Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing iSkySoft Helper


  • This topic is locked This topic is locked
16 replies to this topic

#1 EmmaE

EmmaE

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 18 August 2016 - 04:53 AM

Hi,

I seem to have the same problem as a few of your other members. I get a pop-up on startup, asking if I want to allow 'iSkysoft Helper Compact' to make changes to my computer.

I can't find the application in the Programs and Features to uninstall it. I've tried removing the folder its in, but it won't allow me to.

 

Help, please.

 

Thank you



BC AdBot (Login to Remove)

 


#2 EmmaE

EmmaE
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 18 August 2016 - 04:59 AM

This is the pop up.

Attached Files



#3 satchfan

satchfan

  • Malware Response Team
  • 2,936 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:02 PM

Posted 18 August 2016 - 08:09 AM

Hello EmmaE and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 EmmaE

EmmaE
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 18 August 2016 - 08:43 AM

Adwcleaner log:

# AdwCleaner v6.000 - Logfile created 18/08/2016 at 14:34:38
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-18.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Emma - EMMA-PC
# Running from : C:\Users\Emma\Desktop\adwcleaner_6.000.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Emma\AppData\Local\FileTypeAssistant
[-] Folder deleted: C:\Users\Emma\AppData\Local\Slick Savings
[-] Folder deleted: C:\Users\Emma\AppData\Local\Free Youtube Downloader
[-] Folder deleted: C:\ProgramData\apn
[-] Folder deleted: C:\ProgramData\ytd video downloader
[#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ytd video downloader
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Youtube Downloader
[-] Folder deleted: C:\Program Files (x86)\AskPartnerNetwork
[-] Folder deleted: C:\Program Files (x86)\GreenTree Applications
[-] Folder deleted: C:\Program Files (x86)\myfree codec
[-] Folder deleted: C:\Program Files (x86)\Free Youtube Downloader
[-] Folder deleted: C:\Users\Emma\AppData\Local\Temp\APN-Stub
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater


***** [ Files ] *****

[-] File deleted: C:\Users\Emma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Youtube Downloader.lnk
[-] File deleted: C:\Users\Emma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Free Youtube Downloader.lnk
[-] File deleted: C:\Windows\SysNative\roboot64.exe
[-] File deleted: C:\Users\Public\Desktop\YTD Video Downloader.lnk
[-] File deleted: C:\Users\Public\Desktop\Free Youtube Downloader.lnk


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key deleted: HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key deleted: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
[-] Key deleted: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\Software\FileTypeAssistant
[-] Key deleted: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\Software\Myfree Codec
[-] Key deleted: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\Software\WEBAPP
[-] Key deleted: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\Software\GreenTree Applications\YTD
[-] Key deleted: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\FileTypeAssistant
[#] Key deleted on reboot: HKCU\Software\Myfree Codec
[#] Key deleted on reboot: HKCU\Software\WEBAPP
[#] Key deleted on reboot: HKCU\Software\GreenTree Applications\YTD
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\Myfree Codec
[-] Key deleted: HKLM\SOFTWARE\PIP
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\uk.ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com


***** [ Web browsers ] *****

[-] [uk.ask.com] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: iagcajndpnfncplednpbnkahadegklfa
[-] [C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: icdlfehblmklkikfigmjhbmmpmkmpooj


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5933 Bytes] - [18/08/2016 14:34:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [5869 Bytes] - [18/08/2016 14:33:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6079 Bytes] ##########

 



#5 EmmaE

EmmaE
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 18 August 2016 - 08:55 AM

JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Professional x64
Ran by Emma (Administrator) on 18/08/2016 at 14:44:34.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 50

Failed to delete: C:\Program Files (x86)\Common Files\innovative solutions (Folder)
Failed to delete: C:\Program Files (x86)\innovative solutions (Folder)
Successfully deleted: C:\ProgramData\innovative solutions (Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\innovative solutions (Folder)
Successfully deleted: C:\Users\Emma\AppData\Roaming\getrighttogo (Folder)
Successfully deleted: C:\Users\Emma\AppData\Roaming\nico mak computing (Folder)
Successfully deleted: C:\Users\Emma\Documents\add-in express (Folder)
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0T2JGMSY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KY0IC08 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PUKSVO0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5CZXW4RG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7077EMGT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DY2M6U28 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYE7DH4Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FH0I50VS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL85EL9A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYUN9K6G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBRIML85 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3SID96U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ORU4A8JZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QA7CT7KS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V6X60YZO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3OZERJ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0T2JGMSY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KY0IC08 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PUKSVO0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5CZXW4RG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7077EMGT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DY2M6U28 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYE7DH4Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FH0I50VS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL85EL9A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYUN9K6G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBRIML85 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3SID96U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ORU4A8JZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QA7CT7KS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V6X60YZO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3OZERJ7 (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\BrowserPlugInHelper (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/08/2016 at 14:54:32.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 EmmaE

EmmaE
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 18 August 2016 - 09:01 AM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2016
Ran by Emma (administrator) on EMMA-PC (18-08-2016 14:57:14)
Running from C:\Users\Emma\Desktop
Loaded Profiles: Emma & UpdatusUser (Available Profiles: Emma & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\GManager.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
() C:\Program Files (x86)\MCT\VGA0007\Utility\MCTUISvr.exe
() C:\Program Files (x86)\Naverisk\Agent\NAS.exe
(Naverisk) C:\Program Files (x86)\Naverisk\Agent\ServiceMonitor.exe
() C:\Program Files\BHL Backup Manager Basic\aua\bin\Aua.exe
() C:\Program Files\BHL Backup Manager Basic\bin\CDPService64.exe
(Sun Microsystems, Inc.) C:\Program Files\BHL Backup Manager Basic\aua\jvm\bin\auaJW.exe
() C:\Program Files\BHL Backup Manager Basic\bin\CDPService64.exe
() C:\Program Files\BHL Backup Manager Basic\bin\Scheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Sun Microsystems, Inc.) C:\Program Files\BHL Backup Manager Basic\jvm\bin\bschJW.exe
(DELL) C:\Program Files (x86)\Dell\Dell KM713 Wireless Keyboard LED Indicator\OSDSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\BHL Backup Manager Basic\bin\SystemTray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(hs2n Informationstechnologie GmbH) C:\Program Files (x86)\Naverisk\Agent\Packages\WindowsUpdatePackage\WindowsUpdate\WindowsUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CyCpIo] => C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2375168 2011-11-08] (Cypress Semiconductor Corporation)
HKLM\...\Run: [CyHidWin] => C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2354176 2011-10-18] (Cypress Semiconductor, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7214696 2011-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2012-03-01] (Dell Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [OBASystemTray] => C:\Program Files\BHL Backup Manager Basic\bin\SystemTray64.exe [516608 2015-06-19] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CDCtr] => C:\Program Files (x86)\Dell\Dell KM713 Wireless Keyboard LED Indicator\CDCtr.exe [412672 2011-10-07] ()
HKLM-x32\...\Run: [DELL_KM713OSD] => C:\Program Files (x86)\Dell\Dell KM713 Wireless Keyboard LED Indicator\LaunchOSDSrv.exe [53248 2011-08-16] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [OBASystemTray] => C:\Program Files\BHL Backup Manager Basic\bin\SystemTray64.exe [516608 2015-06-19] ()
HKLM-x32\...\Run: [gtmpPnt.exe] => C:\Program Files\Targus Mouse\gtmpPnt.exe [2712576 2010-08-19] ()
HKLM-x32\...\Run: [CentraStage] => C:\Program Files (x86)\CentraStage\Gui.exe
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-07-28] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1110232 2016-06-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\Run: [OfficeSyncProcess] => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\Run: [Spotify Web Helper] => C:\Users\Emma\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-25] (Spotify Ltd)
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\Run: [Dropbox Update] => C:\Users\Emma\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2033536 2016-04-11] (Sony)
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\Run: [XperiaCompanion] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2033536 2016-04-11] (Sony)
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-06-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\MountPoints2: {0fab4b97-85ac-11e3-82b8-00dbdf0f1788} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\MountPoints2: {4533a38f-8d06-11e5-9425-00dbdf0f1788} - F:\startme.exe
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\MountPoints2: {456e76f0-354d-11e6-8614-00dbdf0f1788} - F:\GoWire\MPLauncher.exe
HKU\S-1-5-18\...\Run: [OBASystemTray] => C:\Program Files\BHL Backup Manager Basic\bin\SystemTray64.exe [516608 2015-06-19] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241984 2011-11-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203072 2011-11-04] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivSDK Flash Extension.lnk [2013-04-15]
ShortcutTarget: ActivSDK Flash Extension.lnk -> C:\Windows\Installer\{A2A5B613-25DA-49F1-BD6D-80D90DE0EA9D}\NewShortcut1_08A9BB67B3284FEA9EC29BCD3F863A4A.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Naverisk Notification Client.lnk [2016-04-14]
ShortcutTarget: Naverisk Notification Client.lnk -> C:\Program Files (x86)\Naverisk\Agent\TrayClient.exe ()
Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1338738774-438898274-2940287539-1000] => proxy.yhgfl.net:6665
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{34E2A508-904D-4100-B2A0-9D4014089B72}: [DhcpNameServer] 10.106.112.11
Tcpip\..\Interfaces\{A829CEB1-C57F-4D46-AACA-5AE29BF7FBC5}: [DhcpNameServer] 192.168.1.254 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856214105061361&GUID=E6CC24A7-7DA8-4AB0-9556-A4552DEE8220
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856214105061361&GUID=E6CC24A7-7DA8-4AB0-9556-A4552DEE8220
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130856214105081362&GUID=E6CC24A7-7DA8-4AB0-9556-A4552DEE8220
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\S-1-5-21-1338738774-438898274-2940287539-1000 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\0nwld3ry.default
FF Homepage: hxxp://www.google.co.uk/
FF NetworkProxy: "backup.ftp", "proxy.yhgfl.net"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "proxy.yhgfl.net"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "proxy.yhgfl.net"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "proxy.yhgfl.net"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "proxy.yhgfl.net"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.yhgfl.net"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxy.yhgfl.net"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll [2014-11-11] (Musicnotes, Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll [2014-11-11] (Musicnotes, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-11-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-11-03] (NVIDIA Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1338738774-438898274-2940287539-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll [2013-03-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll [2010-04-08] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] ()
FF Extension: KidStart Savings Prompt - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\0nwld3ry.default\extensions\KidStart@KidStart.xpi [2016-06-24]
FF Extension: Flash and Video Download - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\0nwld3ry.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-08-17]
FF Extension: ADB Helper - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\0nwld3ry.default\Extensions\adbhelper@mozilla.org [2016-02-06]
FF Extension: Valence - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\0nwld3ry.default\Extensions\fxdevtools-adapters@mozilla.org [2016-02-24]
FF Extension: Add to Wunderlist - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\0nwld3ry.default\Extensions\jid1-3gu11JeYBiIuJA@jetpack.xpi [2016-01-07]
FF Extension: Pin It button - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\0nwld3ry.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-01-30]
FF Extension: Cashback Notifier - TopCashback.co.uk - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\0nwld3ry.default\Extensions\notifier@topcashback.co.uk.xpi [2016-04-24]
FF Extension: LastPass - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\0nwld3ry.default\Extensions\support@lastpass.com [2016-08-05]
FF Extension: web_clipper - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\0nwld3ry.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-07-27]
FF Extension: Greasemonkey - C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\0nwld3ry.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-05-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-08-02]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.dell.com/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll => No File
CHR Profile: C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-08-06]
CHR Extension: (Google Docs Offline) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (Pinterest Save Button) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-08-02]
CHR Extension: (Right Inbox for Gmail) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2016-08-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR Extension: (Streak CRM for Gmail) - C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2016-06-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159832 2016-08-12] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-11] (Dell Inc.)
R2 GManager; C:\Windows\system32\GManager.exe [310648 2011-08-31] ()
R3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065496 2016-08-12] ()
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 MCTUISvr; C:\Program Files (x86)\MCT\VGA0007\Utility\MCTUISvr.exe [199296 2016-06-21] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 NaveriskAgent; C:\Program Files (x86)\Naverisk\Agent\NAS.exe [2154496 2016-04-14] () [File not signed]
R2 NaveriskServiceMonitor; C:\Program Files (x86)\Naverisk\Agent\ServiceMonitor.exe [323584 2016-04-14] (Naverisk) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 OBAAutoUpdate; C:\Program Files\BHL Backup Manager Basic\aua\bin\Aua.exe [176128 2015-06-19] () [File not signed]
R2 OBACDPService; C:\Program Files\BHL Backup Manager Basic\bin\CDPService64.exe [363520 2015-06-19] () [File not signed]
R2 OBAScheduler; C:\Program Files\BHL Backup Manager Basic\bin\Scheduler.exe [77824 2015-06-19] () [File not signed]
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1871032 2013-03-15] (Microsoft Corporation)
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM713 Wireless Keyboard LED Indicator\OSDSrv.exe [176128 2011-08-16] (DELL) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [File not signed]
S2 Solus3Agent; C:\Program Files\Solus3\AgentService\Sims.Solus3.Agent.AgentService.exe [90112 2013-09-11] (Capita Business Services Ltd) [File not signed]
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 winvnc; C:\Program Files (x86)\Naverisk\Agent\Packages\RemoteControlPackage\WinVNC.exe [1944344 2016-04-14] (UltraVNC)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACTIVhidmini; C:\Windows\System32\DRIVERS\ACTIVhidmini.sys [97680 2011-04-14] (Promethean Technologies Ltd)
R3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [117248 2011-12-08] (Cypress Semiconductor, Inc.)
R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13824 2011-12-08] (Cypress Semiconductor, Inc.)
R3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [79872 2011-12-08] (Cypress Semiconductor, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gtmpDrv; C:\Windows\System32\DRIVERS\gtmpdrv.sys [11968 2010-08-17] ()
S3 gtpkbd; C:\Windows\System32\DRIVERS\gtpkbd.sys [11968 2010-08-17] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [98928 2012-04-01] (Atheros Communications, Inc.)
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [133248 2011-12-16] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2011-11-04] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 prmvmouse; C:\Windows\System32\DRIVERS\activmouse.sys [8080 2011-04-14] (Promethean Technologies Ltd)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [12584 2009-12-15] (SMART Technologies ULC)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [15784 2009-12-15] (SMART Technologies ULC)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [18432 2009-12-15] (SMART Technologies ULC) [File not signed]
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-01-08] (Wondershare)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2014-11-26] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2014-11-26] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2014-11-26] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2014-11-26] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2014-11-26] (Wondershare)
S3 xVGAUSB64; C:\Windows\System32\drivers\xvgausb64.sys [73344 2011-12-23] (Magic Control Technology Corp.)
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-18 14:57 - 2016-08-18 14:57 - 00036484 _____ C:\Users\Emma\Desktop\FRST.txt
2016-08-18 14:56 - 2016-08-18 14:56 - 02394624 _____ (Farbar) C:\Users\Emma\Desktop\FRST64.exe
2016-08-18 14:54 - 2016-08-18 14:54 - 00007976 _____ C:\Users\Emma\Desktop\JRT.txt
2016-08-18 14:43 - 2016-08-18 14:43 - 01610560 _____ (Malwarebytes) C:\Users\Emma\Desktop\JRT.exe
2016-08-18 14:39 - 2016-08-18 14:39 - 00000000 ____D C:\Users\Emma\AppData\Local\iSkysoft
2016-08-18 14:32 - 2016-08-18 14:34 - 00000000 ____D C:\AdwCleaner
2016-08-18 14:31 - 2016-08-18 14:31 - 03784256 _____ C:\Users\Emma\Desktop\adwcleaner_6.000.exe
2016-08-18 10:21 - 2016-08-18 14:57 - 00000000 ____D C:\FRST
2016-08-18 09:39 - 2016-08-18 10:44 - 00003670 _____ C:\Windows\System32\Tasks\AupAvUpdate
2016-08-18 09:39 - 2016-08-18 09:39 - 00001643 _____ C:\Users\Emma\Desktop\Advanced Uninstaller PRO 12.lnk
2016-08-18 09:39 - 2016-08-18 09:39 - 00001527 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk
2016-08-18 09:39 - 2016-08-18 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2016-08-18 09:38 - 2016-08-18 14:49 - 00000340 _____ C:\Windows\Tasks\Health-Check-auto.job
2016-08-18 09:38 - 2016-08-18 10:45 - 00003450 _____ C:\Windows\System32\Tasks\UninstallMonitor
2016-08-18 09:38 - 2016-08-18 10:05 - 00000342 _____ C:\Windows\Tasks\Health-Check-deep.job
2016-08-18 09:38 - 2016-08-18 10:05 - 00000334 _____ C:\Windows\Tasks\Health-Check.job
2016-08-18 09:38 - 2016-08-18 09:38 - 00002916 _____ C:\Windows\System32\Tasks\Health-Check-deep
2016-08-18 09:38 - 2016-08-18 09:38 - 00002908 _____ C:\Windows\System32\Tasks\Health-Check
2016-08-18 09:38 - 2016-08-18 09:38 - 00002612 _____ C:\Windows\System32\Tasks\Health-Check-auto
2016-08-18 09:38 - 2014-03-07 11:25 - 00042496 _____ C:\Windows\SysWOW64\AdvUninstCPL.cpl
2016-08-18 09:37 - 2016-08-18 09:37 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2016-08-18 09:36 - 2016-08-18 09:36 - 19316456 _____ (Innovative Solutions ) C:\Users\Emma\Desktop\Advanced_Uninstaller11.exe
2016-08-18 01:59 - 2016-08-18 01:59 - 00000000 ____D C:\Users\Emma\AppData\Local\CrashDumps
2016-08-17 22:22 - 2016-08-17 22:22 - 00000000 ____D C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-15 21:13 - 2016-08-15 21:13 - 00000000 ____D C:\ProgramData\iSkysoft
2016-08-15 20:58 - 2016-08-15 21:50 - 00000000 ____D C:\Users\Emma\AppData\Roaming\iSkysoft
2016-08-15 20:57 - 2016-08-15 21:50 - 00000000 ____D C:\Users\Public\Documents\iSkysoft
2016-08-12 20:28 - 2016-08-12 20:28 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2016-08-12 20:28 - 2016-08-12 20:28 - 00000000 ____D C:\Program Files\Dell Support Center
2016-08-06 17:09 - 2016-08-06 17:07 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-08-06 17:05 - 2016-08-06 19:17 - 00000000 ____D C:\Users\Emma\AppData\Local\Screencast-O-Matic-v2
2016-08-06 17:05 - 2016-08-06 17:05 - 00000000 ____D C:\Users\Emma\Documents\Screencast-O-Matic
2016-08-06 17:04 - 2016-08-06 17:04 - 00000000 ____D C:\Users\Emma\AppData\Local\Screen Recorder Launcher
2016-08-04 09:28 - 2016-08-04 09:33 - 00000000 ____D C:\ProgramData\Informer Technologies, Inc
2016-08-02 20:30 - 2016-08-02 20:30 - 00000606 _____ C:\Windows\Tasks\Adobe Acrobat Update Task.job
2016-08-02 20:28 - 2016-08-02 21:32 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-08-02 20:28 - 2016-08-02 21:32 - 00002039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-08-02 20:28 - 2016-08-02 20:28 - 00002016 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2016-07-26 22:28 - 2016-07-26 22:28 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-07-26 20:04 - 2016-07-26 20:04 - 00003334 _____ C:\Windows\System32\Tasks\PCDDataUploadTask
2016-07-26 20:04 - 2016-07-26 20:04 - 00003214 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-18 14:53 - 2009-07-14 05:45 - 00030704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-18 14:53 - 2009-07-14 05:45 - 00030704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-18 14:40 - 2016-05-23 10:15 - 00000000 ___RD C:\Dropbox
2016-08-18 14:38 - 2013-04-13 10:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-18 14:37 - 2016-06-21 10:41 - 00002728 _____ C:\Windows\system32\GManager.ini
2016-08-18 14:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-18 14:36 - 2016-02-09 19:26 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-18 14:32 - 2015-09-02 10:18 - 00004962 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Emma-PC-Emma Emma-PC
2016-08-18 14:28 - 2013-04-13 10:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-18 14:16 - 2015-06-19 10:19 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1338738774-438898274-2940287539-1000UA.job
2016-08-18 14:01 - 2013-04-13 11:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-18 10:28 - 2016-04-12 00:22 - 00000000 ____D C:\Users\Emma\AppData\Roaming\AudiverisLtd
2016-08-18 09:58 - 2013-04-13 11:32 - 00002155 _____ C:\Windows\epplauncher.mif
2016-08-18 09:58 - 2013-04-13 11:32 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-08-18 09:57 - 2013-04-13 11:32 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-08-18 09:57 - 2013-04-13 11:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-08-18 09:56 - 2015-08-02 22:49 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-08-18 09:53 - 2013-11-06 12:34 - 00000000 ____D C:\Windows\Minidump
2016-08-18 01:32 - 2015-04-08 23:37 - 00000000 ____D C:\Users\Emma\AppData\Roaming\MuseScore
2016-08-17 22:22 - 2013-04-13 21:16 - 00000000 ____D C:\Users\Emma\AppData\Roaming\Dropbox
2016-08-17 22:17 - 2015-06-19 10:19 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1338738774-438898274-2940287539-1000Core.job
2016-08-16 14:07 - 2015-02-21 17:47 - 00000000 ____D C:\Users\Emma\AppData\Local\Wunderlist
2016-08-15 19:00 - 2013-04-13 17:30 - 00000000 ____D C:\Users\Emma\.temp
2016-08-12 20:28 - 2014-04-21 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-08-12 17:49 - 2009-07-14 06:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-12 17:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-08-11 15:41 - 2013-11-03 01:38 - 00000000 ____D C:\Users\Emma\AppData\Roaming\Audacity
2016-08-09 21:29 - 2013-04-13 10:54 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-06 17:26 - 2014-01-21 09:39 - 00000000 ____D C:\ProgramData\Oracle
2016-08-06 17:10 - 2013-07-07 20:43 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-06 17:09 - 2016-04-12 22:38 - 00002488 _____ C:\Users\Emma\Desktop\Audiveris.lnk
2016-08-06 17:09 - 2016-04-12 22:21 - 00000000 ____D C:\Program Files\Java
2016-08-06 17:09 - 2016-04-12 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-06 17:07 - 2016-04-12 22:21 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-08-06 17:07 - 2015-09-13 16:43 - 00000000 ____D C:\Users\Emma\.oracle_jre_usage
2016-08-06 17:05 - 2016-04-12 22:19 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-08-06 16:54 - 2009-07-14 05:45 - 00533552 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-05 17:53 - 2013-04-13 09:40 - 00166912 _____ C:\Users\Emma\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-04 10:15 - 2015-09-02 16:32 - 00000000 ____D C:\Users\Emma\Documents\Custom Office Templates
2016-08-04 09:43 - 2016-06-18 14:44 - 00000000 ____D C:\ProgramData\SMART Technologies
2016-08-04 09:43 - 2016-06-10 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-03 18:36 - 2014-08-13 09:03 - 00000000 ____D C:\Users\Emma\AppData\Local\Adobe
2016-08-03 15:31 - 2016-02-13 18:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-02 20:32 - 2013-04-13 11:29 - 00000000 ____D C:\Users\Emma\AppData\Roaming\Adobe
2016-08-02 20:31 - 2013-04-13 11:42 - 00000000 ____D C:\ProgramData\Adobe
2016-08-02 20:30 - 2014-04-21 17:02 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-08-02 20:12 - 2013-04-13 11:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-28 23:23 - 2013-04-13 10:53 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 23:23 - 2013-04-13 10:53 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-26 20:03 - 2013-04-13 06:20 - 00000000 ____D C:\ProgramData\PCDr

==================== Files in the root of some directories =======

2013-04-15 08:56 - 2013-04-15 08:56 - 0006107 _____ () C:\Program Files (x86)\SIMSInfrastructure.LOG
2014-08-18 00:55 - 2014-08-18 00:56 - 0596980 _____ () C:\Users\Emma\AppData\Roaming\Scorch_Install.log
2014-04-21 12:05 - 2014-04-21 12:05 - 0000044 _____ () C:\Users\Emma\AppData\Roaming\WB.CFG
2016-04-04 22:10 - 2016-04-04 22:11 - 54909824 _____ (Sony) C:\Users\Emma\AppData\Local\pcc.exe
2013-12-16 00:36 - 2014-12-07 23:08 - 0000600 _____ () C:\Users\Emma\AppData\Local\PUTTY.RND
2014-11-04 21:55 - 2014-11-04 21:55 - 0008949 _____ () C:\Users\Emma\AppData\Local\recently-used.xbel
2015-04-11 12:19 - 2015-09-06 12:48 - 0007622 _____ () C:\Users\Emma\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Emma\AppData\Local\Temp\libeay32.dll
C:\Users\Emma\AppData\Local\Temp\msvcr120.dll
C:\Users\Emma\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-26 01:59

==================== End of FRST.txt ============================


Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by Emma (18-08-2016 14:58:05)
Running from C:\Users\Emma\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-04-12 21:24:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

aaglocal (S-1-5-21-1338738774-438898274-2940287539-500 - Administrator - Enabled)
Emma (S-1-5-21-1338738774-438898274-2940287539-1000 - Administrator - Enabled) => C:\Users\Emma
Guest (S-1-5-21-1338738774-438898274-2940287539-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1338738774-438898274-2940287539-1002 - Limited - Enabled)
Sonos (S-1-5-21-1338738774-438898274-2940287539-1005 - Limited - Enabled)
UpdatusUser (S-1-5-21-1338738774-438898274-2940287539-1007 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 20.2.1 - HP Inc.) Hidden
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
ActivDriver x64 v5.7 (HKLM\...\{A2A5B613-25DA-49F1-BD6D-80D90DE0EA9D}) (Version: 5.7.25 - Promethean)
ActivInspire v1 (HKLM-x32\...\{D292E0F0-07D0-47B6-8B50-BCEBE67A17C4}) (Version: 1.8.64868 - Promethean)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe PDF iFilter 11 for 64-bit platforms (HKLM\...\{BA5C0CC3-421B-4AE5-9370-1650D1941F30}) (Version: 11.0.00 - Adobe)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Advanced Uninstaller PRO - Version 12 (HKLM-x32\...\AU11_is1) (Version: 12.14.0.50 - Innovative Solutions)
AirServer Universal (x64) (Version: 4.0.31 - App Dynamic) Hidden
AirServer Universal (x64) 4.0.31 (HKLM-x32\...\{73d28dd8-64ca-4c40-970e-62004f8767d0}) (Version: 4.0.31 - AppDynamic ehf)
Amazon Kindle (HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\Amazon Amazon Music) (Version: 4.3.0.1330 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AxCrypt 1.7.2976.0 (HKLM\...\{F28219BA-0FBA-4515-AA4D-DF55EA186C6A}) (Version: 1.7.2976.0 - Axantum Software AB)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) Hidden
BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)
BDE 5.11 for SIMS Workstation Setup (HKLM-x32\...\{0FFC8EC3-38F4-4A3B-9D2D-6A56DDF4C97C}) (Version:  - )
BirchenallHowden Backup (HKLM\...\BirchenallHowden Backup Manager Basic_is1) (Version: 6.11.0.0 - BirchenallHowden Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Communicate In Print 2.80.625 (HKLM-x32\...\{14DBEC87-6278-4787-8F14-2279CEB3AE11}) (Version: 2.80.625 - Widgit Software)
cw1allfonts (HKLM-x32\...\{6572D9DF-D25D-4D39-AE22-1530B7BA71BD}) (Version: 1.0 - CCW Resources)
Cypress TrackPad (HKLM\...\{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1) (Version: 2.3.6.26 - Cypress Semiconductor, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell KM713 Wireless Keyboard LED Indicator (HKLM-x32\...\{AF6CD1CF-11E8-4C9F-9644-1A469A499E50}) (Version: 1.0.1.20111007 - Dell)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dropbox (HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\Dropbox) (Version: 8.4.19 - Dropbox, Inc.)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FileZilla Client 3.7.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.0.1 - FileZilla Project)
FontForge version 07-04-2016 (HKLM-x32\...\{56748B9C-19AE-4689-B8C5-5A45AE0A993A}_is1) (Version: 07-04-2016 - FontForgeBuilds)
Free YouTube Downloader 4.1.528 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.19) (Version: 9.19 - Artifex Software Inc.)
HitFilm 3 Express (HKLM\...\{779F4B16-E618-418B-9F74-D9278121D318}) (Version: 3.1.5110.13555 - FXhome)
Instagram Downloader (HKLM-x32\...\{9DFA525A-6D12-444B-8F5A-63E2947FFC5D}) (Version: 2.3.0.0 - iWesoft)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.52.4 - JMicron Technology Corp.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 PowerPivot for Excel  32-bit (HKLM-x32\...\{4CFC749F-E178-42C7-8095-796C5814C9C3}) (Version: 11.1.3129.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-GB)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 en-GB)) (Version: 45.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{4F0E15EA-F64C-11E5-9992-E717EA7DB0C8}) (Version: 2.0.3 - Werner Schweer and Others)
Musicnotes Player V1.40.3 and Viewer V1.20.0 (HKLM-x32\...\Musicnotes Player_is1) (Version: 1.40.3 - Musicnotes Inc.)
Naverisk Agent (HKLM-x32\...\NaveriskAgent) (Version:  - )
NVIDIA 3D Vision Driver 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.77 - NVIDIA Corporation)
NVIDIA Graphics Driver 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
Out of the Ark Ltd S!ngchronize Player (HKLM-x32\...\{6B62621C-1A51-4C9B-8E40-AC0F1123BD70}) (Version: 2.09.0 - Out of the Ark Ltd)
Out of the Ark Ltd S!ngchronize Player (HKLM-x32\...\{7B961ABE-4BB6-41BB-8427-A2BA5ED76975}) (Version: 2.10.0 - Out of the Ark Ltd)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{DD393E4D-76FA-4CCD-84F3-CD9D75C14862}) (Version: 4.0.10 - dotPDN LLC)
Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)
PitchWizard (HKLM-x32\...\PitchWizard) (Version: 1.1 - UNKNOWN)
PitchWizard (x32 Version: 1.1 - UNKNOWN) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.26 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6383 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Screen Recorder Launcher (HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\ScreenRecorderLauncher) (Version: 2.0 - )
Sibelius Scorch (ActiveX Only) (HKLM-x32\...\{868291A4-229E-4795-B0B0-E60E87AF53CD}) (Version: 6.2.0 - Sibelius Software)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SOLUS 3 Agent (HKLM\...\{3E5AB51F-4BF8-46E3-BA9A-98E59DE72324}) (Version: 3.6.94.0 - Capita Business Services Ltd)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 29.5.90191 - Sonos, Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.0.4.5 - Splashtop Inc.)
Spotify (HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Targus Mouse (HKLM-x32\...\{D099F38B-96D6-4456-BD99-A77C7FE464D9}) (Version: 1.00.00 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
TempoPerfect Metronome Software (HKLM-x32\...\TempoPerfect) (Version: 3.06 - NCH Software)
Tesseract-OCR - open source OCR engine (HKLM-x32\...\Tesseract-OCR) (Version: 3.05.00dev-205-ge205c59 - Tesseract-OCR community)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Unified Remote (HKLM-x32\...\{71A521AE-CCAE-43B0-8439-369AC1615B34}) (Version: 2.14.3.0 - Unified Remote)
USB 2.0 VGA Device (Multiple) 11.06.1223.0153 (HKLM-x32\...\{04A1E855-4EBF-417D-87FF-2F085CA534A0}) (Version: 11.06.1223.0153 - StarTech)
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wunderlist - Wunderlist (HKLM-x32\...\Wunderlist Wunderlist) (Version: 3.4.3 - Wunderlist)
Xperia Companion (HKLM-x32\...\{69fb49e3-2848-40e8-9fdd-8f02e02c327a}) (Version: 1.1.24.0 - Sony)
Xperia Companion (x32 Version: 1.1.24.0 - Sony) Hidden
Yammer Notifier (HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\8c3c8c06fefda92b) (Version: 1.0.0.589 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1338738774-438898274-2940287539-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1338738774-438898274-2940287539-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1338738774-438898274-2940287539-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1338738774-438898274-2940287539-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1338738774-438898274-2940287539-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1338738774-438898274-2940287539-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1338738774-438898274-2940287539-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1338738774-438898274-2940287539-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1338738774-438898274-2940287539-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1338738774-438898274-2940287539-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1338738774-438898274-2940287539-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1338738774-438898274-2940287539-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1338738774-438898274-2940287539-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Emma\AppData\Roaming\Dropbox\bin\DropboxExt64.40.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C99B236-C3D5-4224-B68B-0846029ADA84} - System32\Tasks\Health-Check-auto => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: {0D7C31DD-F1A9-47ED-8FF9-40E9349B4682} - System32\Tasks\{11869070-6A10-4A83-9B52-870725F53DB7} => pcalua.exe -a G:\AutoRun.exe -d G:\ -c "WOS_Cracking\WOS Cracking\woscracking.exe" /noreg /hide
Task: {0E198DE1-D6A5-411C-948A-37DC473669BF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {0FB12E98-2CF1-4258-B6E1-10FC1D2E175F} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: {26B843FE-8F3C-483E-908F-E909F5808AF4} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-03-15] (Microsoft Corporation)
Task: {290E4A12-38D7-4864-B4CD-EAE0F6926A2B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {3C1A6EE7-5AAC-497D-ACF2-F24CFD4FC219} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1338738774-438898274-2940287539-1000UA => C:\Users\Emma\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {3EBC2C6D-E5EA-46AD-928B-EE0FDCAB25FF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1338738774-438898274-2940287539-1000Core => C:\Users\Emma\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {40C0950A-C5CB-4E88-8469-82FE0E7629E7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {435629C7-27F0-4188-9AD4-7B2E16568ABE} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: {493ACD5D-A182-4C02-B994-C7B550F659D1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {636ECE4F-ABA1-484E-8959-2D5CBD6F3267} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-15] (Adobe Systems Incorporated)
Task: {69BE50F0-6AC4-4595-91BE-768CA6CDE086} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
Task: {9C7D1679-0070-45D5-9DA0-944F997C8341} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Task: {A17EB71E-E871-4662-877C-3B4C633EDAA9} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {AB2313B1-8123-44D9-B4B7-8FBD26A7B37F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {ABEB0F87-7242-453D-B248-802C56A6B14B} - System32\Tasks\{12F14BB9-B5C7-4607-9EF1-9CD330F3D029} => pcalua.exe -a "C:\Program Files (x86)\Naverisk\Agent\NAS.exe" -c uninstall
Task: {ADEDCC2E-F4A3-4086-8B2E-016EB07FBBF8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {BC38AAEC-C1FE-4469-9A36-217A24123C3A} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {BD508128-C27D-46A8-990C-59148D8F3B42} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Emma-PC-Emma Emma-PC => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {C50AC642-0EB2-418A-8B34-75C6CB0A7138} - System32\Tasks\{6D230A30-9390-4152-8208-2F19BEC1B08A} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.3.0.105&LastError=12002
Task: {DD45A98B-BCD3-4A29-8F24-1C044C3C04F5} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
Task: {E1F285E1-4491-4F61-A5B8-0F59481B18B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {E3203697-B403-4FDA-AF41-58129F54533C} - System32\Tasks\AupAvUpdate => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe
Task: {F4F34EA4-546B-4C03-8C6A-4B11512A63C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1338738774-438898274-2940287539-1000Core.job => C:\Users\Emma\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1338738774-438898274-2940287539-1000UA.job => C:\Users\Emma\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Health-Check-auto.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\Windows\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: C:\Windows\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Instagram Downloader\Instagram Downloader Website.lnk -> hxxp://www.iwesoft.com/productinfo.php?id=35

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-21 10:41 - 2011-08-31 14:06 - 00310648 _____ () C:\Windows\system32\GManager.exe
2016-06-21 10:41 - 2011-05-03 18:13 - 00199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
2016-06-21 10:40 - 2016-06-21 10:40 - 00199296 _____ () C:\Program Files (x86)\MCT\VGA0007\Utility\MCTUISvr.exe
2014-05-08 14:32 - 2016-04-14 14:52 - 02154496 _____ () C:\Program Files (x86)\Naverisk\Agent\NAS.exe
2013-04-13 17:28 - 2015-06-19 02:01 - 00176128 _____ () C:\Program Files\BHL Backup Manager Basic\aua\bin\Aua.exe
2013-04-13 17:28 - 2015-06-19 02:01 - 00363520 _____ () C:\Program Files\BHL Backup Manager Basic\bin\CDPService64.exe
2013-04-13 17:28 - 2015-04-17 03:32 - 00261120 _____ () C:\Program Files\BHL Backup Manager Basic\aua\lib\WinUtil64.dll
2013-04-13 17:28 - 2015-06-19 02:01 - 00261120 _____ () C:\Program Files\BHL Backup Manager Basic\bin\WinUtil64.dll
2013-04-13 17:28 - 2015-06-19 02:01 - 00103424 _____ () C:\Program Files\BHL Backup Manager Basic\bin\ComputerActivityObserver64.dll
2013-04-13 17:28 - 2015-06-19 02:01 - 00069120 _____ () C:\Program Files\BHL Backup Manager Basic\bin\FileSysUtilWinX64.dll
2013-04-13 17:28 - 2015-06-19 02:01 - 00077824 _____ () C:\Program Files\BHL Backup Manager Basic\bin\Scheduler.exe
2013-04-16 14:02 - 2013-02-21 02:30 - 00373416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-04-16 14:02 - 2013-03-15 00:08 - 00516264 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-04-16 14:02 - 2013-03-15 00:09 - 00608400 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-01-21 21:07 - 2014-01-21 21:07 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-08-18 09:38 - 2016-08-12 13:02 - 01065496 _____ () C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe
2013-04-13 17:28 - 2015-06-19 02:01 - 00516608 _____ () C:\Program Files\BHL Backup Manager Basic\bin\SystemTray64.exe
2016-04-14 14:53 - 2016-04-14 14:53 - 00586522 _____ () C:\Program Files (x86)\Naverisk\Agent\Packages\EventLogScanPackage\EventLogScanPackage.dll
2016-04-14 14:53 - 2016-04-14 14:53 - 00561978 _____ () C:\Program Files (x86)\Naverisk\Agent\Packages\FilePackage\FilePackage.dll
2016-04-14 14:52 - 2016-04-14 14:52 - 00459654 _____ () C:\Program Files (x86)\Naverisk\Agent\Packages\HardwareScanPackage\HardwareScanPackage.dll
2016-04-14 14:53 - 2016-04-14 14:53 - 00742262 _____ () C:\Program Files (x86)\Naverisk\Agent\Packages\OperatingSystemScanPackage\OperatingSystemScanPackage.dll
2016-04-14 14:53 - 2016-04-14 14:53 - 00631798 _____ () C:\Program Files (x86)\Naverisk\Agent\Packages\PerformanceMonitorPackage\PerformanceMonitorPackage.dll
2016-04-14 14:53 - 2016-04-14 14:53 - 00459440 _____ () C:\Program Files (x86)\Naverisk\Agent\Packages\PortMonitorPackage\PortMonitorPackage.dll
2016-04-14 14:53 - 2016-04-14 14:53 - 00598850 _____ () C:\Program Files (x86)\Naverisk\Agent\Packages\RemoteConsolePackage\RemoteConsolePackage.dll
2016-04-14 14:53 - 2016-04-14 14:53 - 00709288 _____ () C:\Program Files (x86)\Naverisk\Agent\Packages\RemoteControlPackage\RemoteControlPackage.dll
2016-04-14 14:53 - 2016-04-14 14:53 - 00488312 _____ () C:\Program Files (x86)\Naverisk\Agent\Packages\SoftwareScanPackage\SoftwareScanPackage.dll
2016-04-14 14:53 - 2016-04-14 14:53 - 02057072 _____ () C:\Program Files (x86)\Naverisk\Agent\Packages\WindowsUpdatePackage\WindowsUpdatePackage.dll
2014-11-03 13:58 - 2014-11-03 13:58 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5254e1c1ddeefd3d7293359b4944baca\IsdiInterop.ni.dll
2013-04-13 11:37 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-01-23 08:55 - 2014-01-23 08:55 - 08878248 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NaveriskAgent => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NaveriskServiceMonitor => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE trusted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-04-21 13:09 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15460 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1338738774-438898274-2940287539-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2436C601-C58E-4B3D-A4EF-7442AC267573}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{06737A74-7348-4E9E-A23B-D2BB196E5425}C:\program files\bhl backup manager basic\jvm\bin\bjw.exe] => (Allow) C:\program files\bhl backup manager basic\jvm\bin\bjw.exe
FirewallRules: [UDP Query User{18DC5A96-9341-4E67-85DB-CE7B7F9C9A59}C:\program files\bhl backup manager basic\jvm\bin\bjw.exe] => (Allow) C:\program files\bhl backup manager basic\jvm\bin\bjw.exe
FirewallRules: [TCP Query User{4DD7412D-07D3-49C0-85CD-09BF6B4DCAF4}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{F8B591B4-882F-4BF5-BE95-B3A666AE0B42}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{AA77D5F1-6CB8-488D-97ED-47D38B87AD02}C:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4F0028C5-5112-48C2-9FCC-AC8031C71DA2}C:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\emma\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C95BEA62-978E-451F-9F76-F65E3605DC4D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6112ABDC-636C-4911-9BDA-8F6CD77C34B6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A3FB9C0-B962-4B73-9865-EE1A478992F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81957B44-DD82-44C4-9B3D-3396F8CF5BB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{AA7A0C31-D6AC-44A3-89AC-E933A9F0B885}C:\users\emma\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emma\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{12FDAF94-D02E-4C72-9B4A-E7CDBFB6C2B3}C:\users\emma\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emma\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0763C9E8-3A79-4518-B3DA-A64B130ED4C7}] => (Allow) C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5279456F-E888-42DD-BC8E-43772F3091ED}] => (Allow) C:\Users\Emma\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{F57568DE-85EC-4F50-AF02-016258DB9C2A}C:\users\emma\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emma\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C4836A9B-A644-4BFE-AD17-95D64CB06462}C:\users\emma\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emma\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DF730A81-3ED1-4EB6-BAEA-3F9A52856A17}] => (Allow) C:\Program Files\TightVNC\tvnviewer.exe
FirewallRules: [{819053BB-73AE-461D-8F5D-E550C838E7D6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2A618E30-8A33-47E4-A339-D8C2673DB7C7}] => (Allow) LPort=2869
FirewallRules: [{CF8602D1-1755-49C8-A532-960A9EF9DBD5}] => (Allow) LPort=1900
FirewallRules: [{D2587ACD-D1D4-4B2A-99A0-C3E928D08A04}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{B3CDBF1D-2228-4D67-8F00-281175D4BCF9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{27EF8B58-5523-46C2-AAF6-408E5C2A18F8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{937C8648-1F13-4FA0-9CCD-D9C1563A8B36}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{FA48945C-9F54-4888-92B7-561695F5F21B}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [{4F5F23B3-1F3B-4885-9853-0E43623765EA}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [{F03F9E71-AFCB-49FF-97CA-019461EE0DEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8904FFE4-D09A-471D-860D-57E92E426501}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62DB61C0-9673-49B0-940D-60ADA480B265}] => (Allow) C:\Users\Emma\AppData\Local\Temp\nse1752.tmp\CnetInstaller-10702958.exe
FirewallRules: [{6BCE5615-F64B-44B2-BABC-6B9AEB426D73}] => (Allow) C:\Users\Emma\AppData\Local\Temp\nse1752.tmp\CnetInstaller-10702958.exe
FirewallRules: [{9A865178-406C-4C3B-829E-6658BFD2CCD2}] => (Allow) C:\Users\Emma\AppData\Local\Temp\nskEC1E.tmp\CnetInstaller-10702958.exe
FirewallRules: [{F9FF693D-283F-41C5-8C01-75D4379B3D5B}] => (Allow) C:\Users\Emma\AppData\Local\Temp\nskEC1E.tmp\CnetInstaller-10702958.exe
FirewallRules: [{6370B154-3CC5-44A4-8759-F8F0C39F9161}] => (Allow) C:\Users\Emma\AppData\Local\Temp\nsm89B4.tmp\CnetInstaller-10967793.exe
FirewallRules: [{B59FE504-33DC-44D1-96BE-6CA79769554D}] => (Allow) C:\Users\Emma\AppData\Local\Temp\nsm89B4.tmp\CnetInstaller-10967793.exe
FirewallRules: [{0D95DB44-B7F7-4003-ABD4-642BF6E79B73}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{75904CD7-4FF6-4192-ABDA-15EE5CE6D962}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{A263F603-2EAD-449A-A01F-0B9537B9F6B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{38C7119B-63EC-4F5F-AB3A-5FA1DE29D601}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{79D3D74D-6F1A-4938-9347-52DB2ACAF537}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3F8ABD2A-505E-4BF1-966F-4BB2170D48CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{293C50C3-B2E1-4B4F-9CF5-F89072F45910}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7953D2D1-7D3A-49F7-9B3A-9A2D5B20A33B}] => (Allow) C:\Program Files\App Dynamic\AirServer\AirServer.exe
FirewallRules: [{359E2174-5FE8-43D0-A6C7-B3BF1A92DC40}] => (Allow) C:\Program Files\App Dynamic\AirServer\AirServer.exe
FirewallRules: [{DF5D943C-A7E6-4333-959D-417938E9A4E2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3927EA3E-4197-429E-9712-F00113EF95E4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{285AE0A5-95B2-4378-AE80-7DD3A5964CB7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F6BE18D2-48D7-4996-A797-531D3E1D7668}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9C256A14-BD54-4F71-BFDE-BBB4B1A885A0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{5D197BF6-340C-4401-A634-748D02AA0BCA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AF2A5D3D-F440-4101-8932-598DCBFF17A2}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{A7CD2A9B-D7F0-4E32-B3F9-0BB024A696ED}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A40525EE-93FD-4AE2-A0B5-FD2DE8403D46}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{0A0C47B8-8D56-402D-A118-3BBEE30C48B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F0341F3F-FBF0-4C6C-A5B4-D52451F68E2E}C:\program files\solus3\agentservice\sims.solus3.agent.ui.exe] => (Allow) C:\program files\solus3\agentservice\sims.solus3.agent.ui.exe
FirewallRules: [UDP Query User{4811C088-AE05-4CEF-B9E4-1395C191075C}C:\program files\solus3\agentservice\sims.solus3.agent.ui.exe] => (Allow) C:\program files\solus3\agentservice\sims.solus3.agent.ui.exe
FirewallRules: [{67FEA35F-3939-4858-B984-24DD1EC0A25C}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe

==================== Restore Points =========================

04-08-2016 09:33:37 Removed SMART Product Update.
04-08-2016 09:38:51 Removed SMART Product Drivers.
04-08-2016 09:40:48 Removed SMART Notebook.
18-08-2016 09:38:34 After installing Advanced Uninstaller PRO
18-08-2016 09:55:29 Windows Update
18-08-2016 14:45:16 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2016 02:38:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2016 02:33:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2016 10:06:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2016 09:19:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2016 02:12:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (08/18/2016 02:12:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (08/18/2016 02:12:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/18/2016 01:59:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdobeARM.exe, version: 1.824.19.1728, time stamp: 0x576e42d2
Faulting module name: logsession.dll_unloaded, version: 0.0.0.0, time stamp: 0x57974606
Exception code: 0xc0000005
Fault offset: 0x53b6d4e2
Faulting process id: 0x21f0
Faulting application start time: 0xAdobeARM.exe0
Faulting application path: AdobeARM.exe1
Faulting module path: AdobeARM.exe2
Report Id: AdobeARM.exe3

Error: (08/18/2016 01:59:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdobeARM.exe, version: 1.824.19.1728, time stamp: 0x576e42d2
Faulting module name: logsession.dll_unloaded, version: 0.0.0.0, time stamp: 0x57974606
Exception code: 0xc0000005
Fault offset: 0x53bb5ae8
Faulting process id: 0x21f0
Faulting application start time: 0xAdobeARM.exe0
Faulting application path: AdobeARM.exe1
Faulting module path: AdobeARM.exe2
Report Id: AdobeARM.exe3

Error: (08/17/2016 06:12:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1092


System errors:
=============
Error: (08/18/2016 02:49:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Naverisk Remote Control service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/18/2016 02:49:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/18/2016 02:43:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (08/18/2016 02:38:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Solus3 Agent Service service to connect.

Error: (08/18/2016 02:37:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (08/18/2016 02:37:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Print Spooler service to connect.

Error: (08/18/2016 02:34:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (08/18/2016 02:34:18 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056 = An instance of the service is already running.

Error: (08/18/2016 02:33:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/18/2016 02:33:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-01-12 11:47:32.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-12 11:46:14.730
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-10 22:27:02.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-10 22:26:57.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-13 12:46:56.777
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-13 12:45:31.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-20 16:32:27.213
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-20 14:45:05.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 13:27:26.459
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 13:26:01.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 68%
Total physical RAM: 6038.17 MB
Available physical RAM: 1917.81 MB
Total Virtual: 12074.54 MB
Available Virtual: 8478.06 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:350.31 GB) (Free:49.86 GB) NTFS
Drive d: (Data) (Fixed) (Total:348.22 GB) (Free:195.96 GB) NTFS
Drive z: (Offline) (Network) (Total:350.31 GB) (Free:49.86 GB) CSC-CACHE

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 62B50F4B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=350.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=348.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#7 EmmaE

EmmaE
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 18 August 2016 - 09:02 AM

Thank you!



#8 satchfan

satchfan

  • Malware Response Team
  • 2,936 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:02 PM

Posted 18 August 2016 - 09:51 AM

You're welcome.

 

Did you set this proxy server?

 

ProxyServer: [S-1-5-21-1338738774-438898274-2940287539-1000] => proxy.yhgfl.net:6665


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 EmmaE

EmmaE
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 18 August 2016 - 10:33 AM

This is the one that is used at work, set by the computer admins



#10 satchfan

satchfan

  • Malware Response Team
  • 2,936 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:02 PM

Posted 18 August 2016 - 11:11 AM

OK thanks. BTW, out of curiosity, what is "WOS Cracking"?

 

Let's get rid of iSkysoft.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\MountPoints2: {0fab4b97-85ac-11e3-82b8-00dbdf0f1788} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\MountPoints2: {4533a38f-8d06-11e5-9425-00dbdf0f1788} - F:\startme.exe
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\MountPoints2: {456e76f0-354d-11e6-8614-00dbdf0f1788} - F:\GoWire\MPLauncher.exe
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
2016-08-18 14:39 - 2016-08-18 14:39 - 00000000 ____D C:\Users\Emma\AppData\Local\iSkysoft
2016-08-15 21:13 - 2016-08-15 21:13 - 00000000 ____D C:\ProgramData\iSkysoft
2016-08-15 20:58 - 2016-08-15 21:50 - 00000000 ____D C:\Users\Emma\AppData\Roaming\iSkysoft
2016-08-15 20:57 - 2016-08-15 21:50 - 00000000 ____D C:\Users\Public\Documents\iSkysoft
C:\Program Files (x86)\Common Files\iSkysoft
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

===================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button.
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes.
  • after the restart once you are back at your desktop, open MBAM once more
  • click on the “History” tab, the “Application Logs”
  • double-click on the scan log which shows the date and time of the scan just performed.
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

Logs to include with next post:

Fixlog.txt
Mbam.txt


Can you tell me if that has solved the problem.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 EmmaE

EmmaE
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 18 August 2016 - 11:31 AM

OK thanks. BTW, out of curiosity, what is "WOS Cracking"?

 

Its a program from Out of The Ark, and educational company. Full name 'Words On Screen, A Cracking Christmas Edition'. It displays the lyrics of the songs on the screen for use with a whiteboard.


Log 1

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by Emma (18-08-2016 17:15:07) Run:1
Running from C:\Users\Emma\Desktop
Loaded Profiles: Emma & UpdatusUser (Available Profiles: Emma & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\MountPoints2: {0fab4b97-85ac-11e3-82b8-00dbdf0f1788} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\MountPoints2: {4533a38f-8d06-11e5-9425-00dbdf0f1788} - F:\startme.exe
HKU\S-1-5-21-1338738774-438898274-2940287539-1000\...\MountPoints2: {456e76f0-354d-11e6-8614-00dbdf0f1788} - F:\GoWire\MPLauncher.exe
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
2016-08-18 14:39 - 2016-08-18 14:39 - 00000000 ____D C:\Users\Emma\AppData\Local\iSkysoft
2016-08-15 21:13 - 2016-08-15 21:13 - 00000000 ____D C:\ProgramData\iSkysoft
2016-08-15 20:58 - 2016-08-15 21:50 - 00000000 ____D C:\Users\Emma\AppData\Roaming\iSkysoft
2016-08-15 20:57 - 2016-08-15 21:50 - 00000000 ____D C:\Users\Public\Documents\iSkysoft
C:\Program Files (x86)\Common Files\iSkysoft
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iSkysoft Helper Compact.exe => value removed successfully
"HKU\S-1-5-21-1338738774-438898274-2940287539-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fab4b97-85ac-11e3-82b8-00dbdf0f1788}" => key removed successfully
HKCR\CLSID\{0fab4b97-85ac-11e3-82b8-00dbdf0f1788} => key not found.
"HKU\S-1-5-21-1338738774-438898274-2940287539-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4533a38f-8d06-11e5-9425-00dbdf0f1788}" => key removed successfully
HKCR\CLSID\{4533a38f-8d06-11e5-9425-00dbdf0f1788} => key not found.
"HKU\S-1-5-21-1338738774-438898274-2940287539-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{456e76f0-354d-11e6-8614-00dbdf0f1788}" => key removed successfully
HKCR\CLSID\{456e76f0-354d-11e6-8614-00dbdf0f1788} => key not found.
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => not found.
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found.
C:\Users\Emma\AppData\Local\iSkysoft => moved successfully
C:\ProgramData\iSkysoft => moved successfully
C:\Users\Emma\AppData\Roaming\iSkysoft => moved successfully
C:\Users\Public\Documents\iSkysoft => moved successfully
C:\Program Files (x86)\Common Files\iSkysoft => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 152595453 B
Java, Flash, Steam htmlcache => 79696 B
Windows/system/drivers => 6554411 B
Edge => 0 B
Chrome => 708254081 B
Firefox => 383553125 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42304110 B
systemprofile32 => 74794 B
LocalService => 66228 B
NetworkService => 154933709 B
Emma => 496926370 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B

RecycleBin => 54747456 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:18:14 ====



#12 EmmaE

EmmaE
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 18 August 2016 - 12:14 PM

Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18/08/2016
Scan Time: 17:31
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.02.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Emma

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 422130
Time Elapsed: 41 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OpenCandy, C:\Users\Emma\Downloads\FreeYouTubeDownloaderOC.exe, Quarantined, [6ef8baa77722ef474a2b70ecc23eb34d],

Physical Sectors: 0
(No malicious items detected)


(end)



#13 EmmaE

EmmaE
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 18 August 2016 - 12:26 PM

I've restarted and the pop up has gone. I've also checked in the folder and it has gone too.

 

So, it looks like you've solved it, thank you very much.



#14 satchfan

satchfan

  • Malware Response Team
  • 2,936 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:02 PM

Posted 18 August 2016 - 02:45 PM

Its a program from Out of The Ark, and educational company. Full name 'Words On Screen, A Cracking Christmas Edition'. It displays the lyrics of the songs on the screen for use with a whiteboard.

Thank you, I must admit it had me intrigued.

Glad all is well. As long as your computer seems to be running well, please do the following to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Update installed programs

Your version of Java is out-of-date and need to be removed and updated. Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

Uninstall these:

Java 8 Update 101 (64-bit)
Java 8 Update 101 (HKLM-x32\


NEXT

Install the latest version of Java:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

Java.gif

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found here.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

===================================================

I also recommend that you read the following:

Best Practices for Safe Computing - Prevention of Malware Infection by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan


Edited by satchfan, 18 August 2016 - 02:45 PM.
typo

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 EmmaE

EmmaE
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 18 August 2016 - 03:24 PM

All done, thank you!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users