Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by proxy virus "http://ɴ.net/server.pac"


  • This topic is locked This topic is locked
10 replies to this topic

#1 Beautyspot

Beautyspot

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 17 August 2016 - 09:46 PM

Hi -

My system got infected with "http://ɴ.net/server.pac". I get the following message when I search for anything (google.co.in is my default).

 

Subject: www.google.co.in

Issuer: DO_NOT_TRUST_FiddlerRoot

Expires on: Oct 11, 2024

Current date: Aug 18, 2016

PEM encoded chain: -----BEGIN CERTIFICATE-----
MIIDXjCCAsugAwIBAgIQaSlxsx2jLqJH6fJH7CgKZTAJBgUrDgMCHQUAMIGLMSsw
KQYDVQQLEyJDcmVhdGVkIGJ5IGh0dHA6Ly93d3cuZmlkZGxlcjIuY29tMSEwHwYD
VQQKHhgARABPAF8ATgBPAFQAXwBUAFIAVQBTAFQxOTA3BgNVBAMeMABEAE8AXwBO
AE8AVABfAFQAUgBVAFMAVABfAEYAaQBkAGQAbABlAHIAUgBvAG8AdDAeFw0xMzEw
MTAyMjAwMDBaFw0yNDEwMTAyMTU5NTlaMGsxKzApBgNVBAsTIkNyZWF0ZWQgYnkg
aHR0cDovL3d3dy5maWRkbGVyMi5jb20xITAfBgNVBAoeGABEAE8AXwBOAE8AVABf
AFQAUgBVAFMAVDEZMBcGA1UEAxMQd3d3Lmdvb2dsZS5jby5pbjCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEA1WIde0niytofm2JEKlV93Zth5MEBHB6OYwQls67b
Z/deZ7G/NtRWKTXoNsLuy/kbfRqm/yssUf6VXHZNM7LfNbpqALp39Go2+Kus7opt
rbQxzb3y1T9VR9Naar18phGgeVcACB8jZ87lNnjsaEG3pB8ZA05HTfFJG+yRQJb2
52cCAwEAAaOB6TCB5jAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMB
MIHABgNVHQEEgbgwgbWAEBCCczXAZ/8ruHb/ZC4Dl56hgY4wgYsxKzApBgNVBAsT
IkNyZWF0ZWQgYnkgaHR0cDovL3d3dy5maWRkbGVyMi5jb20xITAfBgNVBAoeGABE
AE8AXwBOAE8AVABfAFQAUgBVAFMAVDE5MDcGA1UEAx4wAEQATwBfAE4ATwBUAF8A
VABSAFUAUwBUAF8ARgBpAGQAZABsAGUAcgBSAG8AbwB0ghAHb5u5w3kviUVnq6Ca
dWhYMAkGBSsOAwIdBQADgYEAMnv0SdEPvvUdvH8/zEOlEkOBP9M4sn/lZlFYuRS5
oBy8yJyClFHUCloO0xhgwdWARfhgGy7Bmu7Bj465SATFssrsA3HxncKbUKfjFpgc
B1LUGizBA4iy8pfgZaT/S3FqwlKq4axw12P+PJiZz7gx8RgYEJO80gcuYe36o33w
/rk=
-----END CERTIFICATE-----

 

I had previously run the FRST scan but did not use it as running roguekiller.exe fixed the error. I keep running roguekiller, it fixes the error, then again it comes back after some time. The reason I am mentioning is that FRST now creates only the FRST.txt file and does not create addition.txt. I am posting it here. 

Hoping that somebody would help me fix this error. Thanks for reading this.

Attached Files

  • Attached File  FRST.txt   81.24KB   15 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 22 August 2016 - 09:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/623851 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Beautyspot

Beautyspot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 24 August 2016 - 07:23 AM

Hi - Thanks for taking up my issue. I am grateful to you. I am unable to do any google searches as I get the privacy error as shown in my original messages. I had run Roguekiller.exe, Malwarebytes free version, adaware, adwcleaner, multiple times and everytime I run the Roguekiller, my problem goes away but it comes back after some time. I had earlier placed FRST in a different directory, run it and deleted the addition.txt then ran the above programs so I was not able to generate addition.txt again.
 
This time, I ran the FRST.exe from the desktop so I was able to generate the two files. Please find them attached. I do not have windows 10 CD as I had upgraded from windows 8.1 ( I do not have that CD too). I can, however, restore to the factory version but that would mean losing my Windows 10. 
 
Please let me know how I should proceed.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Beaut (administrator) on PIXELGRAFX (24-08-2016 17:27:03)
Running from C:\Users\Beaut\Desktop
Loaded Profiles: Beaut (Available Profiles: Beaut)
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
() C:\Users\Beaut\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Calibre2\ebook-viewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-01-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1571696 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [9571552 2016-07-18] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-09] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [265992 2015-03-18] (CyberLink Corp.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [465544 2016-02-10] (Power Software Ltd)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [258600 2016-01-05] (HP)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-06-23] (Adobe Systems Inc.)
HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-12-28] (Siber Systems)
HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\Run: [MiPhoneManager] => C:\Users\Beaut\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [157624 2016-05-06] ()
HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3948600 2016-06-10] (Tonec Inc.)
HKU\S-1-5-21-1291846121-857271882-2576323668-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
IFEO\SppExtComObj.exe: [Debugger] C:\WINDOWS\SECOH-QAD.exe
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-02] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-12-27]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM-x32] => hxxp://xn--koa.net/server.pac
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f31ffac0-4157-465f-b525-d7f22b6f9287}: [DhcpNameServer] 192.168.0.1
ManualProxies:

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1291846121-857271882-2576323668-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1291846121-857271882-2576323668-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?pc=UE03&ocid=UE03DHP
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-12-28] (Siber Systems Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll => No File
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: No Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> No File
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2015-10-20] (Mindjet)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-12-28] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-30] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-30] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll => No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-12-28] (Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll No File
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-12-28] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll No File
Toolbar: HKU\S-1-5-21-1291846121-857271882-2576323668-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-12-28] (Siber Systems Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)

Edge:
======
Edge Extension: AdBlock -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.0.5.0_neutral__c1wakc4j0nefm [2016-08-12]

FireFox:
========
FF ProfilePath: C:\Users\Beaut\AppData\Roaming\Mozilla\Firefox\Profiles\n1rdxtqe.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [2015-12-28] (Siber Systems Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1291846121-857271882-2576323668-1001: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [No File]
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF Extension: AdBlocker Ultimate - C:\Users\Beaut\AppData\Roaming\Mozilla\Firefox\Profiles\n1rdxtqe.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-05-08]
FF HKLM-x32\...\Firefox\Extensions: [adapter@gingersoftware.com] - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com => not found
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-12-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-08-17]
FF HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Beaut\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Beaut\AppData\Roaming\IDM\idmmzcc5 [2016-08-24] [not signed]

Chrome:
=======
CHR HomePage: Profile 1 -> hxxps://in.search.yahoo.com/?type=937811&fr=yo-yhp-ch
CHR StartupUrls: Profile 1 -> "hxxp://google.com/"
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\Beaut\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Beaut\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (AdBlock) - C:\Users\Beaut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\Beaut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-08-24]
CHR Extension: (IDM Integration Module) - C:\Users\Beaut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-08-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Beaut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-18]
CHR Extension: (Chrome Media Router) - C:\Users\Beaut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-04]
CHR Extension: (RoboForm Password Manager) - C:\Users\Beaut\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-06-01]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-12-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-06-23]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159832 2016-08-12] (Adobe Systems, Incorporated)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2015-09-18] ()
R2 CrypKey License; C:\WINDOWS\system32\crypserv.exe [126976 2010-03-19] (CrypKey (Canada) Ltd.) [File not signed]
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-26] (Dropbox, Inc.)
R2 esifsvc; C:\Windows\SysWoW64\esif_uf.exe [1394360 2015-08-12] (Intel Corporation)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-07-23] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359856 2015-10-02] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [732056 2016-07-18] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-07-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-07-23] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-01-28] (Realtek Semiconductor)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [997568 2014-06-29] (@ByELDI) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [261240 2016-07-26] (Synaptics Incorporated)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-09] (TeamViewer GmbH)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [92160 2015-02-17] (Code Sector) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 DFX12; C:\Windows\system32\drivers\dfx12x64.sys [28344 2015-10-13] (Windows ® Win 7 DDK provider)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-08-12] (Intel Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-16] ()
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-08-12] (Intel Corporation)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2016-01-02] (Sony Mobile Communications)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [88256 2015-07-22] (Intel Corporation)
S3 jakstaVA; C:\Windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (e2eSoft)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-19] ()
R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [103824 2015-07-17] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [211352 2015-07-17] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [120216 2015-07-17] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [120208 2015-07-17] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [112536 2015-07-17] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [89472 2015-09-01] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [133528 2015-07-17] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [309648 2015-07-17] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [179608 2015-07-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [122776 2015-07-17] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [267160 2015-07-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [115600 2015-07-17] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-07-23] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [173464 2015-07-22] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [130968 2015-07-22] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [207256 2015-07-22] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133528 2015-07-22] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [143768 2015-07-22] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [117144 2015-07-22] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [62080 2015-06-16] (Panda Security, S.L.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [889584 2015-12-27] (Realtek )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [600832 2015-08-06] (Realtek Semiconductor Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [5160704 2016-04-01] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-28] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [71800 2016-07-26] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-18] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2016-04-28] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-24 17:27 - 2016-08-24 17:28 - 00035240 _____ C:\Users\Beaut\Desktop\FRST.txt
2016-08-24 17:26 - 2016-08-24 17:26 - 02396672 _____ (Farbar) C:\Users\Beaut\Desktop\FRST64.exe
2016-08-24 16:28 - 2016-08-24 16:28 - 00000043 _____ C:\Users\Beaut\Desktop\movie.txt
2016-08-18 07:52 - 2016-08-18 07:52 - 00000000 ____D C:\Users\Beaut\Downloads\FRST-OlderVersion
2016-08-18 01:53 - 2016-08-18 01:53 - 00000980 _____ C:\Users\Beaut\Desktop\Ad-Aware_Report_Full_Manual_2016-08-18T01-28-29.298272.xml
2016-08-17 23:00 - 2016-08-17 23:00 - 00002411 _____ C:\Users\Public\Desktop\Articulate Storyline 2.lnk
2016-08-17 23:00 - 2016-08-17 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Articulate
2016-08-17 22:57 - 2016-08-17 22:57 - 00000000 ____D C:\Program Files (x86)\Articulate
2016-08-17 21:49 - 2016-08-17 21:49 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-17 19:18 - 2016-08-17 19:12 - 00000822 ____N C:\WINDOWS\system32\Drivers\etc\hosts_bkup
2016-08-17 19:00 - 2016-08-17 19:36 - 00000000 ____D C:\Users\Beaut\Desktop\Adobe Acrobat XI
2016-08-17 17:45 - 2016-08-17 17:45 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2016-08-17 02:07 - 2016-08-24 13:13 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0EC9C917-D419-466A-877A-AE79B5FC6CA5}
2016-08-16 20:03 - 2016-08-16 20:03 - 00000131 _____ C:\Users\Beaut\Desktop\Bharat Gas Suraksha Hose Request.txt
2016-08-16 15:27 - 2016-08-17 07:27 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\IDM
2016-08-16 15:27 - 2016-08-16 16:33 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-08-16 15:27 - 2016-08-16 15:27 - 00001085 _____ C:\Users\Beaut\Desktop\Internet Download Manager.lnk
2016-08-16 15:27 - 2016-08-16 15:27 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-08-16 15:27 - 2016-08-16 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-08-16 14:41 - 2016-08-16 14:41 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\nlctt.sys
2016-08-16 14:04 - 2016-08-18 07:40 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-08-16 14:03 - 2016-08-18 07:39 - 00000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-08-16 14:03 - 2016-08-18 07:39 - 00000000 ____D C:\ProgramData\RogueKiller
2016-08-16 14:03 - 2016-08-18 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-08-16 14:03 - 2016-08-18 07:39 - 00000000 ____D C:\Program Files\RogueKiller
2016-08-16 13:39 - 2016-08-24 17:27 - 00000000 ____D C:\FRST
2016-08-16 13:39 - 2016-08-18 08:06 - 00083186 _____ C:\Users\Beaut\Downloads\FRST.txt
2016-08-16 13:39 - 2016-08-18 07:52 - 02394624 _____ (Farbar) C:\Users\Beaut\Downloads\FRST64.exe
2016-08-16 12:47 - 2016-08-16 12:47 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\Lavasoft
2016-08-16 11:06 - 2016-08-24 16:32 - 00002416 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2016-08-16 11:06 - 2016-08-16 11:06 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\LavasoftStatistics
2016-08-16 11:06 - 2016-08-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-08-16 11:03 - 2016-08-16 11:03 - 00000000 ____D C:\Program Files\Lavasoft
2016-08-16 11:02 - 2016-08-16 11:02 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-08-16 10:59 - 2016-08-16 10:59 - 00000000 ____D C:\ProgramData\Lavasoft
2016-08-16 10:36 - 2016-08-16 10:36 - 00000000 _____ C:\autoexec.bat
2016-08-16 10:33 - 2016-08-16 10:33 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-08-16 08:45 - 2016-08-24 08:53 - 00005216 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for PIXELGRAFX-Beaut PixelGrafx
2016-08-16 08:01 - 2016-08-16 08:01 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-08-15 22:50 - 2016-08-24 16:31 - 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBeaut.job
2016-08-15 22:50 - 2016-08-22 23:09 - 00003246 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBeaut
2016-08-15 07:23 - 2016-08-15 07:23 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\VS Revo Group
2016-08-15 07:07 - 2016-08-15 07:08 - 00000000 ____D C:\Users\Beaut\Desktop\Adobe Acrobat
2016-08-12 08:01 - 2016-08-12 08:01 - 00062596 _____ C:\Users\Beaut\Desktop\2016-08-12-08-01-03-290_1470969063290_XXXPT0102X_Acknowledgement.pdf
2016-08-10 21:38 - 2016-08-10 21:38 - 00031841 _____ C:\Users\Beaut\Desktop\National Film Registry.xlsx
2016-08-10 00:59 - 2016-08-02 14:18 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 00:59 - 2016-08-02 14:14 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 00:59 - 2016-08-02 14:14 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-10 00:59 - 2016-08-02 13:50 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-10 00:59 - 2016-08-02 13:28 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 00:59 - 2016-08-02 13:25 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 00:59 - 2016-08-02 10:21 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 00:59 - 2016-08-02 10:07 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-10 00:59 - 2016-08-02 10:03 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-10 00:59 - 2016-08-02 09:57 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-10 00:59 - 2016-08-02 09:55 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-10 00:59 - 2016-08-02 09:55 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 00:59 - 2016-08-02 09:53 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-10 00:59 - 2016-08-02 09:43 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-10 00:59 - 2016-08-02 09:39 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-10 00:58 - 2016-08-02 14:28 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 00:58 - 2016-08-02 14:23 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 00:58 - 2016-08-02 14:22 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 00:58 - 2016-08-02 14:18 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-10 00:58 - 2016-08-02 13:53 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 00:58 - 2016-08-02 13:51 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-10 00:58 - 2016-08-02 13:51 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-10 00:58 - 2016-08-02 13:50 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-10 00:58 - 2016-08-02 13:45 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-10 00:58 - 2016-08-02 13:45 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-10 00:58 - 2016-08-02 13:44 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-10 00:58 - 2016-08-02 13:43 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 00:58 - 2016-08-02 13:42 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-10 00:58 - 2016-08-02 13:41 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-10 00:58 - 2016-08-02 13:41 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-10 00:58 - 2016-08-02 13:40 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-10 00:58 - 2016-08-02 13:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-10 00:58 - 2016-08-02 13:37 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 00:58 - 2016-08-02 13:37 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-10 00:58 - 2016-08-02 13:33 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-10 00:58 - 2016-08-02 13:30 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-10 00:58 - 2016-08-02 13:29 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 00:58 - 2016-08-02 13:27 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 00:58 - 2016-08-02 13:26 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-10 00:58 - 2016-08-02 13:26 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 00:58 - 2016-08-02 13:26 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-10 00:58 - 2016-08-02 13:25 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 00:58 - 2016-08-02 13:22 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-10 00:58 - 2016-08-02 10:26 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 00:58 - 2016-08-02 10:17 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-10 00:58 - 2016-08-02 10:09 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-10 00:58 - 2016-08-02 10:07 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-10 00:58 - 2016-08-02 10:06 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-10 00:58 - 2016-08-02 10:00 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-10 00:58 - 2016-08-02 09:58 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 00:58 - 2016-08-02 09:56 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 00:58 - 2016-08-02 09:56 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-10 00:58 - 2016-08-02 09:46 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 00:58 - 2016-08-02 09:43 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 00:58 - 2016-08-02 09:42 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-06 07:22 - 2016-08-06 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-05 21:41 - 2016-08-05 21:41 - 00000000 ____D C:\Users\Public\Foxit Software
2016-08-05 21:41 - 2016-08-05 21:41 - 00000000 ____D C:\ProgramData\Foxit Software
2016-08-05 09:57 - 2016-08-04 21:20 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-05 09:47 - 2016-08-05 09:47 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-05 09:47 - 2016-08-05 09:47 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-05 09:47 - 2016-08-05 09:47 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-05 09:47 - 2016-08-05 09:47 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-05 09:47 - 2016-08-05 09:47 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-05 09:47 - 2016-08-05 09:47 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-05 09:47 - 2016-08-05 09:47 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-05 09:47 - 2016-08-05 09:47 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-05 09:47 - 2016-08-05 09:47 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-05 09:47 - 2016-08-05 09:47 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-05 09:47 - 2016-08-05 09:47 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-05 09:47 - 2016-08-05 09:47 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-05 09:47 - 2016-08-05 09:47 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-05 09:47 - 2016-08-05 09:47 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-05 09:47 - 2016-08-05 09:47 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-05 09:47 - 2016-07-16 08:59 - 03419648 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons004a.dll
2016-08-05 09:47 - 2016-07-16 08:56 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS1.dll
2016-08-05 09:47 - 2016-07-16 08:56 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData004a.dll
2016-08-05 09:47 - 2016-07-16 08:14 - 03419648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons004a.dll
2016-08-05 09:47 - 2016-07-16 08:12 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData004a.dll
2016-08-05 09:47 - 2016-07-16 08:09 - 03004416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MLS1.dll
2016-08-05 09:46 - 2016-08-05 09:46 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-05 09:46 - 2016-08-04 20:29 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-05 09:41 - 2016-08-05 09:41 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-05 09:41 - 2016-08-05 09:41 - 00000000 ____D C:\Program Files\MSBuild
2016-08-05 09:41 - 2016-08-05 09:41 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-05 09:41 - 2016-08-05 09:41 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-05 09:41 - 2016-08-05 09:41 - 00000000 ____D C:\inetpub
2016-08-05 09:40 - 2016-05-26 04:01 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-05 09:40 - 2016-05-26 04:01 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-05 09:40 - 2016-05-26 04:01 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-05 09:40 - 2016-05-26 00:33 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-05 09:40 - 2016-05-26 00:33 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-05 09:40 - 2016-05-26 00:33 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-04 21:27 - 2016-08-04 21:27 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-04 21:21 - 2016-08-11 07:22 - 00000000 ____D C:\Users\Beaut\AppData\Local\ConnectedDevicesPlatform
2016-08-04 21:21 - 2016-08-04 21:21 - 00000020 ___SH C:\Users\Beaut\ntuser.ini
2016-08-04 21:20 - 2016-08-04 21:20 - 00000000 _SHDL C:\Users\Default\My Documents
2016-08-04 21:20 - 2016-08-04 21:20 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-08-04 21:20 - 2016-08-04 21:20 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-08-04 21:20 - 2016-08-04 21:20 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-08-04 21:20 - 2016-08-04 21:20 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-08-04 21:20 - 2016-08-04 21:20 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-08-04 21:20 - 2016-08-04 21:20 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-08-04 21:20 - 2016-08-04 21:20 - 00000000 ____D C:\ProgramData\USOShared
2016-08-04 21:15 - 2016-08-04 21:19 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-04 21:15 - 2016-08-04 21:19 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-04 21:09 - 2016-08-24 16:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-04 21:08 - 2016-08-04 21:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-08-04 21:08 - 2016-08-04 21:08 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-08-04 20:54 - 2016-08-04 20:54 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-04 20:54 - 2016-08-04 20:54 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2016-08-04 20:54 - 2016-08-04 20:54 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata
2016-08-04 20:54 - 2016-08-04 20:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-08-04 20:54 - 2016-08-04 20:54 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2016-08-04 20:54 - 2016-08-04 20:54 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata
2016-08-04 20:54 - 2016-08-04 20:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-08-04 20:44 - 2016-08-04 20:57 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-04 20:40 - 2016-08-24 16:35 - 00000000 ____D C:\Users\Beaut
2016-08-04 20:40 - 2016-08-04 20:40 - 00000000 _SHDL C:\Users\Beaut\My Documents
2016-08-04 20:40 - 2016-08-04 20:40 - 00000000 _SHDL C:\Users\Beaut\Documents\My Videos
2016-08-04 20:40 - 2016-08-04 20:40 - 00000000 _SHDL C:\Users\Beaut\Documents\My Pictures
2016-08-04 20:40 - 2016-08-04 20:40 - 00000000 _SHDL C:\Users\Beaut\Documents\My Music
2016-08-04 20:38 - 2016-08-16 12:39 - 01171044 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-04 20:38 - 2016-08-04 21:03 - 00997006 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-08-04 20:34 - 2016-08-04 20:34 - 00018883 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-08-04 20:34 - 2016-08-04 20:34 - 00001839 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B&O Play.lnk
2016-08-04 20:34 - 2016-08-04 20:34 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-04 20:34 - 2016-08-04 20:34 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-08-04 20:34 - 2016-08-04 20:34 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-04 20:34 - 2016-08-04 20:34 - 00000000 ____D C:\Program Files\Realtek
2016-08-04 20:34 - 2015-07-23 06:40 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-08-04 20:34 - 2015-07-23 06:40 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-08-04 20:34 - 2015-07-23 06:40 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-08-04 20:34 - 2015-07-23 06:40 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-08-04 20:34 - 2015-07-23 06:40 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-08-04 20:34 - 2015-07-23 06:40 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-08-04 20:34 - 2015-07-23 06:40 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-08-04 20:34 - 2015-07-23 06:40 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-08-04 20:34 - 2015-07-22 09:59 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-08-04 20:33 - 2016-08-24 16:36 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-04 20:33 - 2016-08-04 20:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-04 20:33 - 2016-08-04 20:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-08-04 20:33 - 2016-08-04 20:33 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-08-04 20:33 - 2016-08-04 20:33 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-08-04 20:33 - 2016-08-04 20:33 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-08-04 20:33 - 2016-08-04 20:33 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-08-04 20:33 - 2016-08-04 20:33 - 00000000 ____D C:\Program Files\Synaptics
2016-08-04 20:32 - 2016-08-04 20:45 - 00000000 ____D C:\Program Files\Intel
2016-08-04 20:32 - 2016-08-04 20:32 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2016-08-04 20:32 - 2016-07-16 17:11 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-04 20:32 - 2015-10-02 17:26 - 00095232 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-08-04 20:32 - 2015-10-02 17:26 - 00091128 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-08-04 20:31 - 2016-08-04 20:45 - 00000000 ____D C:\Program Files (x86)\Intel
2016-08-04 20:29 - 2016-08-24 16:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-04 20:29 - 2016-08-24 16:31 - 05425592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-01 16:26 - 2016-08-01 16:26 - 00034273 _____ C:\Users\Beaut\Desktop\Health Policy-2015_NOV_4148_05112015.pdf
2016-07-26 08:39 - 2016-07-26 08:39 - 00870520 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2016-07-26 08:39 - 2016-07-26 08:39 - 00806520 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2016-07-26 08:39 - 2016-07-26 08:39 - 00435320 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2016-07-26 08:39 - 2016-07-26 08:39 - 00288888 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo41-1.dll
2016-07-26 08:39 - 2016-07-26 08:39 - 00285816 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2016-07-26 08:39 - 2016-07-26 08:39 - 00071800 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2016-07-26 08:39 - 2016-07-26 08:39 - 00068728 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2016-07-26 08:39 - 2016-07-26 08:39 - 00066168 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-24 17:09 - 2016-07-24 15:31 - 00000000 ____D C:\07 Books
2016-08-24 16:44 - 2016-07-16 17:06 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-24 16:36 - 2015-12-27 07:26 - 00000000 __SHD C:\Users\Beaut\IntelGraphicsProfiles
2016-08-24 16:32 - 2016-04-07 16:18 - 00000000 ____D C:\Program Files\KMSpico
2016-08-24 16:32 - 2015-07-10 16:34 - 00000219 _____ C:\WINDOWS\win.ini
2016-08-24 16:30 - 2015-12-27 09:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-24 16:28 - 2015-12-29 07:44 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\DMCache
2016-08-24 15:31 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-24 08:06 - 2016-07-16 17:17 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-24 08:06 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-23 22:48 - 2015-12-27 12:34 - 00000000 ____D C:\Users\Beaut\AppData\Local\CrashDumps
2016-08-23 16:27 - 2016-05-08 21:43 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\Nitro PDF
2016-08-21 15:15 - 2016-02-27 15:50 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\vlc
2016-08-20 06:35 - 2016-05-23 23:25 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\TeraCopy
2016-08-20 06:35 - 2015-12-29 07:44 - 00000000 ____D C:\Users\Beaut\Downloads\Video
2016-08-18 23:05 - 2015-12-26 22:29 - 00000000 ____D C:\Users\Beaut\AppData\Local\Packages
2016-08-18 10:23 - 2014-05-07 00:31 - 00000000 ____D C:\Users\Beaut\Documents\Pinnacle Bks
2016-08-18 07:01 - 2015-12-27 15:49 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\qBittorrent
2016-08-18 05:12 - 2015-12-27 16:33 - 00000000 ____D C:\Users\Beaut\Downloads\Torrents
2016-08-18 05:12 - 2015-12-27 15:51 - 00000000 ____D C:\Users\Beaut\Downloads\Incomplete
2016-08-17 23:09 - 2016-01-20 06:45 - 00000000 ____D C:\Users\Beaut\AppData\Local\Articulate
2016-08-17 22:57 - 2015-08-01 08:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-17 19:41 - 2016-07-16 17:15 - 00000000 ____D C:\WINDOWS\INF
2016-08-17 19:41 - 2015-12-27 09:00 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-08-17 19:41 - 2015-12-27 08:53 - 00000000 ____D C:\Users\Beaut\AppData\Local\Adobe
2016-08-17 19:38 - 2015-12-27 08:54 - 00000000 ____D C:\ProgramData\Adobe
2016-08-17 19:22 - 2015-12-27 08:59 - 00000000 ____D C:\Program Files\Adobe
2016-08-17 18:55 - 2015-12-30 07:44 - 00000000 ____D C:\Program Files\Pinnacle
2016-08-17 18:42 - 2016-05-08 18:13 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\Opera Software
2016-08-17 18:42 - 2016-05-08 18:13 - 00000000 ____D C:\Users\Beaut\AppData\Local\Opera Software
2016-08-17 17:44 - 2016-07-16 11:34 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-08-17 17:42 - 2015-09-03 05:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-17 17:39 - 2015-12-27 09:10 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\WildTangent
2016-08-17 17:39 - 2015-09-03 05:55 - 00000000 ____D C:\ProgramData\WildTangent
2016-08-17 17:39 - 2015-09-03 05:55 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-08-17 10:06 - 2016-06-24 07:52 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2016-08-16 14:41 - 2016-03-26 09:05 - 00000000 __SHD C:\WINDOWS\ftpcache
2016-08-16 13:58 - 2016-06-06 20:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-16 11:02 - 2016-06-06 21:02 - 00000000 ____D C:\AdwCleaner
2016-08-16 10:26 - 2016-03-07 23:00 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\Notepad++
2016-08-16 10:26 - 2016-03-07 23:00 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-08-15 21:55 - 2015-12-27 00:17 - 00000000 ____D C:\Users\Beaut\AppData\Local\Microsoft Help
2016-08-15 19:36 - 2016-01-04 16:22 - 00000000 ____D C:\Users\Beaut\Documents\PlagiarismCheckerX
2016-08-15 17:19 - 2016-06-18 22:20 - 00000000 ____D C:\06 Music
2016-08-15 07:35 - 2016-01-09 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2016-08-15 07:33 - 2016-05-15 10:04 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\BSplayer PRO
2016-08-15 07:19 - 2015-12-31 15:44 - 00000000 ____D C:\Users\Beaut\Documents\Adobe Captivate Cached Projects
2016-08-12 12:19 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 08:28 - 2015-12-29 20:29 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-08-11 08:27 - 2016-03-26 10:02 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-08-11 07:26 - 2015-12-26 22:30 - 00000000 ____D C:\Users\Beaut\Documents\YouCam
2016-08-11 07:21 - 2015-07-16 11:35 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-11 06:54 - 2016-07-16 17:17 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-11 06:54 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-11 06:54 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-11 06:54 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-11 06:54 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-11 06:54 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-11 06:54 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-11 06:54 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-10 07:03 - 2015-12-27 01:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 06:52 - 2015-12-27 01:44 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-06 21:38 - 2016-06-28 17:48 - 00000000 ____D C:\Foxit PhantomPDF Business 8.0.0.624 Portable [SadeemPC]
2016-08-06 07:23 - 2015-09-03 06:02 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-05 21:43 - 2015-12-27 10:27 - 00000230 _____ C:\Users\Public\Documents\pre_fileassoc.tmp
2016-08-05 21:37 - 2015-12-27 10:30 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\Foxit Software
2016-08-05 09:57 - 2016-07-16 17:17 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-05 09:47 - 2016-07-16 19:41 - 00000000 ____D C:\WINDOWS\OCR
2016-08-05 09:41 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-08-05 09:41 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-08-05 09:41 - 2016-07-16 17:14 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-08-05 09:41 - 2016-07-16 17:14 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-08-05 09:41 - 2016-07-16 17:14 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-08-05 09:41 - 2016-07-16 17:14 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-08-05 09:41 - 2016-07-16 17:14 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-08-05 09:41 - 2016-07-16 17:14 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-08-05 09:41 - 2016-07-16 17:14 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2016-08-05 09:41 - 2016-07-16 17:13 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-08-05 09:41 - 2016-07-16 17:13 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-08-05 09:41 - 2016-07-16 17:13 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-08-05 09:41 - 2016-07-16 17:13 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-08-05 09:41 - 2016-07-16 17:13 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-08-05 09:41 - 2016-07-16 17:13 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-08-05 09:41 - 2016-07-16 17:13 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2016-08-05 09:12 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-04 21:30 - 2015-12-26 22:36 - 00002370 _____ C:\Users\Beaut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-04 21:30 - 2015-12-26 22:36 - 00000000 ___RD C:\Users\Beaut\OneDrive
2016-08-04 21:20 - 2016-07-16 17:17 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-04 21:15 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-04 21:15 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\Registration
2016-08-04 21:15 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-04 21:09 - 2015-12-27 07:14 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-04 21:07 - 2016-07-16 17:17 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-04 20:58 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-08-04 20:57 - 2016-07-21 07:38 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4
2016-08-04 20:57 - 2016-07-21 07:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-08-04 20:57 - 2016-07-16 17:17 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-04 20:57 - 2016-06-21 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2016-08-04 20:57 - 2016-06-13 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-04 20:57 - 2016-06-06 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-04 20:57 - 2016-05-22 07:12 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iSumsoft Windows Password Refixer Ultimate Trial
2016-08-04 20:57 - 2016-04-07 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2016-08-04 20:57 - 2016-04-07 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-04 20:57 - 2016-04-03 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2016-08-04 20:57 - 2016-03-12 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mockplus
2016-08-04 20:57 - 2016-02-25 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-08-04 20:57 - 2016-01-30 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-04 20:57 - 2016-01-19 18:45 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
2016-08-04 20:57 - 2016-01-13 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
2016-08-04 20:57 - 2016-01-04 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plagiarism Checker X
2016-08-04 20:57 - 2016-01-03 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2016-08-04 20:57 - 2016-01-02 15:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 5
2016-08-04 20:57 - 2015-12-31 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2016-08-04 20:57 - 2015-12-31 15:35 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MathMagic for Captivate
2016-08-04 20:57 - 2015-12-31 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-08-04 20:57 - 2015-12-31 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-08-04 20:57 - 2015-12-31 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpring Suite 7
2016-08-04 20:57 - 2015-12-30 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet MindManager 2016
2016-08-04 20:57 - 2015-12-29 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2016-08-04 20:57 - 2015-12-29 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-04 20:57 - 2015-12-29 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oxygen XML Editor 16.0 (64-bit)
2016-08-04 20:57 - 2015-12-28 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ResumeMaker Professional
2016-08-04 20:57 - 2015-12-28 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2016-08-04 20:57 - 2015-12-28 07:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReNamer
2016-08-04 20:57 - 2015-12-27 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2016-08-04 20:57 - 2015-12-27 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-08-04 20:57 - 2015-12-27 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePresenter
2016-08-04 20:57 - 2015-12-27 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-08-04 20:57 - 2015-12-27 06:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-08-04 20:57 - 2015-12-27 01:01 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2016-08-04 20:57 - 2015-12-27 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2016-08-04 20:57 - 2015-10-30 14:35 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-04 20:57 - 2015-09-03 05:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-08-04 20:57 - 2015-09-03 05:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-08-04 20:57 - 2015-09-03 05:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-08-04 20:54 - 2015-10-30 11:58 - 00000000 ____D C:\Users\Default.migrated
2016-08-04 20:48 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-04 20:48 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-04 20:48 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-04 20:48 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-04 20:48 - 2016-02-03 07:32 - 00000000 ____D C:\WINDOWS\SysWOW64\msv
2016-08-04 20:48 - 2016-02-03 07:32 - 00000000 ____D C:\WINDOWS\system32\msv
2016-08-04 20:48 - 2015-08-01 08:17 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2016-08-04 20:46 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-04 20:46 - 2016-05-15 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh
2016-08-04 20:46 - 2016-04-19 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-04 20:46 - 2016-03-05 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AheadPDF
2016-08-04 20:46 - 2015-12-26 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2016-08-04 20:45 - 2016-07-16 17:17 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-04 20:45 - 2016-07-16 17:17 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-04 20:42 - 2016-04-02 12:26 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xiaomi
2016-08-04 20:42 - 2016-01-15 16:41 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-08-04 20:38 - 2016-07-16 11:34 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-04 20:35 - 2016-07-16 17:17 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-04 20:35 - 2016-07-16 17:17 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-04 20:34 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\Help
2016-08-04 20:34 - 2015-12-27 00:22 - 00000000 ____D C:\Temp
2016-08-03 20:49 - 2016-07-23 11:10 - 00000000 ____D C:\Users\Beaut\Desktop\Hyma's Office Files
2016-08-01 21:36 - 2015-12-27 22:11 - 00000000 ____D C:\02 TV
2016-07-31 23:02 - 2015-12-26 23:32 - 00000000 ____D C:\Users\Beaut\AppData\Roaming\PotPlayerMini64
2016-07-31 04:02 - 2015-12-26 22:29 - 00000000 ____D C:\Users\Beaut\AppData\Local\VirtualStore
2016-07-30 07:32 - 2015-12-29 08:20 - 00000000 ____D C:\ProgramData\Oracle
2016-07-30 07:31 - 2015-12-29 08:21 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-07-30 07:31 - 2015-12-29 08:21 - 00000000 ____D C:\Users\Beaut\.oracle_jre_usage
2016-07-30 07:31 - 2015-12-29 08:20 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-28 22:56 - 2015-12-31 15:05 - 00000128 ____H C:\Users\Beaut\AppData\Roaming\de2ad1ebe368dd659e06d005941e7c4d2ce419b6
2016-07-28 22:56 - 2015-12-31 15:05 - 00000128 ____H C:\ProgramData\de2ad1ebe368dd659e06d005941e7c4d2ce419b6
2016-07-26 08:39 - 2015-12-27 06:52 - 00071800 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2016-07-26 08:36 - 2015-12-27 06:52 - 01804696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll

==================== Files in the root of some directories =======

2016-05-09 09:50 - 2016-05-09 09:50 - 21572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-12-27 12:44 - 2015-12-31 14:13 - 0000128 ____H () C:\Users\Beaut\AppData\Roaming\d9135c394decbfc1cfce595848be5701eeb798e2
2015-12-31 15:05 - 2016-07-28 22:56 - 0000128 ____H () C:\Users\Beaut\AppData\Roaming\de2ad1ebe368dd659e06d005941e7c4d2ce419b6
2015-12-30 08:24 - 2015-12-30 08:24 - 0000196 _____ () C:\Users\Beaut\AppData\Roaming\PIXELGRAFX.MTBF.txt
2015-12-26 22:30 - 2016-08-24 16:36 - 0481621 _____ () C:\Users\Beaut\AppData\Local\BTServer.log
2016-02-05 20:54 - 2016-02-24 18:48 - 0000100 _____ () C:\Users\Beaut\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2015-12-30 08:26 - 2016-07-03 00:51 - 0004608 _____ () C:\Users\Beaut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-12 07:52 - 2016-01-12 07:52 - 0000757 _____ () C:\Users\Beaut\AppData\Local\recently-used.xbel
2016-03-12 16:44 - 2016-03-12 16:44 - 0000032 RSHOT () C:\Users\Beaut\AppData\Local\t70rc.dat
2016-01-04 16:21 - 2016-01-04 16:21 - 0000362 _____ () C:\Users\Beaut\AppData\Local\winconf.pxt
2015-12-27 12:44 - 2015-12-31 14:13 - 0000128 ____H () C:\ProgramData\d9135c394decbfc1cfce595848be5701eeb798e2
2015-12-31 15:05 - 2016-07-28 22:56 - 0000128 ____H () C:\ProgramData\de2ad1ebe368dd659e06d005941e7c4d2ce419b6

Some files in TEMP:
====================
C:\Users\Beaut\AppData\Local\Temp\bassmod.dll
C:\Users\Beaut\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Beaut\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Beaut\AppData\Local\Temp\libeay32.dll
C:\Users\Beaut\AppData\Local\Temp\msvcr120.dll
C:\Users\Beaut\AppData\Local\Temp\sqlite3.dll
C:\Users\Beaut\AppData\Local\Temp\_setup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-20 21:13

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Beaut (24-08-2016 17:29:07)
Running from C:\Users\Beaut\Desktop
Windows 10 Home Single Language Version 1607 (X64) (2016-08-04 15:50:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1291846121-857271882-2576323668-500 - Administrator - Disabled)
Beaut (S-1-5-21-1291846121-857271882-2576323668-1001 - Administrator - Enabled) => C:\Users\Beaut
DefaultAccount (S-1-5-21-1291846121-857271882-2576323668-503 - Limited - Disabled)
Guest (S-1-5-21-1291846121-857271882-2576323668-501 - Limited - Disabled)
tiruv (S-1-5-21-1291846121-857271882-2576323668-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.13 (x64) (HKLM\...\7-Zip) (Version: 15.13 - Igor Pavlov)
ACDSeePro (HKLM-x32\...\ACDSeePro) (Version: 9.1.0.453 - ACD Systems International Inc.)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 5.5.1 - Atomi Systems, Inc.)
Ad-Aware Antivirus (HKLM\...\{36036827-FA38-4A74-8333-26BC4EEC9308}_AdAwareUpdater) (Version: 11.12.945.9202 - Lavasoft)
AdAwareInstaller (Version: 11.12.945.9202 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.12.945.9202 - Lavasoft) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.17 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Captivate Quiz Results Analyzer (HKLM-x32\...\QuizResultsAnalyzer8) (Version: 8 - Adobe Systems, Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Ahead PDF Password Remover 2.0.0 (HKLM-x32\...\{B114A585-8D20-4409-80E3-03E53C6F9E9F}_is1) (Version: - AheadPDF)
Amazon Kindle (HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{19A0FC97-8CEC-A36C-CFD1-64C311DA1269}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.129.0 - Lavasoft) Hidden
Articulate Storyline 2 (HKLM-x32\...\{99d3b7ab-fe12-4e83-9fb4-3c20d40a15f4}) (Version: 2.8.282.0 - Articulate)
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.3.11 - Balsamiq SRL)
Balsamiq Mockups 3 (x32 Version: 3.3.11 - Balsamiq SRL) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.695 - Broadcom Corporation)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.70.1080 - AB Team, d.o.o.)
calibre 64bit (HKLM\...\{75F18D87-1342-41F3-8FF4-293CA74FC928}) (Version: 2.52.0 - Kovid Goyal)
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
ClipGrab 3.5.6 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5118.0 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
Grammarly for Microsoft® Office Suite (Version: 6.5.57 - Grammarly) Hidden
Hollywood FX Volumes 1-3 (HKLM\...\{48C2040D-B49F-4B4D-AE4A-0DCED3305692}) (Version: 3.0 - Corel Corporation)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.3.27.17 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.26.37 - HP)
HP System Event Utility (HKLM-x32\...\{025C1573-2F1D-46AF-BAB8-594EBF56A889}) (Version: 1.4.11 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{1BDD178E-43DC-4063-B480-BA2BAE03E2A0}) (Version: 1.1.15.1 - HP)
IDM Crack 6.25 build 20 (HKLM-x32\...\IDM Crack 6.25 build 20) (Version: build 21 - Crackingpatching.com Team)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{2b192f1e-b8b6-4ea8-9eb0-31dae50e7dbd}) (Version: 18.32.0000.3816 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4281 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iSpring Suite 7 (HKLM\...\{1D8CEF20-69C2-452F-B251-3F45127C7DEB}) (Version: 7.0.0 - iSpring Solutions Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mi PC Suite (HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\MiPhoneManager) (Version: - Xiaomi Inc.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Mindjet MindManager 2016 (HKLM-x32\...\{0CE4340E-1065-4059-B6A5-A95325076533}) (Version: 16.0.159 - Mindjet)
Mockplus version 2.1.7.1 (HKLM-x32\...\{8B600D50-CD5E-4995-B35A-6A7A5CCD9AA1}_is1) (Version: 2.1.7.1 - Jongde Software LLC.)
Mp3tag v2.77 (HKLM-x32\...\Mp3tag) (Version: v2.77 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MusicBee 2.5 (HKLM-x32\...\MusicBee) (Version: 2.5 - Steven Mayall)
Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Oxygen XML Editor 16.0 (64-bit) (HKLM\...\8531-1278-6363-8538) (Version: 16.0 - SyncRO Soft)
Panda Devices Agent (x32 Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.00.02.0000 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Plagiarism Checker X (HKLM-x32\...\Plagiarism Checker X 5.1.4) (Version: 5.1.4 - Plagiarism Checker X, LLC)
Plagiarism Checker X (x32 Version: 5.1.4 - Plagiarism Checker X, LLC) Hidden
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
qBittorrent 3.3.6 (HKLM-x32\...\qBittorrent) (Version: 3.3.6 - The qBittorrent project)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.46 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.103 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.62 - REALTEK Semiconductor Corp.)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 6.5.0.0 - den4b Team)
ResumeMaker Professional (HKLM-x32\...\ResumeMaker Professional) (Version: 14 - Individual Software, Inc)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
RoboForm 7-9-16-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-16-7 - Siber Systems)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
ScoreFitter Volumes 1-2 (HKLM\...\{5CA29919-6361-4A17-91C5-6819E43794B1}) (Version: 3.0 - Corel Corporation)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
ShellExtensionx64 (Version: 2.8.282.0 - Articulate) Hidden
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Shooter Suite v12.7.2 (HKLM-x32\...\{7DFC5E36-8CC9-4EC5-9C24-A3770A669E3F}_is1) (Version: 12.7.2 - Red Giant, LLC)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{4FC332FE-CBE3-4AE0-B531-35048FD81912}) (Version: 12.4.1 - TechSmith Corporation)
Storyline (x32 Version: 2.8.282.0 - Articulate) Hidden
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.11.38 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
TeraCopy 3.0 alpha 5 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Title Extreme (HKLM\...\{3B519225-B4B2-40B7-A431-3C6AAE2831B4}) (Version: 3.0 - Corel Corporation)
Trapcode Suite v12.1.9 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.9 - Red Giant, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1291846121-857271882-2576323668-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Beaut\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.5.57\5F6AA92DF392491CB1788466E56B8768\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-1291846121-857271882-2576323668-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Beaut\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {046F915F-51DB-4B54-8813-B3F5BD316B1B} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-22] (Hewlett-Packard Development Company, L.P.)
Task: {1009E204-4791-4A30-A6F3-A8B9285889D0} - \KMSAuto -> No File <==== ATTENTION
Task: {14FF5AC2-66FE-43B9-AA45-8358EFF4B354} - System32\Tasks\HPCeeScheduleForBeaut => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {2E7A4553-B7B4-4281-A8AB-54F303604F90} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {30774205-20B2-4CE1-93BA-35A2A30B9DFD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {435707D7-AF5F-4683-85DF-BDFE35F05288} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {504340E2-23B9-43BA-B221-56A3D4D58388} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PIXELGRAFX-Beaut PixelGrafx => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {6CB1DE50-D067-4979-8DA8-24A7A061A031} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8DF5AF1D-1877-45B4-8D84-D05D3C502B0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {8F6AB7F9-2038-4EEC-BC85-CEC5AAE9825F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {95226FFA-772F-4985-B01D-CB5517EED058} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {B596612F-E9EF-41FB-9EFF-EF776BA66C84} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {D319B502-E7E8-4BFC-ACC8-1BE027F976AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {D3B2D96A-2A99-4908-B2F1-96A7C24600BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForBeaut.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Beaut\Desktop\Desktop Stuff\Pandora TV.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.pandora.tv/?kmp
ShortcutWithArgument: C:\Users\Beaut\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 17:12 - 2016-07-16 17:12 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 17:12 - 2016-07-16 17:12 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-04 20:34 - 2015-07-23 06:40 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-03 05:27 - 2015-09-18 16:27 - 00125656 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-05-19 13:27 - 2014-05-19 13:27 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2016-07-18 20:22 - 2016-07-18 20:22 - 00732056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
2016-07-18 20:27 - 2016-07-18 20:27 - 00030464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_system-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00068872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_date_time-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00146184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_filesystem-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 11625208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareServiceKernel.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03420880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\RCF.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 01005824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_regex-vc140-mt-1_61.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 00124672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_thread-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00040192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_chrono-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00986864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareActivation.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00623360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareApplicationUpdater.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00837872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareGamingMode.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00111336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareReset.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00134368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTime.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01049856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdater.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00901392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdaterScheduler.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01104624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIgnoreList.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00268016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareQuarantine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01630464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiMalwareEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00226048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiRootkitEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01179384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerHistory.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01377512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScanner.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 00039680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_timer-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01025784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerScheduler.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01205504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 02663672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIncompatibles.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01520872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiSpam.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01457904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiPhishing.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03464440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareParentalControl.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03124472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareWebProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01327864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareEmailProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00073480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_iostreams-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01905408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNetworkProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01031912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePromo.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00467688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareFeedback.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03159808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareThreatWorkAlliance.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01313512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePinCode.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01033960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNotice.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01597680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAvcEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01170704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtectionHistory.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00535280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareStatistics.dll
2016-07-16 17:12 - 2016-07-16 17:12 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-04 21:30 - 2016-08-04 21:30 - 00959168 _____ () C:\Users\Beaut\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-07-16 17:12 - 2016-07-16 17:12 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-07-16 17:12 - 2016-07-16 17:12 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-10 00:58 - 2016-08-02 13:45 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-10 00:59 - 2016-08-02 13:31 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-10 00:59 - 2016-08-02 13:23 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-10 00:59 - 2016-08-02 13:23 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-10 00:59 - 2016-08-02 13:24 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-08-10 00:59 - 2016-08-02 13:24 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-10 00:59 - 2016-08-02 13:26 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-13 08:08 - 2016-08-13 08:08 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-08-13 08:08 - 2016-08-13 08:08 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-08-13 08:08 - 2016-08-13 08:08 - 35290624 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 09571552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
2016-07-18 20:26 - 2016-07-18 20:26 - 00539392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_locale-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 02485992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\HtmlFramework.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00871672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTrayDefaultSkin.dll
2016-05-06 14:33 - 2016-05-06 14:33 - 00157624 ____N () C:\Users\Beaut\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
2016-07-16 19:49 - 2016-07-16 19:49 - 03790336 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-07-16 19:49 - 2016-07-16 19:49 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-03-18 21:42 - 2016-03-18 21:42 - 00075776 _____ () C:\Program Files\Calibre2\ebook-viewer.exe
2016-02-26 08:47 - 2016-02-26 08:47 - 00043008 ____R () C:\Program Files\Calibre2\calibre-launcher.dll
2014-05-03 23:42 - 2014-05-03 23:42 - 00137728 ____R () C:\Program Files\Calibre2\DLLs\pywintypes27.dll
2016-02-26 08:56 - 2016-02-26 08:56 - 00225792 ____R () C:\Program Files\Calibre2\DLLs\libxslt.dll
2016-02-26 08:56 - 2016-02-26 08:56 - 01420288 ____R () C:\Program Files\Calibre2\DLLs\libxml2.dll
2016-02-26 08:56 - 2016-02-26 08:56 - 00083968 ____R () C:\Program Files\Calibre2\DLLs\libexslt.dll
2016-02-26 08:46 - 2016-02-26 08:46 - 00054272 ____R () C:\Program Files\Calibre2\plugins2\magick.pyd
2016-02-26 08:56 - 2016-02-26 08:56 - 01596928 ____R () C:\Program Files\Calibre2\DLLs\CORE_RL_magick_.dll
2016-02-26 08:56 - 2016-02-26 08:56 - 00306176 ____R () C:\Program Files\Calibre2\DLLs\CORE_RL_lcms_.dll
2016-02-26 08:46 - 2016-02-26 08:46 - 00068096 ____R () C:\Program Files\Calibre2\plugins2\progress_indicator.pyd
2013-04-12 22:53 - 2013-04-12 22:53 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-09-03 05:20 - 2015-07-23 13:14 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-06 14:33 - 2016-05-06 14:33 - 00136632 ____N () C:\Users\Beaut\AppData\Local\MiPhoneManager\main\MiPlugin4NSIS.dll
2016-05-06 14:33 - 2016-05-06 14:33 - 00018360 ____N () C:\Users\Beaut\AppData\Local\MiPhoneManager\main\MiTrace.dll
2016-05-06 14:33 - 2016-05-06 14:33 - 00065976 ____N () C:\Users\Beaut\AppData\Local\MiPhoneManager\main\MiFramework.dll
2016-05-06 14:33 - 2016-05-06 14:33 - 00099600 ____N () C:\Users\Beaut\AppData\Local\MiPhoneManager\main\zlib1.dll
2016-08-04 21:30 - 2016-08-04 21:30 - 00679624 _____ () C:\Users\Beaut\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-08-14 13:27 - 2015-08-14 13:27 - 02099200 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll
2015-08-14 13:27 - 2015-08-14 13:27 - 01914368 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll
2016-06-18 03:42 - 2016-06-15 14:45 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 03:42 - 2016-06-15 14:45 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-08-17 19:12 - 2016-08-17 19:00 - 00003217 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 199.7.52.190
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.54.72
127.0.0.1 199.7.54.72:80
127.0.0.1 209.34.83.67
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73:443
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 activate-sea.adobe.com

There are 49 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1291846121-857271882-2576323668-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Beaut\AppData\Local\Microsoft\Windows\Themes\Wild Beau\DesktopBackground\1_charlesbergman_whalehumpbackicegarden.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "MMReminderService"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "DFX"
HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\StartupApproved\Run: => "Pushbullet"
HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\StartupApproved\Run: => "Sony PC Companion"
HKU\S-1-5-21-1291846121-857271882-2576323668-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EDBDDB38-7F52-4EAC-8733-2C81DC92942A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{C49D6804-83C2-40B7-8267-A7D202E7ECD9}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{79A249CC-9A99-42FD-8815-124F44121404}] => (Allow) LPort=1689
FirewallRules: [{026AEFD9-9315-40EF-8EAD-02DE9C9E4A47}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{FC758939-1AFE-42D0-BF8B-9B937059EB83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{D518229B-C0B9-4425-BC18-F74E1563F6F4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{10DB9BDF-CEB4-48CE-949D-4A32BFAD0F04}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{B0F729EC-592D-4B4F-96B7-A82EDC5F437A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{F92872F4-CE34-4DC1-AAA6-D3829E7182A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C7819BCD-458B-4524-8EF7-F6F53CAC8C35}] => (Block) %ProgramFiles%\Nitro\Pro 9\Nitro_UpdateService.exe
FirewallRules: [{F5A42FC6-C669-4BD1-BFCA-7FE057CCEC74}] => (Allow) C:\Users\Beaut\AppData\Local\MiPhoneManager\main\MiPCSuite.exe
FirewallRules: [{D9C43907-9527-4333-AB18-5DEECB22405F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0E931F93-F0C7-4DD4-A1B4-7FFE5A692EA2}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{35E8A4EB-4CE0-4A90-B8A5-9346FB68A05A}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F74B19CA-3E9C-4BC8-8F3C-43F16A5FD05C}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{87363658-5191-4EA8-9568-E8A2A8A874BD}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [UDP Query User{6C7CD393-E9D6-4C8F-A29F-414083905AAC}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{1FB789FE-FB95-44C0-9D75-C7044DF96586}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{DDD90D0D-0663-4A60-B233-A20337AA08DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E437D712-2A8E-45A8-BFCD-0B8B97456828}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ECE6B2BD-4577-4A8A-8ABA-E3F96C1EFB19}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2C7002B8-3B6A-4D2B-BE1F-6F4F1F020F10}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{87517770-C48F-4C21-BA4F-A368A3290975}] => (Allow) C:\Program Files (x86)\PlagiarismCheckerX\Update.exe
FirewallRules: [{3D6FD046-BC2A-4B21-8D51-FF5E05F906B5}] => (Allow) C:\Program Files (x86)\PlagiarismCheckerX\Plagiarism Checker X.exe
FirewallRules: [{DE9F2DF1-740C-47F8-AEE9-8CDDC76F2938}] => (Block) %ProgramFiles%\iSpring\Suite 7\activation.exe
FirewallRules: [{93CFB41F-8A72-4832-B114-05B1F49833A0}] => (Block) %ProgramFiles%\iSpring\Suite 7\activation.exe
FirewallRules: [{BC2C45B3-B9D8-45C0-A890-903795B3A0E7}] => (Allow) LPort=8298
FirewallRules: [{CFABF418-6FCD-4BFC-B26B-FF311A0C6AEE}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{79F9C898-04B2-4F41-92B6-90C7940678A5}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{18CF56BF-4A8D-40B8-B9F9-2DAA832C27A1}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{B9E90B41-611A-4D6E-8DD8-E812B5DEA72D}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{FCD22C01-7C99-4BBC-8B46-5664A03292F6}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{99A13D17-6176-4F6B-A114-F3FB133E21E2}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{4F3C604D-A086-4B37-B5BE-6C14829641B4}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{2FB39FE6-B091-40B6-A561-0A6E964D8BDA}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{CC07D19D-6B7C-4870-AD1C-833AEAA2288D}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{59BC9C75-7B16-423A-867E-45467034F8FD}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{969B74E8-5E07-4A82-9DD2-A2730FEC381D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DB587B6D-54CF-4B68-855C-EEF9F05DD7DD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AE168561-DF6C-4B41-8C7D-CBFA6BAA282F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2551FE24-8BEF-4BD8-BC6D-FCB90F2E0C5D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2471F412-1FAF-4E4F-B131-9AFDF6CB0AF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9E150DF2-EEBB-423B-B0AF-ADA802D8AE8D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{01CD5A86-5F56-4493-B598-85C4B963C6F0}] => (Allow) LPort=8317
FirewallRules: [{377989AF-58BD-4F70-A747-316432329DBC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{D3C3D4F6-89D8-4BB2-84CE-BE9277F4A86F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{068E8E47-7EB2-4612-9340-CEE8CC4D012D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{44639265-8CAA-42C9-A1C3-245567428533}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E8C1A876-96DF-4E30-BE84-92995EFC5E36}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{D13C03CC-8A67-4665-ACED-13F5C03A2BE2}C:\users\beaut\appdata\local\temp\cp13792346797687session\cptrustfolder13792346797703\adobecaptivatews] => (Allow) C:\users\beaut\appdata\local\temp\cp13792346797687session\cptrustfolder13792346797703\adobecaptivatews
FirewallRules: [UDP Query User{DA7B7B8C-D30B-4AF2-B074-5B0D44EB9287}C:\users\beaut\appdata\local\temp\cp13792346797687session\cptrustfolder13792346797703\adobecaptivatews] => (Allow) C:\users\beaut\appdata\local\temp\cp13792346797687session\cptrustfolder13792346797703\adobecaptivatews
FirewallRules: [{BFB0FC1C-4F44-4A1D-B6AA-736DAA14F933}] => (Allow) LPort=1688

==================== Restore Points =========================

17-08-2016 18:52:44 Removed Pinnacle Studio 19 - Install Manager.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2016 05:23:12 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (08/24/2016 05:23:12 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (08/24/2016 05:23:07 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (08/24/2016 05:23:07 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (08/24/2016 05:23:02 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (08/24/2016 05:23:02 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (08/24/2016 05:22:57 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (08/24/2016 05:22:57 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (08/24/2016 05:22:52 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).

Error: (08/24/2016 05:22:52 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).


System errors:
=============
Error: (08/24/2016 04:35:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/24/2016 04:35:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/24/2016 04:35:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/24/2016 04:32:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (08/24/2016 04:31:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:09:16 PM on ‎8/‎24/‎2016 was unexpected.

Error: (08/24/2016 06:41:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).

Error: (08/24/2016 06:41:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (08/24/2016 06:40:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (08/24/2016 06:40:20 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.102 with the system
having network hardware address 1C-7B-21-5F-9D-98. Network operations on this system may
be disrupted as a result.

Error: (08/24/2016 12:07:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


==================== Memory info ===========================

Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 48%
Total physical RAM: 8114.26 MB
Available physical RAM: 4193.36 MB
Total Virtual: 32690.26 MB
Available Virtual: 28113.64 MB

==================== Drives ================================

Drive c: (PrasadT) (Fixed) (Total:908.23 GB) (Free:337.2 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.98 GB) (Free:2.5 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8A9B1AA3)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 24 August 2016 - 10:08 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,757 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:16 PM

Posted 24 August 2016 - 10:07 AM

Greetings Beautyspot and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Beautyspot

Beautyspot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 24 August 2016 - 10:12 AM

Hi Gary - Thanks for the quick response. I know your time is valuable and will try to try to make the best use of it. I will follow your instructions to the best of my ability. I would like to let you know that after my earlier post, I found that there has been a windows update (Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3176934)). I have not yet restarted the system though I will be restarting it today night (I am on IST). Please let me know if I have to run the FRST.exe again.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,757 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:16 PM

Posted 24 August 2016 - 11:11 AM

Greetings,

My pleasure to help but we do have one issue to deal with first.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Adobe Acrobat XI Pro, Microsoft Office Professional Plus 2013, and Microsoft Project Professional 2013 and all other products for which you do not have a valid Product Key. If you are willing to do that please rerun a FRST scan with Addition.txt checked and post both logs. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please do this and then rerun a FRST scan with Addition.txt.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Beautyspot

Beautyspot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 24 August 2016 - 11:20 AM

Hi -

I will uninstall them and provide the information tomorrow as I am not in a position to do it today (it is already late night here). I am not sure if addition.txt will be generated again or not as a second run does not seem to produce the file.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,757 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:16 PM

Posted 24 August 2016 - 11:35 AM

Thank you for your understanding and no problem on doing it tomorrow. I am glad of your decision because your computer is compromised but I am confident we can overcome it.

Before you hit Scan on FRST place a check mark in the Addition.txt box and it should produce both reports.

See you tomorrow!
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Beautyspot

Beautyspot
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 24 August 2016 - 11:35 AM

I think it is better to close the topic as it might save me time to reset the windows instead of uninstalling all the software. Thanks for the help.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,757 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:16 PM

Posted 24 August 2016 - 12:17 PM

OK, sorry it didn't work out.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,757 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:16 PM

Posted 24 August 2016 - 12:17 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users