2020 08:23:14 Installed iTunes

==================== Faulty Device Manager Devices ============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Qualcomm Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Description: Qualcomm Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (01/25/2020 12:00:05 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/24/2020 12:00:06 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/23/2020 12:00:05 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/22/2020 12:00:05 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/21/2020 12:00:05 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/20/2020 12:00:04 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/19/2020 12:00:05 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/18/2020 01:17:46 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

System errors:
=============
Error: (01/24/2020 03:25:39 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/23/2020 03:25:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/22/2020 03:25:36 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/21/2020 03:25:34 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/20/2020 03:25:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/19/2020 03:25:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/19/2020 01:15:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/18/2020 01:06:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
czhwah
ynub

CodeIntegrity:
===================================

Date: 2018-11-14 03:40:07.722
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 12:29:59.014
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 12:29:58.733
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 05:07:52.175
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 05:07:52.034
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 04:51:43.641
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 04:51:43.314
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 04:29:01.016
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 5.14 11/13/2009
Motherboard: PEGATRON CORPORATION Eureka3
Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 88%
Total physical RAM: 7133.18 MB
Available physical RAM: 847.83 MB
Total Virtual: 14264.5 MB
Available Virtual: 8277.21 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920.39 GB) (Free:147.6 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.02 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{b853008b-6d0c-11e1-b88a-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,274 posts
  • MVP

Open Chrome.

 

Go to:

chrome://settings/

 

Click on Advanced

 

Click on Privacy and Security

 

Now scroll to where it says System and turn off:

Continue running background apps when Google Chrome is closed
 

 

Click on Site Settings

 

Click on Notifications

Where it says Ask Before Sending, Click on the blue icon so it turns off.  It should now say Blocked.

 

Now under Privacy and Security

 

Find:

 

Preload pages for faster browsing and searching

 

Turn OFF

 

 

Restart Chrome.

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   11.68KB   1 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Are you still getting the popups?


 


  • 0

#5
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 214 posts

the link for fixlist only produces a file so i downloaded farbar else-ware here is what it produced  yes still getting popups

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2020 01
Ran by BR (26-01-2020 10:09:30) Run:1
Running from C:\Users\BR\Downloads
Loaded Profiles: BR (Available Profiles: BRIAN & bcom & BR)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S0 czhwah; C:\Windows\SysWOW64\drivers\deakun.sys [61440 2019-02-11] () [File not signed]
S0 ynub; C:\Windows\SysWOW64\drivers\owgosexc.sys [61440 2019-02-11] () [File not signed]
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers1-x32: [PhoXo] -> {47F14307-F923-44F9-86CB-A1E193DA6070} => C:\Program Files (x86)\PhoXo\ExploreMenu.dll -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File
FirewallRules: [{7BCA530D-AEF9-4312-AB98-5FA57B22C9D4}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS0312\HPDiagnosticCoreUI.exe No File
FirewallRules: [{DD0816DF-1A6D-46DE-B7FA-8F03EA897AFA}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS0312\HPDiagnosticCoreUI.exe No File
FirewallRules: [{7027FCA1-ED17-4B7B-9DEF-90707122CEED}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS03BC\HPDiagnosticCoreUI.exe No File
FirewallRules: [{4E250D65-5C7F-4C5C-8E68-F728A34421A7}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS03BC\HPDiagnosticCoreUI.exe No File
FirewallRules: [TCP Query User{9F26BF52-B13B-471C-A6AC-44F98C53BC00}C:\program files (x86)\trademanager\aliim.exe] => (Allow) C:\program files (x86)\trademanager\aliim.exe No File
FirewallRules: [UDP Query User{E3DB5C18-C6C1-4FD6-A0D7-15EFCCE65DC2}C:\program files (x86)\trademanager\aliim.exe] => (Allow) C:\program files (x86)\trademanager\aliim.exe No File
FirewallRules: [{FEA0FE39-54A2-480A-9CAD-7D55D772EAA6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe No File
FirewallRules: [{9BF14085-062A-4EB5-A452-75190E55F47F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe No File
FirewallRules: [{B9C78521-F0A8-4E23-9136-149ADB9DB1A0}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe No File
FirewallRules: [{20D7AE74-B6A3-426F-B416-9DC325C694AA}] => (Allow) C:\Program Files (x86)\Sticky Password\stpass.exe No File
FirewallRules: [{25DB26D6-7C8D-421E-BD9F-0EBCBFA140D4}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS35EA\HPDiagnosticCoreUI.exe No File
FirewallRules: [{BD5D4210-B6E5-45E3-881D-BAEC293F3BF7}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS35EA\HPDiagnosticCoreUI.exe No File
FirewallRules: [{26EAF1A7-27A7-40A1-8B97-244D92D509DD}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS3FFD\HPDiagnosticCoreUI.exe No File
FirewallRules: [{84C5F561-9393-4117-9C21-1602D63CDAA9}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS3FFD\HPDiagnosticCoreUI.exe No File
FirewallRules: [{066E33B9-FBB5-4872-A4EF-6ACA4D6C8780}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS4109\HPDiagnosticCoreUI.exe No File
FirewallRules: [{D8C0664B-C6D4-48BA-B1F4-5682814D8FAF}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS4109\HPDiagnosticCoreUI.exe No File
FirewallRules: [{14FC1362-862C-41E8-9E03-9DEAFB364DA3}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS416B\HPDiagnosticCoreUI.exe No File
FirewallRules: [{734FA13E-75FC-4204-82B7-5CBEADE5CEF1}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS416B\HPDiagnosticCoreUI.exe No File
FirewallRules: [{268CDBAB-5953-49C3-B923-E0C09378C160}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS7EF8\HPDiagnosticCoreUI.exe No File
FirewallRules: [{EB46FD57-3C8D-4324-BF80-8CACE5BC36F5}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS7EF8\HPDiagnosticCoreUI.exe No File
FirewallRules: [{F028B163-0059-448B-BB75-773426B9BFC0}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2E7E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{2DE49187-0F5B-4044-84FE-0A669CC85F33}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2E7E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{2F80605A-D7CD-4639-B271-0B88302D1B78}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2F2F\HPDiagnosticCoreUI.exe No File
FirewallRules: [{5F35F7C3-2461-4952-AA85-73CF95EA6F47}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS2F2F\HPDiagnosticCoreUI.exe No File
FirewallRules: [{5A4F57BB-C9CE-45EC-B240-2C84F10D8EC1}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS334A\HPDiagnosticCoreUI.exe No File
FirewallRules: [{C0330068-E65D-41C2-87C9-CA6BA61A2EBD}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS334A\HPDiagnosticCoreUI.exe No File
FirewallRules: [{83EF81F4-A047-486B-9ED7-788156AA5F02}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS492E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{2CCFE143-FE63-463D-BF2D-38FA0542B828}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS492E\HPDiagnosticCoreUI.exe No File
FirewallRules: [{30090691-2965-4C2E-BCEA-F17CD8043B3C}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS71FF\HPDiagnosticCoreUI.exe No File
FirewallRules: [{368EF3B6-D448-4597-BDD7-C5370190596C}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS71FF\HPDiagnosticCoreUI.exe No File
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:

*****************

"HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\MozillaPlugins\FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]" => not found
"FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]" => not found
"HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\MozillaPlugins\FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]" => not found
"FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]" => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => not found
AppMgmt => service not found.
czhwah => service not found.
ynub => service not found.
DrvAgent64 => service not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUnstaler => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\PhoXo => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUnstaler => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUnstaler => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BCA530D-AEF9-4312-AB98-5FA57B22C9D4}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD0816DF-1A6D-46DE-B7FA-8F03EA897AFA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7027FCA1-ED17-4B7B-9DEF-90707122CEED}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E250D65-5C7F-4C5C-8E68-F728A34421A7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9F26BF52-B13B-471C-A6AC-44F98C53BC00}C:\program files (x86)\trademanager\aliim.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E3DB5C18-C6C1-4FD6-A0D7-15EFCCE65DC2}C:\program files (x86)\trademanager\aliim.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FEA0FE39-54A2-480A-9CAD-7D55D772EAA6}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9BF14085-062A-4EB5-A452-75190E55F47F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9C78521-F0A8-4E23-9136-149ADB9DB1A0}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20D7AE74-B6A3-426F-B416-9DC325C694AA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25DB26D6-7C8D-421E-BD9F-0EBCBFA140D4}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD5D4210-B6E5-45E3-881D-BAEC293F3BF7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26EAF1A7-27A7-40A1-8B97-244D92D509DD}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84C5F561-9393-4117-9C21-1602D63CDAA9}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{066E33B9-FBB5-4872-A4EF-6ACA4D6C8780}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D8C0664B-C6D4-48BA-B1F4-5682814D8FAF}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14FC1362-862C-41E8-9E03-9DEAFB364DA3}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{734FA13E-75FC-4204-82B7-5CBEADE5CEF1}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{268CDBAB-5953-49C3-B923-E0C09378C160}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB46FD57-3C8D-4324-BF80-8CACE5BC36F5}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F028B163-0059-448B-BB75-773426B9BFC0}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DE49187-0F5B-4044-84FE-0A669CC85F33}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F80605A-D7CD-4639-B271-0B88302D1B78}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F35F7C3-2461-4952-AA85-73CF95EA6F47}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A4F57BB-C9CE-45EC-B240-2C84F10D8EC1}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0330068-E65D-41C2-87C9-CA6BA61A2EBD}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83EF81F4-A047-486B-9ED7-788156AA5F02}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2CCFE143-FE63-463D-BF2D-38FA0542B828}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30090691-2965-4C2E-BCEA-F17CD8043B3C}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{368EF3B6-D448-4597-BDD7-C5370190596C}" => not found

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

========= End of CMD: =========

==== End of Fixlog 10:10:26 ====


  • 0






Similar Topics

4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP