Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware removal logs from FRST - iSkysoft Helper Compact


  • This topic is locked This topic is locked
18 replies to this topic

#1 cleansemypc

cleansemypc

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 11 January 2017 - 12:15 PM

Dear nasdaq, 

 

please would you help me to remove the iSkysoft Helper Compact - the problem is similar to the one below.

 

https://www.bleepingcomputer.com/forums/t/628793/iskysoft-helper-compact/

 

I paste below the FRST.txt and I attach the Addition.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-01-2017
Ran by Ruslan (administrator) on RUSLAN-VAIO (11-01-2017 16:59:44)
Running from C:\Users\Ruslan\Desktop\New folder (2)
Loaded Profiles: Ruslan (Available Profiles: Ruslan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790176 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657056 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-02-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\Run: [Google Update] => C:\Users\Ruslan\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\Run: [iPhone PC Suite] => C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\Run: [Nonoh] => "C:\Program Files (x86)\Nonoh.net\Nonoh\Nonoh.exe" -nosplash -minimized
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\Run: [Office Timeline Performance Helper] => C:\Program Files (x86)\Office Timeline\Current\OfficeTimelineStartup.exe [13056 2014-12-19] (OfficeTimeline LLC)
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\RunOnce: [Application Restart #5] => C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\RunOnce: [Application Restart #3] => C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\MountPoints2: {e7a049ab-188e-11e2-9dfe-78843ce1b11b} - D:\setup.exe
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\MountPoints2: {e7a049ae-188e-11e2-9dfe-78843ce1b11b} - E:\autorun.exe
Startup: C:\Users\Ruslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2011-08-23]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3594801013-1716500298-3534427049-1001] => cslibproxy:80
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{4F813F14-D4AF-41D7-94AF-553E6404788D}: [DhcpNameServer] 10.0.1.1 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{C929095B-DEDE-4071-ABBB-4472758590BA}: [DhcpNameServer] 62.26.0.10 62.26.0.66
 
Internet Explorer:
==================
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.eu/vaioportal
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001 -> {261E46D3-4E5D-4732-99C8-24FCF5D393B5} URL = hxxp://rover.ebay.com/rover/1/710-42480-16445-25/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001 -> {2A4E4621-9C5E-4AFD-BE96-95A01A3832A1} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001 -> {AA97BC23-050E-47FF-8796-0FD6EA50CE8F} URL = hxxp://uk.shopping.com/?linkin_id=8056359
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-01] (AO Kaspersky Lab)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2016-12-01] (AO Kaspersky Lab)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-31] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-01] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll [2016-12-01] (AO Kaspersky Lab)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Ruslan\AppData\Roaming\Mozilla\Firefox\Profiles\jmj2n2mz.default-1433795937054 [2017-01-11]
FF Extension: (Yahoo! Toolbar) - C:\Users\Ruslan\AppData\Roaming\Mozilla\Firefox\Profiles\jmj2n2mz.default-1433795937054\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-06-26] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [not found]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_111\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-04-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-04-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3594801013-1716500298-3534427049-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3594801013-1716500298-3534427049-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Ruslan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default [2017-01-11]
CHR Extension: (YouTube) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Kaspersky Protection) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-02-16]
CHR Extension: (PowerPoint Online) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2014-06-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-11]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
StartMenuInternet: Google Chrome - C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-08-23] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-03-31] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [75936 2011-03-31] (Atheros Commnucations) [File not signed]
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-23] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236432 2016-12-01] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2017-01-11] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-17] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-03-03] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-17] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-04-23] (Duplex Secure Ltd.)
U3 a2duap9l; C:\Windows\System32\Drivers\a2duap9l.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-11 16:59 - 2017-01-11 16:59 - 00000000 ____D C:\FRST
2017-01-11 16:58 - 2017-01-11 16:59 - 00000000 ____D C:\Users\Ruslan\Desktop\New folder (2)
2017-01-11 16:57 - 2017-01-11 16:57 - 02419200 _____ (Farbar) C:\Users\Ruslan\Downloads\FRST64.exe
2017-01-10 21:52 - 2017-01-10 21:53 - 00406229 _____ C:\Users\Ruslan\Downloads\introductory_conveyancing_pack_14429214.pdf
2017-01-10 21:38 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-01-10 19:48 - 2017-01-11 00:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-10 19:48 - 2017-01-10 21:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-10 19:48 - 2017-01-10 19:48 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-10 19:48 - 2017-01-10 19:48 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-01-10 19:48 - 2017-01-10 19:48 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-01-10 19:48 - 2017-01-10 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-01-10 19:48 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-01-10 19:45 - 2017-01-10 19:45 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ruslan\Downloads\spybot-2.4.exe
2017-01-10 19:27 - 2017-01-10 19:27 - 00000000 ____D C:\Users\Ruslan\AppData\Roaming\Sun
2017-01-10 19:27 - 2017-01-10 19:26 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-10 19:23 - 2017-01-10 19:24 - 63235648 _____ (Oracle Corporation) C:\Users\Ruslan\Downloads\jre-8u111-windows-x64.exe
2017-01-10 18:56 - 2017-01-05 18:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 18:56 - 2017-01-05 18:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 18:56 - 2017-01-05 18:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 18:56 - 2017-01-05 18:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 18:56 - 2017-01-05 17:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-10 18:56 - 2017-01-05 17:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 18:56 - 2017-01-05 17:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 18:56 - 2017-01-05 17:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 18:56 - 2017-01-05 17:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 18:56 - 2017-01-05 17:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 18:56 - 2017-01-05 17:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 18:56 - 2017-01-05 17:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 18:56 - 2017-01-05 17:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-10 13:46 - 2017-01-10 13:49 - 00348258 _____ C:\Users\Ruslan\Downloads\CONT 2986 Terms of Business Brochure to sign pages 21 and 22.pdf
2017-01-06 19:41 - 2017-01-06 19:41 - 00162924 _____ C:\Users\Ruslan\Downloads\RUSLAN AKHMETSHIN - CV 2016 (2).pdf
2017-01-06 19:41 - 2017-01-06 19:41 - 00162924 _____ C:\Users\Ruslan\Downloads\RUSLAN AKHMETSHIN - CV 2016 (1).pdf
2017-01-06 19:40 - 2017-01-09 00:04 - 00000000 ____D C:\Users\Ruslan\Desktop\CV 2017
2017-01-04 02:33 - 2017-01-04 02:39 - 00000000 ____D C:\Users\Ruslan\Desktop\2017 mortgage
2017-01-01 19:39 - 2017-01-01 19:39 - 00380981 _____ C:\Users\Ruslan\Downloads\BoardingCard_135588874_BUD_LTN.pdf
2017-01-01 19:37 - 2017-01-01 19:37 - 00380999 _____ C:\Users\Ruslan\Downloads\BoardingCard_135588874_LTN_BUD.pdf
2017-01-01 19:37 - 2017-01-01 19:37 - 00027070 _____ C:\Users\Ruslan\Downloads\BoardingCard_135588874_LTN_BUD.pkpass
2017-01-01 19:26 - 2017-01-01 19:27 - 00593420 _____ C:\Users\Ruslan\Desktop\p-air_airport_transfer_voucher_UEK67X.pdf
2016-12-31 15:51 - 2017-01-11 16:14 - 00524288 ___SH C:\Windows\system32\config\components{a7883d06-cee3-11e6-9683-ccaf78b98a02}.TMContainer00000000000000000001.regtrans-ms
2016-12-31 15:51 - 2017-01-11 16:14 - 00065536 ___SH C:\Windows\system32\config\components{a7883d06-cee3-11e6-9683-ccaf78b98a02}.TM.blf
2016-12-31 15:51 - 2016-12-31 16:06 - 00524288 ___SH C:\Windows\system32\config\components{a7883d06-cee3-11e6-9683-ccaf78b98a02}.TMContainer00000000000000000002.regtrans-ms
2016-12-30 16:14 - 2016-12-30 16:14 - 01048576 ___SH C:\Windows\system32\config\components{b2380ac6-a6ca-11e6-844a-ccaf78b98a02}.TxR.2.regtrans-ms
2016-12-30 16:14 - 2016-12-30 16:14 - 01048576 ___SH C:\Windows\system32\config\components{b2380ac6-a6ca-11e6-844a-ccaf78b98a02}.TxR.1.regtrans-ms
2016-12-30 16:14 - 2016-12-30 16:14 - 01048576 ___SH C:\Windows\system32\config\components{b2380ac6-a6ca-11e6-844a-ccaf78b98a02}.TxR.0.regtrans-ms
2016-12-30 16:14 - 2016-12-30 16:14 - 00065536 ___SH C:\Windows\system32\config\components{b2380ac6-a6ca-11e6-844a-ccaf78b98a02}.TxR.blf
2016-12-22 17:06 - 2016-12-22 17:07 - 00074418 _____ C:\Users\Ruslan\Downloads\2014 LVT ruling (9).pdf
2016-12-22 17:06 - 2016-12-22 17:07 - 00074418 _____ C:\Users\Ruslan\Downloads\2014 LVT ruling (8).pdf
2016-12-22 17:06 - 2016-12-22 17:07 - 00074418 _____ C:\Users\Ruslan\Downloads\2014 LVT ruling (7).pdf
2016-12-22 17:06 - 2016-12-22 17:07 - 00074418 _____ C:\Users\Ruslan\Downloads\2014 LVT ruling (6).pdf
2016-12-22 17:06 - 2016-12-22 17:07 - 00074418 _____ C:\Users\Ruslan\Downloads\2014 LVT ruling (11).pdf
2016-12-22 17:06 - 2016-12-22 17:07 - 00074418 _____ C:\Users\Ruslan\Downloads\2014 LVT ruling (10).pdf
2016-12-22 17:05 - 2016-12-22 17:07 - 00074418 _____ C:\Users\Ruslan\Downloads\2014 LVT ruling (5).pdf
2016-12-22 17:05 - 2016-12-22 17:07 - 00074418 _____ C:\Users\Ruslan\Downloads\2014 LVT ruling (4).pdf
2016-12-22 17:05 - 2016-12-22 17:07 - 00074418 _____ C:\Users\Ruslan\Downloads\2014 LVT ruling (3).pdf
2016-12-22 17:05 - 2016-12-22 17:07 - 00074418 _____ C:\Users\Ruslan\Downloads\2014 LVT ruling (2).pdf
2016-12-22 17:05 - 2016-12-22 17:07 - 00074418 _____ C:\Users\Ruslan\Downloads\2014 LVT ruling (1).pdf
2016-12-22 17:04 - 2016-12-22 17:07 - 00074418 _____ C:\Users\Ruslan\Downloads\2014 LVT ruling.pdf
2016-12-18 21:48 - 2016-12-18 21:49 - 00087722 _____ C:\Users\Ruslan\Desktop\171116_0734_v.jpg
2016-12-18 21:47 - 2016-12-18 21:49 - 00111906 _____ C:\Users\Ruslan\Desktop\171116_0575_v.jpg
2016-12-13 21:41 - 2016-11-21 18:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-13 21:41 - 2016-11-20 16:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-13 21:41 - 2016-11-20 14:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-13 21:41 - 2016-11-17 16:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-13 21:41 - 2016-11-14 23:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-13 21:41 - 2016-11-14 22:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-13 21:41 - 2016-11-12 19:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-13 21:41 - 2016-11-12 19:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-13 21:41 - 2016-11-12 19:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-13 21:41 - 2016-11-12 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-13 21:41 - 2016-11-12 19:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-13 21:41 - 2016-11-12 19:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-13 21:41 - 2016-11-12 19:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-13 21:41 - 2016-11-12 19:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-13 21:41 - 2016-11-12 19:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-13 21:41 - 2016-11-12 19:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-13 21:41 - 2016-11-12 19:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-13 21:41 - 2016-11-12 19:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-13 21:41 - 2016-11-12 19:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-13 21:41 - 2016-11-12 19:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-13 21:41 - 2016-11-12 19:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-13 21:41 - 2016-11-12 19:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-13 21:41 - 2016-11-12 18:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-13 21:41 - 2016-11-12 18:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-13 21:41 - 2016-11-12 18:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-13 21:41 - 2016-11-12 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-13 21:41 - 2016-11-12 18:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-13 21:41 - 2016-11-12 18:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-13 21:41 - 2016-11-12 18:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-13 21:41 - 2016-11-12 18:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-13 21:41 - 2016-11-12 18:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-13 21:41 - 2016-11-12 18:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-13 21:41 - 2016-11-12 18:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-13 21:41 - 2016-11-12 18:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-13 21:41 - 2016-11-12 18:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-13 21:41 - 2016-11-12 18:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-13 21:41 - 2016-11-12 18:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-13 21:41 - 2016-11-12 18:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-13 21:41 - 2016-11-12 18:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-13 21:41 - 2016-11-12 18:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-13 21:41 - 2016-11-12 18:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-13 21:41 - 2016-11-12 18:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-13 21:41 - 2016-11-12 18:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-13 21:41 - 2016-11-12 18:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-13 21:41 - 2016-11-12 18:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-13 21:41 - 2016-11-12 18:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-13 21:41 - 2016-11-12 18:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-13 21:41 - 2016-11-12 18:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-13 21:41 - 2016-11-12 18:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-13 21:41 - 2016-11-12 18:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-13 21:41 - 2016-11-12 18:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-13 21:41 - 2016-11-12 17:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-13 21:41 - 2016-11-12 17:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-13 21:41 - 2016-11-12 17:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-13 21:41 - 2016-11-12 17:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-13 21:41 - 2016-11-12 17:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-13 21:41 - 2016-11-12 17:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-13 21:41 - 2016-11-12 17:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-13 21:41 - 2016-11-12 17:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-13 21:41 - 2016-11-12 17:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-13 21:41 - 2016-11-12 17:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-13 21:41 - 2016-11-12 17:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-13 21:41 - 2016-11-12 17:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-13 21:41 - 2016-11-12 17:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-13 21:41 - 2016-11-12 17:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-13 21:41 - 2016-11-12 17:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-13 21:41 - 2016-11-12 17:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-13 21:41 - 2016-11-12 17:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-13 21:41 - 2016-11-12 17:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-13 21:41 - 2016-11-12 17:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-13 21:41 - 2016-11-10 16:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-13 21:41 - 2016-11-10 16:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-13 21:41 - 2016-11-09 16:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-13 21:41 - 2016-11-09 16:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-13 21:41 - 2016-11-09 16:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-13 21:41 - 2016-11-09 16:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-13 21:41 - 2016-11-09 16:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-13 21:41 - 2016-11-09 16:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-13 21:41 - 2016-11-09 16:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-13 21:41 - 2016-11-09 16:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-13 21:41 - 2016-11-09 16:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-13 21:41 - 2016-11-09 16:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-13 21:41 - 2016-11-09 16:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-13 21:41 - 2016-11-09 16:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-13 21:41 - 2016-11-09 16:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-13 21:41 - 2016-11-09 15:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-13 21:41 - 2016-11-06 16:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-13 21:41 - 2016-11-06 16:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-13 21:41 - 2016-11-06 16:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-13 21:41 - 2016-10-27 15:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-13 21:41 - 2016-10-27 15:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-13 21:41 - 2016-10-11 15:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-13 21:41 - 2016-10-11 15:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-13 21:41 - 2016-10-11 15:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-13 21:41 - 2016-10-11 15:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-13 21:41 - 2016-10-11 15:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-13 21:41 - 2016-10-11 15:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-13 21:41 - 2016-10-11 15:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-13 21:41 - 2016-10-11 15:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-13 21:41 - 2016-10-11 15:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-13 21:41 - 2016-10-11 15:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-13 21:41 - 2016-10-11 15:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-13 21:41 - 2016-10-11 15:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-13 21:41 - 2016-10-11 15:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-13 21:41 - 2016-10-11 15:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-13 21:41 - 2016-10-11 15:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 15:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-13 21:41 - 2016-10-11 15:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-13 21:41 - 2016-10-11 15:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-13 21:41 - 2016-10-11 14:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-13 21:41 - 2016-10-11 14:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-13 21:41 - 2016-10-11 14:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-13 21:41 - 2016-10-11 14:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-13 21:41 - 2016-10-11 14:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-13 21:41 - 2016-10-11 14:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-13 21:41 - 2016-10-11 14:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-13 21:41 - 2016-10-11 14:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-13 21:41 - 2016-10-11 14:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 14:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 14:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 14:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-13 21:41 - 2016-10-11 13:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-13 21:41 - 2016-10-11 13:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-13 21:41 - 2016-10-08 13:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-13 21:41 - 2016-10-04 15:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-13 21:41 - 2016-10-04 15:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-13 21:41 - 2016-10-04 15:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-13 21:41 - 2016-10-04 15:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-13 21:41 - 2016-10-04 15:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-13 21:41 - 2016-10-04 15:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-13 21:41 - 2016-10-04 15:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-13 21:41 - 2016-10-04 15:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-11 15:35 - 2014-01-04 04:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-01-11 15:23 - 2009-07-14 04:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-11 15:23 - 2009-07-14 04:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-11 15:21 - 2011-08-13 15:44 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{41101D7F-B9B9-4516-A61F-36DF53ED15AC}
2017-01-11 15:21 - 2009-07-14 05:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-11 15:21 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2017-01-11 15:14 - 2011-08-03 20:02 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-11 15:14 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-11 03:02 - 2013-08-16 07:28 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 03:01 - 2011-11-05 22:31 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 23:50 - 2013-06-23 20:29 - 00000000 ____D C:\Users\hedev
2017-01-10 22:27 - 2011-08-13 15:39 - 00000000 ____D C:\Users\Ruslan\Documents\Bluetooth Folder
2017-01-10 21:38 - 2015-08-13 11:34 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-10 19:30 - 2011-08-03 20:05 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-10 19:29 - 2013-12-30 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-10 19:28 - 2011-11-05 22:49 - 00007454 _____ C:\test.xml
2017-01-10 19:26 - 2011-08-03 20:04 - 00318528 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2017-01-10 19:25 - 2013-12-30 00:46 - 00000000 ____D C:\ProgramData\Oracle
2017-01-10 19:25 - 2011-08-03 20:04 - 00000000 ____D C:\Program Files\Java
2017-01-10 09:43 - 2011-08-14 16:07 - 00000000 ____D C:\Users\Ruslan\AppData\Roaming\Skype
2017-01-10 09:40 - 2011-08-16 02:59 - 00000000 ____D C:\Users\Ruslan\AppData\Local\CrashDumps
2017-01-08 19:21 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-01-08 19:07 - 2011-08-03 19:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-29 19:23 - 2016-11-09 22:21 - 00524288 ___SH C:\Windows\system32\config\components{b2380ac7-a6ca-11e6-844a-ccaf78b98a02}.TMContainer00000000000000000001.regtrans-ms
2016-12-29 19:23 - 2016-11-09 22:21 - 00065536 ___SH C:\Windows\system32\config\components{b2380ac7-a6ca-11e6-844a-ccaf78b98a02}.TM.blf
2016-12-16 21:28 - 2011-08-14 00:10 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 21:28 - 2011-08-14 00:10 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 21:28 - 2011-08-13 16:13 - 00003510 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3594801013-1716500298-3534427049-1001UA
2016-12-16 21:28 - 2011-08-13 16:12 - 00003238 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3594801013-1716500298-3534427049-1001Core
2016-12-16 21:28 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Tasks
2016-12-15 00:03 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2016-12-14 20:01 - 2009-07-14 02:34 - 00189440 ____H C:\Users\Default\NTUSER.DAT.LOG1
2016-12-14 19:59 - 2009-07-14 04:45 - 00309200 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-14 19:47 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Boot
2016-12-14 19:47 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\AppPatch
2016-12-14 19:47 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-14 19:47 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-14 19:01 - 2011-02-10 23:03 - 00767734 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2011-08-13 19:39 - 2011-08-13 19:39 - 0000042 _____ () C:\Users\Ruslan\AppData\Roaming\iPod Access Photo Prefs
2011-08-13 19:38 - 2011-08-13 19:38 - 0000011 ____H () C:\Users\Ruslan\AppData\Roaming\iPodAccessPhoto_Time
2015-03-13 13:12 - 2015-03-13 13:12 - 0002084 _____ () C:\Users\Ruslan\AppData\Local\recently-used.xbel
2011-11-05 22:28 - 2013-02-16 15:29 - 0007597 _____ () C:\Users\Ruslan\AppData\Local\Resmon.ResmonCfg
2011-11-14 20:32 - 2011-11-14 20:32 - 0017408 _____ () C:\Users\Ruslan\AppData\Local\WebpageIcons.db
2012-04-23 14:01 - 2012-04-23 14:01 - 0000041 ___SH () C:\ProgramData\.zreglib
 
Some files in TEMP:
====================
C:\Users\Ruslan\AppData\Local\Temp\msvcr80.dll
C:\Users\Ruslan\AppData\Local\Temp\SimPack.exe
C:\Users\Ruslan\AppData\Local\Temp\zlib1.dll
C:\Users\Ruslan\AppData\Local\Temp\_is5AC6.exe
C:\Users\Ruslan\AppData\Local\Temp\_is97FD.exe
C:\Users\Ruslan\AppData\Local\Temp\_isBC94.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-03 00:42
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:30 AM

Posted 11 January 2017 - 01:18 PM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 cleansemypc

cleansemypc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 11 January 2017 - 01:40 PM

please can you help using the FRST logs - in the same way as it was solved here. The problem is identical. Thank you very much!

 

https://www.bleepingcomputer.com/forums/t/628793/iskysoft-helper-compact/ 



#4 Jo*

Jo*

  • Malware Response Team
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:30 AM

Posted 11 January 2017 - 01:47 PM

Before using FRST logs to create a fixlist, we need some other scans.
Please follow my instructions from post #2.

EDIT:
Did you set this Proxy Server?
ProxyServer: [S-1-5-21-3594801013-1716500298-3534427049-1001] => cslibproxy:80

Edited by Jo*, 11 January 2017 - 01:53 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 cleansemypc

cleansemypc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 11 January 2017 - 02:04 PM

Hi Jo, ok thank you - I run the first one. I am not sure if it is running or if it timed out. The window says ''Performing System Health Check''

 

I will wait for 15 mins and restart if not moving



#6 cleansemypc

cleansemypc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 11 January 2017 - 02:13 PM

Securitycheck complete

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 23.0.0.205  
 Mozilla Firefox 35.0.1 Firefox out of Date!  
 Google Chrome (55.0.2883.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Total Security 16.0.1 avp.exe  
 Kaspersky Lab Kaspersky Total Security 16.0.1 avpui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 


#7 cleansemypc

cleansemypc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 11 January 2017 - 04:11 PM

Hi Jo, I am still running the second one - been two hours and going very very slow, I will post when completed.



#8 cleansemypc

cleansemypc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 12 January 2017 - 01:43 PM

Jo, the second run (Malwarebytes) is completed, took over 12 hours, no malware found.

Attached Files



#9 Jo*

Jo*

  • Malware Response Team
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:30 AM

Posted 13 January 2017 - 06:50 PM

Hello,

Did you set this Proxy Server?
ProxyServer: [S-1-5-21-3594801013-1716500298-3534427049-1001] => cslibproxy:80

---

:step1: Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(it takes a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
 

createsrpoint;
filesrcm; 
uninstall-list;
iedefaults;
ffdefaults;
chrdefaults;
emptyclsid;
emptyalltemp;
autoclean;
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Copy and paste the log to your next reply please.
 

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 cleansemypc

cleansemypc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 13 January 2017 - 07:45 PM

Hi Jo,

 

Yes I vaguely remember setting up this proxy at some shared access point but it is not in use now.

 

attached is the log from adwcleaner.

 

# AdwCleaner v6.042 - Logfile created 12/01/2017 at 18:46:10
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-11.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Ruslan - RUSLAN-VAIO
# Running from : C:\Users\Ruslan\Desktop\adwcleaner\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Auslogics
Folder Found:  C:\Users\Ruslan\AppData\Roaming\Mozilla\Firefox\Profiles\jmj2n2mz.default-1433795937054\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found:  HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\Software\YahooPartnerToolbar
Key Found:  HKCU\Software\Yahoo\Companion
Key Found:  HKCU\Software\YahooPartnerToolbar
Key Found:  [x64] HKCU\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\YahooPartnerToolbar
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [1641 Bytes] - [12/01/2017 18:46:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1714 Bytes] ##########

Edited by cleansemypc, 13 January 2017 - 07:46 PM.


#11 cleansemypc

cleansemypc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 14 January 2017 - 03:17 PM

zoek

 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Ruslan on 14/01/2017 at 19:39:55.29.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Ruslan\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
14/01/2017 19:43:35 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\SlySoft deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\Ruslan\AppData\Roaming\Opera deleted successfully
C:\Users\Ruslan\AppData\Roaming\TP deleted successfully
C:\Users\Ruslan\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Ruslan\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Ruslan\AppData\Local\EmieSiteList deleted successfully
C:\Users\Ruslan\AppData\Local\EmieUserList deleted successfully
C:\Users\Ruslan\AppData\Local\Opera deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-3594801013-1716500298-3534427049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3594801013-1716500298-3534427049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3594801013-1716500298-3534427049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-3594801013-1716500298-3534427049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-3594801013-1716500298-3534427049-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully
HKEY_USERS\S-1-5-21-3594801013-1716500298-3534427049-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Ruslan\AppData\Roaming\Mozilla\Firefox\Profiles\jmj2n2mz.default-1433795937054\prefs.js:
 
Added to C:\Users\Ruslan\AppData\Roaming\Mozilla\Firefox\Profiles\jmj2n2mz.default-1433795937054\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\SlySoft not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\Users\Ruslan\.android deleted
C:\PROGRA~2\Personal Finances Pro deleted
C:\PROGRA~2\Special Uninstaller deleted
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\sho1B1B.tmp deleted
C:\Windows\Syswow64\sho29B4.tmp deleted
C:\Windows\Syswow64\sho500.tmp deleted
C:\Windows\Syswow64\sho5006.tmp deleted
C:\Windows\Syswow64\sho7B73.tmp deleted
C:\Windows\Syswow64\sho7D1C.tmp deleted
C:\Windows\Syswow64\sho93A9.tmp deleted
C:\Windows\Syswow64\sho93F7.tmp deleted
C:\Windows\Syswow64\shoCCD0.tmp deleted
C:\Windows\Syswow64\shoDB67.tmp deleted
C:\Windows\Syswow64\shoDD99.tmp deleted
C:\Windows\Syswow64\shoECC6.tmp deleted
C:\Users\Ruslan\Documents\Updater deleted
"C:\Users\Ruslan\AppData\Roaming\iPodAccessPhoto_Time" deleted
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\Ruslan\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2017-01-10 18:56:09 6B2128FF407CFE6A6CD0FD75FA582762 342528 ----a-w- C:\Windows\SysWOW64\certcli.dll
2017-01-10 18:56:07 64EE5C9920B495CB64495AD71D3D107E 666112 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 18:56:07 14EFDAE9DF1EE21633C499A32E083E00 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2017-01-10 18:56:07 119A0ABD71231A0631D0398CDE59B398 553472 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2017-01-10 18:56:06 CE9D85D7DAD9F1F866E58AEF5ACE40FF 261120 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 18:56:06 C7DE0A1BDFA4F2A391F54AE896B42184 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2017-01-10 18:56:06 9AAAAB3F548633FBA501DDA9FDE22900 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 18:56:06 194764870AAB21ECA33EABC1960AE925 254464 ----a-w- C:\Windows\SysWOW64\schannel.dll
2017-01-10 18:56:06 14884F65DB8EA930AE53F1853BE02C67 223232 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 18:56:05 D9EAF7B56E4C2D5E11B8CEBDA6880192 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2017-01-10 18:56:05 D1454D4A036F52E101F3E6536A7EE1AE 36352 ----a-w- C:\Windows\SysWOW64\cryptbase.dll
2017-01-10 18:56:05 BA839D2035576E2D20ABB9D053B8BDF2 141312 ----a-w- C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 18:56:05 B272B56CB1C49B8F1213FEE3109817A5 82944 ----a-w- C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 18:56:05 AF3D83788189A26497EE1F0EB5250AA6 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2017-01-10 18:56:05 AD8A1DE73DF23E495F93C908622CAFE9 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll
2017-01-10 18:56:05 A907DF685CADF1AB9D49573F417E7AB8 690688 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2017-01-10 18:56:05 6B4B084760AE7BD1C4723FE4AD46BCD4 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2017-01-10 18:56:05 0FA09838E6827727A4B6B8B8AA412D07 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2017-01-10 19:27:02 424C5A1B8560FB538EAB22C95B4EBF57 110144 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll
2017-01-10 18:56:09 67FB2FF173E0C6890D667322B9A243F5 463872 ----a-w- C:\Windows\Sysnative\certcli.dll
2017-01-10 18:56:09 4ADD5DBC4156B51DC0A72DD9CEF9EB45 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2017-01-10 18:56:08 8A76D3248C253BA8E47E0E9F00ACBDE6 1212928 ----a-w- C:\Windows\Sysnative\rpcrt4.dll
2017-01-10 18:56:07 FA778FD134FCF78C6B8553034A30EB09 345600 ----a-w- C:\Windows\Sysnative\schannel.dll
2017-01-10 18:56:07 D24E542075CEDE62E665D2BD0B05BF75 312320 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2017-01-10 18:56:07 D1D2AFEA0DD07916515B82D78D65306C 730624 ----a-w- C:\Windows\Sysnative\kerberos.dll
2017-01-10 18:56:07 A302E5E06464CF850CB7A0E034E411FA 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll
2017-01-10 18:56:07 876CAB310F5DDC3C4031B09C6505B815 210432 ----a-w- C:\Windows\Sysnative\wdigest.dll
2017-01-10 18:56:07 6F075F832A8DAED15A1D780339040BD0 316928 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2017-01-10 18:56:07 356008B6E9E550880CC671FE968D4A87 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2017-01-10 18:56:06 CA260EFA523C65B90AD646826B8601B7 123904 ----a-w- C:\Windows\Sysnative\bcrypt.dll
2017-01-10 18:56:06 727BFA9DA828063D6117DB003AC02FE6 190464 ----a-w- C:\Windows\Sysnative\rpchttp.dll
2017-01-10 18:56:06 4D8A6E702F5715003D8C8BCF0C4E255D 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll
2017-01-10 18:56:06 4C4134E04984DA651B9DFFF2F553668B 28160 ----a-w- C:\Windows\Sysnative\secur32.dll
2017-01-10 18:56:06 30D8D88B22F969C923BD563D1F9D5C05 43520 ----a-w- C:\Windows\Sysnative\cryptbase.dll
2017-01-10 18:56:06 1F9335A2C68B65E7D95985FA50968EA0 30720 ----a-w- C:\Windows\Sysnative\lsass.exe
2017-01-10 18:56:05 A27BD16585219577C70FD8CDE22A5742 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2017-01-10 18:56:05 7C028FA9C9FDDE04E4924F6D30CEC6E8 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll
2017-01-10 18:56:05 1038294D707409DC510AED77BA65DE8B 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe
2017-01-10 18:56:05 06175F9EC59D198B6EE35C78339588C3 690688 ----a-w- C:\Windows\Sysnative\adtschema.dll
2017-01-10 18:56:05 01E934271840EFA62D90C79A8B9D4054 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll
====== C:\Windows\Sysnative\drivers =====
2017-01-12 00:10:06 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\42AA6059.sys
2017-01-11 19:17:00 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2017-01-11 19:16:21 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2017-01-10 18:56:09 6F5F0C6160EF237F0243C1E416EEBA98 95464 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2017-01-10 18:56:09 05529E53B286FD60E7EF04EF138CABFD 154856 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2017-01-10 18:56:07 632E8A00090E4F85F304E152C92C7F2C 159744 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys
2017-01-10 18:56:07 0D9C05484F2F4BD9D33A615D5DBE67EA 291328 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys
2017-01-10 18:56:06 6123E6FECC1C164022868FB1982271BE 129536 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys
====== C:\Windows\Tasks ======
2017-01-10 19:48:58 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2017-01-10 19:30:47 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\Ruslan\AppData\Roaming ======
2017-01-10 19:50:25 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs
2017-01-10 19:27:53 -------- d-----w- C:\Users\Ruslan\AppData\Roaming\Sun
====== C:\Users\Ruslan ======
2017-01-12 18:44:07 E05BC40301AB39A2DFC1E03B9B117A99 3988944 ----a-w- C:\Users\Ruslan\Downloads\AdwCleaner.exe
2017-01-11 19:14:56 67B0906B68164E807BD5691C67696DA4 16563352 ----a-w- C:\Users\Ruslan\Downloads\mbar-1.09.3.1001.exe
2017-01-11 16:57:33 0620CC65DE6A3584A2EC09BED5EB0942 2419200 ----a-w- C:\Users\Ruslan\Downloads\FRST64.exe
2017-01-10 19:23:11 13D775AB6D1D888994C52CAAD8F4C89D 63235648 ----a-w- C:\Users\Ruslan\Downloads\jre-8u111-windows-x64.exe
 
====== C: exe-files ==
2017-01-12 18:44:35 E05BC40301AB39A2DFC1E03B9B117A99 3988944 ----a-w- C:\Users\Ruslan\Desktop\adwcleaner\AdwCleaner.exe
2017-01-12 18:44:07 E05BC40301AB39A2DFC1E03B9B117A99 3988944 ----a-w- C:\Users\Ruslan\Downloads\AdwCleaner.exe
2017-01-11 19:14:56 67B0906B68164E807BD5691C67696DA4 16563352 ----a-w- C:\Users\Ruslan\Downloads\mbar-1.09.3.1001.exe
2017-01-11 16:58:27 0620CC65DE6A3584A2EC09BED5EB0942 2419200 ----a-w- C:\Users\Ruslan\Desktop\New folder (2)\FRST64.exe
2017-01-11 16:57:33 0620CC65DE6A3584A2EC09BED5EB0942 2419200 ----a-w- C:\Users\Ruslan\Downloads\FRST64.exe
2017-01-10 19:27:03 DDDB440FFCBD1B4DC181C6E1ADDBC008 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe
2017-01-10 19:27:03 78671CDE783C9CA782213BDFACFEDFC6 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe
2017-01-10 19:27:03 5F7099F09743350510EB854B576AD9EF 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe
2017-01-10 19:26:01 DEB544C556C795A8492DAF3071AE30DB 16448 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\orbd.exe
2017-01-10 19:26:01 CD6B7E39265B8D80440950402B879D41 16448 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\ktab.exe
2017-01-10 19:26:01 B6D4D3D2CC46CE8D2E107186528AC270 16448 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\rmiregistry.exe
2017-01-10 19:26:01 B1715D7C082793933EC58ED377A3AA65 16448 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\klist.exe
2017-01-10 19:26:01 A6E49AA7A19BD2B141ECBFA1B4280329 16448 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\servertool.exe
2017-01-10 19:26:01 8B765507794B12218F94609404D0D2F1 16448 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\keytool.exe
2017-01-10 19:26:01 82D121FCD136B6697464282A5825DB5B 15936 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\jjs.exe
2017-01-10 19:26:01 79678CA69AF92F732E5868BBFA753F58 15936 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\rmid.exe
2017-01-10 19:26:01 6F053759B8A97F7F76416A84B52222F4 16448 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\tnameserv.exe
2017-01-10 19:26:01 67B7FA6C61DC117E6679073A9FC5E43D 111680 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\jp2launcher.exe
2017-01-10 19:26:01 55682A2BCA12F5AE1C62C787009312C2 16448 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\kinit.exe
2017-01-10 19:26:01 38D129D79DF2553138E9D374063B7970 197184 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\unpack200.exe
2017-01-10 19:26:01 3721F2C2F4AAFF04BA79DEEEE1EB9960 16448 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\pack200.exe
2017-01-10 19:26:01 271450A70AE96D88AF9A30C5AE282D0C 69696 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\ssvagent.exe
2017-01-10 19:26:01 215CB9F3E714506E568B8683E9CED4A7 16448 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\policytool.exe
2017-01-10 19:26:00 DDDB440FFCBD1B4DC181C6E1ADDBC008 318528 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\javaws.exe
2017-01-10 19:26:00 9D2CC4BB958933295EF268C433E96829 15936 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\java-rmi.exe
2017-01-10 19:26:00 78671CDE783C9CA782213BDFACFEDFC6 206912 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\java.exe
2017-01-10 19:26:00 5F7099F09743350510EB854B576AD9EF 206912 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\javaw.exe
2017-01-10 19:26:00 59F2B1ACC572391276EB062CC7967DFF 79936 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\javacpl.exe
2017-01-10 19:26:00 462556E308E915F3EF7C30130700A5AC 34368 ----a-w- C:\Program Files\Java\jre1.8.0_111\bin\jabswitch.exe
2017-01-10 19:23:11 13D775AB6D1D888994C52CAAD8F4C89D 63235648 ----a-w- C:\Users\Ruslan\Downloads\jre-8u111-windows-x64.exe
2017-01-10 09:40:19 3F6C56D83526F60B8DEBE72280EA3A3F 166912 ----a-w- C:\Users\Ruslan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KL2WNO5Z\SkypeSetupFull[1].exe
=== C: other files ==
2017-01-12 00:10:06 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\42AA6059.sys
2017-01-11 19:17:00 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2017-01-11 19:16:21 47701ECA633574E122687693B5C5D35C 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2017-01-10 19:26:02 AC8527968110D3255D5CC15E8893373A 14156 ----a-w- C:\Program Files\Java\jre1.8.0_111\lib\deploy\ffjcext.zip
2017-01-10 18:56:09 6F5F0C6160EF237F0243C1E416EEBA98 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-01-10 18:56:09 05529E53B286FD60E7EF04EF138CABFD 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-01-10 18:56:07 632E8A00090E4F85F304E152C92C7F2C 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-01-10 18:56:07 0D9C05484F2F4BD9D33A615D5DBE67EA 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-01-10 18:56:06 6123E6FECC1C164022868FB1982271BE 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Ruslan\AppData\Roaming\Mozilla\Firefox\Profiles\jmj2n2mz.default-1433795937054
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi" [01/12/2016 23:41]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Ruslan\AppData\Roaming\Mozilla\Firefox\Profiles\jmj2n2mz.default-1433795937054
- Undetermined - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
- Undetermined - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
 
==== Deleted Firefox Extensions ======================
 
C:\Users\Ruslan\AppData\Roaming\Mozilla\Firefox\Profiles\jmj2n2mz.default-1433795937054\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
 
Chrome Media Router - Ruslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Chromium Fix ======================
 
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_megalyrics.ru_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_megalyrics.ru_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmania.com_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmania.com_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trueshopping.co.uk_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.trueshopping.co.uk_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mmmoneysave.blogspot.co.uk_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mmmoneysave.blogspot.co.uk_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ferrysavers.co.uk_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ferrysavers.co.uk_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.feed.rbc.ru_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.feed.rbc.ru_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.tacdn.com_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.tacdn.com_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3l3lkinz3f56t.cloudfront.net_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3l3lkinz3f56t.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3mwhxgzltpnyp.cloudfront.net_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3mwhxgzltpnyp.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2t9887qs4vtnx.cloudfront.net_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2t9887qs4vtnx.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adservices.picadmedia.com_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adservices.picadmedia.com_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.chameleonwebservices.co.uk_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.chameleonwebservices.co.uk_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.productsandservices.bt.com_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.productsandservices.bt.com_0.localstorage-journal deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.console-deals.com_0.localstorage deleted successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.console-deals.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.sony.eu/vaioportal"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{261E46D3-4E5D-4732-99C8-24FCF5D393B5} eBay  Url="http://rover.ebay.com/rover/1/710-42480-16445-25/4?satitle={searchTerms}"
{2A4E4621-9C5E-4AFD-BE96-95A01A3832A1} Zinio  Url="http://services.zinio.com/search?s={searchTerms}&rf=sonyslices"
{AA97BC23-050E-47FF-8796-0FD6EA50CE8F} Shopping.com  Url="http://uk.shopping.com/?linkin_id=8056359"
 
==== Reset Google Chrome ======================
 
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF10f92cf2.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF115f6014.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF12cc122b.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF13c2c623.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF13fc4c82.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF14f50bb1.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF14f6863d.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF15c2c9d5.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF15f60a20.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF163a1cc7.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1715ff6d.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF173455e6.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF185df7.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1919b4e0.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1923d24f.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF194a3ff1.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF19757ab0.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF19a3d84.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF19c592f3.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF19e637aa.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF19f2aa98.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1a741a7d.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1c45589f.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1c4817.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1d6a4f04.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1df00902.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1e5e93e5.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1eba2a6b.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1f1c1567.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1f30f376.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF222b7503.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF23ebe146.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF24adefbb.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF254fde41.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF26bf89e2.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF27e9440.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF28e998d.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2c4ea423.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2c6b0dbf.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2e8200c.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2fcfed7.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF30200c6b.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF30829fc.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF31066ebb.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF31d3523.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF31f16e23.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF33a329fb.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF33c2d57.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF34efc2e7.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF365400d.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF38eed9b.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3a6957e.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3b1a594.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3cd0503.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF47141f57.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF48c45223.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF4f82268.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF503be8.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF5161bd4.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF5878a22.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF596ec779.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF5b19412.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF5d279de.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF699bf3fa.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF7ae1359.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF7b5089f.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF844e598.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF84e57fa.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF8822b40.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF8ee0ac8.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFa01ac59.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFab08405.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFbda02ac.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFbfc91a3.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFc29117d.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFd400c64.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFeb8646a.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFefbac.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf2a9f0b.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf873a52.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFfbcabac.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFfe44a8a.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFfef9511.TMP was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Uninstall List x64 ======================
 
????? Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}]
?????? Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}]
??????? ????????? Windows Live Mesh ActiveX ??? ?????????? ?????????? [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}]
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}]
???????? ?????????? Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E83DC314-C926-4214-AD58-147691D6FE9F}]
?????????? Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{77F69CA1-E53D-4D77-8BA3-FA07606CC851}]
??????????? ?? Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4444F27C-B1A8-464E-9486-4C37BAB39A09}]
???????????? Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C115A674-A398-49E5-9C6E-C0A541D3EA10}]
æTorrent  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]
æTorrent  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]
ActiveX-kontroll f”r fj„rranslutningar f”r Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}]
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ?????? [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}]
Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}]
Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR]
Adobe Bridge 1.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B74D4E10-1033-0000-0000-000000000001}]
Adobe Common File Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8EDBA74D-0686-4C99-BFDD-F894678E5B39}]
Adobe Community Help [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}]
Adobe Community Help [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1]
Adobe Flash Player 10 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Flash Player 23 NPAPI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI]
Adobe Help Center 1.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E9787678-1033-0000-8E67-000000000001}]
Adobe Photoshop CS2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{236BB7C4-4419-42FD-0409-1E257A25E34D}]
Adobe Photoshop CS2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}]
Adobe Photoshop Elements 9 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{007F778D-F15C-4EAB-AE92-071D21FAF632}]
Adobe Photoshop Elements 9 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop Elements 9]
Adobe Premiere Elements 9 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EB9955F8-467C-47FC-90F8-12CD5DF684C3}]
Adobe Premiere Elements 9 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PremElem90]
Adobe Reader X MUI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}]
Adobe Stock Photos 1.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{786C5747-1033-0000-B58E-000000000001}]
Alps Pointing-device for VAIO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}]
Apple Application Support (32-bit) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}]
Apple Application Support (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2937FD88-C9D6-4B82-B539-37CD0A572F42}]
Apple Mobile Device Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}]
Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56EC47AA-5813-4FF6-8E75-544026FBEA83}]
ArcSoft Magic-i Visual Effects 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61438020-DDD4-42FA-99A2-50225441980A}]
ArcSoft WebCam Companion 4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}]
Atheros WiFi Driver Installation [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7D916FA5-DAE9-4A25-B089-655C70EAF607}]
Betfair Poker [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Betfair Poker]
Bing Bar [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}]
Bluetooth Win7 Suite (64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{230D1595-57DA-4933-8C4E-375797EBB7E1}]
Bonjour  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}]
CCleaner  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
Citrix online plug-in (Web) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}]
Conexant HD Audio [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_AUDIO_HDA]
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{260E3D78-94E6-47EC-8E29-46301572BB1E}]
Contr“le ActiveX Windows Live Mesh pour connexions … distance [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{55D003F4-9599-44BF-BA9E-95D060730DD3}]
Controlo ActiveX do Windows Live Mesh para Liga‡äes Remotas [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}]
D3DX10  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
DAEMON Tools Lite [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
DiskAid 4.64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DiskAid_is1]
Dungeon Keeper 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A076A1C-9DEF-4C46-9DDB-6C5FDAFC9879}_is1]
Dungeon Keeper 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GOGPACKDUNGEONKEEPER2_is1]
EA SPORTST FIFA 15 Demo [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{108C0C19-6316-4944-A62F-C744488F8639}]
Elements 9 Organizer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{433EACD8-4747-4A6A-826A-FFA9F39B0D40}]
Elements STI Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{25175695-4B20-4298-9F34-C2C57CD277B3}]
Elements STI Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}]
EViews 7 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A5AEDA0-3B9E-4006-90A7-E78779951A43}]
FaceMorpher Lite 2.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FaceMorpher Lite]
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}]
Galeria de Fotografias do Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}]
Galeria fotografii uslugi Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}]
Galerie de photos Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{488F0347-C4A7-4374-91A7-30818BEDA710}]
Galerie foto Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB66242D-12B1-4494-82D2-6F53A7E024A3}]
GIMP 2.8.14 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\GIMP-2_is1]
GOG.com Dungeon Keeper 2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb]
Google Chrome [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Earth [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
Ø…•ÐŠ”Š‚ IV [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ø…•ÐŠ”Š‚ IV_is1]
Intel® Control Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}]
Intel® Management Engine Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}]
Intel® Rapid Storage Technology [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}]
iTunes  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A31C5565-90D9-4615-AE13-94D86C3836C7}]
Java 8 Update 111 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F64180111F0}]
JavaFX 2.1.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1111706F-666A-4037-7777-211328764D10}]
Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}]
Kaspersky Internet Security [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F575F386-57EF-4943-B003-A13F13B05EEB}]
Kaspersky Internet Security [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}]
MathType 6 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DSMT6]
Media Gallery [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{115B60D5-BBDB-490E-AF2E-064D37A3CE01}]
Mesh Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}]
Microsoft .NET Framework 4.6.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033]
Microsoft .NET Framework 4.6.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}]
Microsoft Office Click-to-Run 2010 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.Click2Run]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}]
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}]
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}]
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}]
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}]
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}]
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)]
Microsoft_VC80_CRT_x86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}]
Microsoft_VC80_MFC_x86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D1A19B02-817E-4296-A45B-07853FD74D57}]
Microsoft_VC80_MFCLOC_x86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}]
Microsoft_VC90_CRT_x86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{08D2E121-7F6A-43EB-97FD-629B44903403}]
Mozilla Firefox 35.0.1 (x86 en-GB) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 35.0.1 (x86 en-GB)]
Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
MSVCRT  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
MSVCRT_amd64  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}]
MSXML 4.0 SP3 Parser (KB2721691) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}]
MSXML 4.0 SP3 Parser (KB2758694) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}]
MSXML 4.0 SP3 Parser (KB973685) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}]
MSXML 4.0 SP3 Parser [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{196467F1-C11F-4F76-858B-5812ADC83B94}]
Notepad++  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++]
NVIDIA 3D Vision Driver 268.31 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision]
NVIDIA Control Panel 268.31 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel]
NVIDIA Graphics Driver 268.31 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver]
NVIDIA HD Audio Driver 1.2.22.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver]
NVIDIA Install Application [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer]
NVIDIA PhysX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}]
NVIDIA PhysX System Software 9.10.0514 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX]
NVIDIA Stereoscopic 3D Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIAStereo]
Office Timeline [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DAE585BA-546F-4684-9592-6EA2D0DF071E}]
Ovl dac¡ prvek ActiveX platformy Windows Live Mesh pro vzd len  pripojen¡ [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6190387-0036-4BEB-8D74-A0AFC5F14706}]
Ovl dac¡ prvok ActiveX programu Windows Live Mesh pre vzdialen‚ pripojenia [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}]
PDF Watermark Remover [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PDF Watermark Remover_is1]
Personal Finances Pro v5.2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Personal Finances Pro_is1]
PMB  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}]
PMB VAIO Edition Guide [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}]
PMB VAIO Edition Plug-in [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{133D3F07-D558-46CE-80E8-F4D75DBBAD63}]
PMB VAIO Edition Plug-in [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{270380EB-8812-42E1-8289-53700DB840D2}]
PMB VAIO Edition Plug-in [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8356CB97-A48F-44CB-837A-A12838DC4669}]
Poczta uslugi Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{64376910-1860-4CEF-8B34-AA5D205FC5F1}]
Podstawowe programy Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7A9D47BA-6D50-4087-866F-0800D8B89383}]
Quick Web Access [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13EC74A6-4707-4D26-B9B9-E173403F3B08}]
Quick Web Access [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\splashtop]
QuickTime 7 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}]
Raccolta foto di Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ED16B700-D91F-44B0-867C-7EB5253CA38D}]
Realtek PCIE Card Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1594429-8296-4652-BF54-9DBE4932A44C}]
Remote Keyboard [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}]
Remote Play with PlayStation 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}]
Rosetta Stone Version 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99011A6E-5200-11DE-BDB8-7ACD56D89593}]
S?????? f?t???af??? t?? Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C00C2A91-6CB3-483F-80B3-2958E29468F1}]
SchweserPro Level 2 2014 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchweserPro Level 2 2014]
SchweserPro Level 3 2014 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchweserPro Level 3 2014]
Sid Meier's Civilization 5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sid Meier's Civilization 5_R.G. Mechanics_is1]
Sid Meier's Civilization IV Colonization [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}]
SkypeT 6.21 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}]
SmartSound Quicktracks for Premiere Elements 9.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6748E773-5DA0-4D19-8AA5-273B4133A09B}]
SmartSound Quicktracks for Premiere Elements 9.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}]
Sony Corporation [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F31AC31-0A28-4F5A-8416-513972DA1F79}]
Special Uninstaller version 1.4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{31684965-46FA-4074-85CF-DAE1AE4A4DD6}_is1]
SSLx64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{312395BC-7CC2-434C-A660-30250276A926}]
SSLx86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63C43435-F428-42BA-8E7B-5848749D9262}]
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?æa???sæ??e? s??d?se?? [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}]
Star Wars: The Old Republic [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}]
Unicode Rewriter [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Unicode Rewriter]
Uzak BaglantÕlar I‡in Windows Live Mesh ActiveX Denetimi [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{241E7104-937A-4366-AD57-8FDDDB003939}]
VAIO - Media Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}]
VAIO - PMB VAIO Edition Guide [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}]
VAIO - PMB VAIO Edition Plug-in [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}]
VAIO - Remote Keyboard [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}]
VAIO - Remote Play with PlayStation©3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07441A52-E208-478A-92B7-5C337CA8C131}]
VAIO Care [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}]
VAIO Care [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D531F5A4-18F6-4130-B9A4-9179D6E349FC}]
VAIO Control Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{72042FA6-5609-489F-A8EA-3C2DD650F667}]
VAIO Data Restore Tool [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}]
VAIO Data Restore Tool [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{70EED410-697B-4193-A2CB-2F790F82B420}]
VAIO Easy Connect [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}]
VAIO Easy Connect [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}]
VAIO Event Service [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73D8886A-D416-4687-B609-0D3836BA410C}]
VAIO Gate [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A7C30414-2382-4086-B0D6-01A88ABA21C3}]
VAIO Gate Default [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B7546697-2A80-4256-A24B-1C33163F535B}]
VAIO Hardware Diagnostics [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}]
VAIO Hero Screensaver - Summer 2011 Screensaver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VAIO Hero Screensaver - Summer 2011 Screensaver]
VAIO Improvement [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}]
VAIO Improvement Validation [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}]
VAIO Manual [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}]
VAIO Sample Contents [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}]
VAIO Smart Network [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}]
VAIO Transfer Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}]
VAIO Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}]
VCCx86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B088046-8A01-4355-99DD-8530C022F682}]
VESx64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}]
VESx86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A94F54D-A8A4-4B82-B346-92B4D56A2708}]
Viber  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Viber]
VIx64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D55EAC07-7207-44BD-B524-0F063F327743}]
VIx86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}]
VLC media player 1.1.11 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player]
VSNx64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}]
VU5x64  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6B7DE186-374B-4873-AEC1-7464DA337DD6}]
VU5x86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D12A8B5-9D41-4465-BF11-70719EB0CD02}]
VU5x86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}]
VWSTx86  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B8991D99-88FD-41F2-8C32-DB70278D5C30}]
WinCDEmu  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinCDEmu]
Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}]
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{17835B63-8308-427F-8CF5-D76E0D5FE457}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{17F99FCE-8F03-4439-860A-25C5A5434E18}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A07C35B-8384-4DA4-9A95-442B6C89A073}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A04DB63-8F81-4EF4-9D09-61A2057EF419}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{827D3E4A-0186-48B7-9801-7D1E9DD40C07}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B618C3BF-5142-4630-81DD-F96864F97C7E}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0F9505B-3ACF-4158-9311-D0285136AA00}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FEEF7F78-5876-438B-B554-C4CC426A4302}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite]
Windows Live Fotogal‚ria [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{97F77D62-5110-4FA3-A2D3-410B92D31199}]
Windows Live Fotogalerie [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B113D18C-67B0-4FB7-B329-E89B66194AE6}]
Windows Live Fotogalerie [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB79FDB7-4DE1-453D-99FE-9A880F57380E}]
Windows Live Fotogalleri [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5C2F5C1B-9732-4F81-8FBF-6711627DC508}]
Windows Live Fotograf Galerisi [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD695C2F-3EA0-4DA4-92D5-154072468721}]
Windows Live Fot¢t r [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}]
Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1B8ABA62-74F0-47ED-B18C-A43128E591B8}]
Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}]
Windows Live Language Selector [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D07A61E5-A59C-433C-BCBD-22025FA2287B}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{10186F1A-6A14-43DF-A404-F0105D09BB07}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63CF7D0C-B6E7-4EE9-8253-816B613CC437}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{82803FF3-563F-414F-A403-8D4C167D4120}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{924B4D82-1B97-48EB-8F1E-55C4353C22DB}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B1239994-A850-44E2-BED8-E70A21124E16}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C454280F-3C3E-4929-B60E-9E6CED5717E7}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C66824E4-CBB3-4851-BB3F-E8CFD6350923}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D07B1FDA-876B-4914-9E9A-309732B6D44F}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D31169F2-CD71-4337-B783-3E53F29F4CAD}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D588365A-AE39-4F27-BDAE-B4E72C8E900C}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FA6CF94F-DACF-4FE7-959D-55C421B91B17}]
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C32CE55C-12BA-4951-8797-0967FDEF556F}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00884F14-05BD-4D8E-90E5-1ABF78948CA4}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{039480EE-6933-4845-88B8-77FD0C3D059D}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{110668B7-54C6-47C9-BAC4-1CE77F156AF5}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{11417707-1F72-4279-95A3-01E0B898BBF5}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2D3E034E-F76B-410A-A169-55755D2637BB}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3F4143A1-9C21-4011-8679-3BC1014C6886}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{46872828-6453-4138-BE1C-CE35FBF67978}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7496FD31-E5CB-4AE4-82D3-31099558BF6A}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{80E8C65A-8F70-4585-88A2-ABC54BABD576}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91BD94FE-ADCA-49CC-BE96-97D4BBC36FAF}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C91188-C88F-4E86-93E6-CD7C9A266649}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C08D5964-C42F-48EE-A893-2396F9562A7C}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DECDCB7C-58CC-4865-91AF-627F9798FE48}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}]
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{09B7C7EB-3140-4B5E-842F-9C79A7137139}]
Windows Live Mesh ActiveX-objekt til fjernforbindelser [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57220148-3B2B-412A-A2E0-82B9DF423696}]
Windows Live Mesh ActiveX-vez‚rlo t voli kapcsolatokhoz [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}]
Windows Live Mesh ActiveX Control for Remote Connections [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}]
Windows Live Mesh ActiveX control for remote connections [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C5398A89-516C-4DAF-BA07-EE7949090E56}]
Windows Live Mesh ActiveX Control for Remote Connections [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}]
Windows Live Meshin et„yhteyksien ActiveX-komponentti [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A9256E0-C924-46DE-921B-F6C4548A1C64}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39BDD209-5704-480C-9F4A-B69D0370DDBB}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{50300123-F8FC-4B50-B449-E847D04F1BA2}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6057E21C-ABE9-4059-AE3E-3BEB9925E660}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6986737B-F286-40D1-87AF-938339DCF6AB}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A563426-3474-41C6-B847-42B39F1485B2}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6D30E864-46AE-435B-8230-8B5D42B4AE37}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F6021AE-E688-4D03-843A-C2260482BA0D}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{80956555-A512-4190-9CAD-B000C36D6B6B}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D57A002F-2B34-4E7B-A58B-0A4FBDA2E93F}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E7688C7D-DE09-4D43-9785-534EDE9BC18E}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F694D1F7-1F12-4550-9B7A-C871273ABAD5}]
Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA54F80E-261C-41A2-A855-549A144F2F59}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{133D9D67-D475-4407-AC3C-D558087B2453}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19BA08F7-C728-469C-8A35-BFBD3633BE08}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60C3C026-DB53-4DAB-8B97-7C1241F9A847}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{640798A0-A4FB-4C52-AC72-755134767F1E}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7465A996-0FCA-4D2D-A52C-F833B0829B5B}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7AF8E500-B349-4A77-8265-9854E9A47925}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{80651674-74AA-4155-AF2D-1339E628D187}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF022D76-9F72-4203-B8FA-6522DC66DFDA}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD442136-9115-4236-9C14-278F6A9DCB3F}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4E88B54-4777-4659-967A-2EED1E6AFD83}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0654EA5D-308A-4196-882B-5C09744A5D81}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{168E7302-890A-4138-9109-A225ACAF7AD1}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28B9D2D8-4304-483F-AD71-51890A063A74}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{370F888E-42A7-4911-9E34-7D74632E17EB}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F37D92B-41AA-44B7-80D2-457ABDE11896}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73FC3510-6421-40F7-9503-EDAE4D0CF70D}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78906B56-0E81-42A7-AC25-F54C946E1538}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7D0DE76C-874E-4BDE-A204-F4240160693E}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{84267681-BF16-40B6-9564-27BC57D7D71C}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{85373DA7-834E-4850-8AF5-1D99F7526857}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BD262D0-B788-4546-A0A5-F4F56EC3834B}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C893D8C0-1BA0-4517-B11C-E89B65E72F70}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD7CB1E6-267A-408F-877D-B532AD2C882E}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D436F577-1695-4D2F-8B44-AC76C99E0002}]
Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}]
Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{34F4D9A4-42C2-4348-BEF4-E553C84549E7}]
Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}]
Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{885F1BCD-C344-4758-85BD-09640CF449A5}]
Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}]
Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CF671BFE-6BA3-44E7-98C1-500D9C51D947}]
Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83C292B7-38A5-440B-A731-07070E81A64F}]
Windows Live Remote Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF6D988A-EEA0-4277-AAB8-158E086E439B}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C1A6191-9804-4FDC-AB01-6F9183C91A13}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2F304EF4-0C31-47F4-8557-0641AAE4197C}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3921492E-82D2-4180-8124-E347AD2F2DB4}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4C2E49C0-9276-4324-841D-774CCCE5DB48}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F44A3A1-5D24-4708-8776-66B42B174C64}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{692CCE55-9EAE-4F57-A834-092882E7FE0B}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{850B8072-2EA7-4EDC-B930-7FE569495E76}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8970AE69-40BE-4058-9916-0ACB1B974A3D}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9F672527-2BE4-47AB-B061-C057BDE30B30}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C9F05151-95A9-4B9B-B534-1760E2D014A5}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ED421F97-E1C3-4E78-9F54-A53888215D58}]
Windows Live Remote Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1685AE50-97ED-485B-80F6-145071EE14B0}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{17A4FD95-A507-43F1-BC92-D8572AF8340A}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{19F09425-3C20-4730-9E2A-FC2E17C9F362}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4EFA8109-732B-4026-9F0C-B70ECF3F9293}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5E2CD4FB-4538-4831-8176-05D653C3E6D4}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{61407251-7F7D-4303-810D-226A04D5CFF3}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7AEC844D-448A-455E-A34E-E1032196BBCD}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9E9C960F-7F47-46D5-A95D-950B354DE2B8}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D930AF5C-5193-4616-887D-B974CEFC4970}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}]
Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}]
Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}]
Windows Live Temel Par‡alar [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1203DC60-D9BD-44F9-B372-2B8F227E6094}]
Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{05E379CC-F626-4E7D-8354-463865B303BF}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{09922FFE-D153-44AE-8B60-EA3CB8088F93}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0C1931EB-8339-4837-8BEC-75029BF42734}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24DF33E0-F924-4D0D-9B96-11F28F0D602D}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37B33B16-2535-49E7-8990-32668708A0A3}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40BFD84C-64CD-42CC-9909-8734C50429C6}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4C378B16-46B7-4DA1-A2CE-2EE676F74680}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{506FC723-8E6C-4417-9CFF-351F99130425}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{523DF2BB-3A85-4047-9898-29DC8AEB7E69}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5E627606-53B9-42D1-97E1-D03F6229E248}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8CF5D47D-27B7-49D6-A14F-10550B92749D}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92280FD3-A119-41E6-A740-A62DBA4DFB53}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E5DD4723-FE0B-436E-A815-DC23CF902A0B}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{11778DA1-0495-4ED9-972F-F9E0B0367CD5}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3B9A92DA-6374-4872-B646-253F18624D5F}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4264C020-850B-4F08-ACBE-98205D9C336C}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{71A81378-79D5-40CC-9BDC-380642D1A87F}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7E017923-16F8-4E32-94EF-0A150BD196FE}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{859D4022-B76D-40DE-96EF-C90CDA263F44}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAF454FC-82CA-4F29-AB31-6A109485E76E}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1C9D199-B4DD-4895-92DD-9A726A2FE341}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DA29F644-2420-4448-8128-1331BE588999}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E0C35-AC3C-4683-BA2F-834348577B80}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E8524B28-3BBB-4763-AC83-0E83FE31C350}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F28C98E9-BAC1-41FF-81F2-8885925CCB48}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{14B441B7-774D-4170-98EA-A13667AE6218}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1B0545C4-620F-4661-A369-C4D113F24932}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26E3C07C-7FF7-4362-9E99-9E49E383CF16}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3125D9DE-8D7A-4987-95F3-8A42389833D8}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{458F399F-62AC-4747-99F5-499BBF073D29}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5D2E7BD7-4B6F-4086-BA8A-E88484750624}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{62687B11-58B5-4A18-9BC3-9DF4CE03F194}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{734104DE-C2BF-412F-BB97-FCCE1EC94229}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7FF11E53-C002-4F40-8D68-6BE751E5DD62}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{93E464B3-D075-4989-87FD-A828B5C308B1}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AB78C965-5C67-409B-8433-D7B5BDB12073}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C29FC15D-E84B-4EEC-8505-4DED94414C59}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}]
Windows Liven asennusty”kalu [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8909CFA8-97BF-4077-AC0F-6925243FFE08}]
Windows Liven s„hk”posti [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}]
Windows Liven valokuvavalikoima [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1A72337E-D126-4BAF-AC89-E6122DB71866}]
WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]
Yahoo Detect [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YTdetect]
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ruslan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ruslan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Ruslan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Ruslan\AppData\Local\Mozilla\Firefox\Profiles\jmj2n2mz.default-1433795937054\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache is not empty, a reboot is needed
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=169 folders=23 40370053 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\hedev\AppData\Local\Temp emptied successfully
C:\Users\Ruslan\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Ruslan\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Ruslan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J5WA9HMT\tag.kineto.hiro.tv"  not found
 
==== EOF on 14/01/2017 at 20:13:37.65 ======================


#12 cleansemypc

cleansemypc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 14 January 2017 - 03:25 PM

# AdwCleaner v6.042 - Logfile created 14/01/2017 at 20:21:39
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-11.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Ruslan - RUSLAN-VAIO
# Running from : C:\Users\Ruslan\Desktop\adwcleaner\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Auslogics
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
[-] Key deleted: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\YahooPartnerToolbar
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1393 Bytes] - [14/01/2017 20:21:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [1801 Bytes] - [12/01/2017 18:46:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [1719 Bytes] - [14/01/2017 20:21:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1612 Bytes] ##########


#13 cleansemypc

cleansemypc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 14 January 2017 - 03:28 PM

Hi Jo, I have run all the scans you requested, now can you please help me iSkysoft Helper Compact from my computer?



#14 Jo*

Jo*

  • Malware Response Team
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:30 AM

Posted 14 January 2017 - 04:32 PM

Hello,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
Start
CreateRestorePoint:
CloseProcesses:
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\MountPoints2: {e7a049ab-188e-11e2-9dfe-78843ce1b11b} - D:\setup.exe
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\MountPoints2: {e7a049ae-188e-11e2-9dfe-78843ce1b11b} - E:\autorun.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001 -> {261E46D3-4E5D-4732-99C8-24FCF5D393B5} URL = hxxp://rover.ebay.com/rover/1/710-42480-16445-25/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001 -> {2A4E4621-9C5E-4AFD-BE96-95A01A3832A1} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_111\bin\new_plugin\npjp2.dll [No File]
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java Platform SE 7 U67) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\Ruslan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
C:\Program Files\Common Files\iSkysoft
AlternateDataStreams: C:\Windows:86F51562117711F6 [50]
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 cleansemypc

cleansemypc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 14 January 2017 - 05:01 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-01-2017
Ran by Ruslan (14-01-2017 21:52:09) Run:1
Running from C:\Users\Ruslan\Desktop
Loaded Profiles: Ruslan (Available Profiles: Ruslan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\MountPoints2: {e7a049ab-188e-11e2-9dfe-78843ce1b11b} - D:\setup.exe
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\...\MountPoints2: {e7a049ae-188e-11e2-9dfe-78843ce1b11b} - E:\autorun.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001 -> {261E46D3-4E5D-4732-99C8-24FCF5D393B5} URL = hxxp://rover.ebay.com/rover/1/710-42480-16445-25/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001 -> {2A4E4621-9C5E-4AFD-BE96-95A01A3832A1} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_111\bin\new_plugin\npjp2.dll [No File]
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java Platform SE 7 U67) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Google Update) - C:\Users\Ruslan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ruslan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
C:\Program Files\Common Files\iSkysoft
AlternateDataStreams: C:\Windows:86F51562117711F6 [50]
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iSkysoft Helper Compact.exe => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7a049ab-188e-11e2-9dfe-78843ce1b11b} => key removed successfully
HKCR\CLSID\{e7a049ab-188e-11e2-9dfe-78843ce1b11b} => key not found. 
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7a049ae-188e-11e2-9dfe-78843ce1b11b} => key removed successfully
HKCR\CLSID\{e7a049ae-188e-11e2-9dfe-78843ce1b11b} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{261E46D3-4E5D-4732-99C8-24FCF5D393B5} => key removed successfully
HKCR\CLSID\{261E46D3-4E5D-4732-99C8-24FCF5D393B5} => key not found. 
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A4E4621-9C5E-4AFD-BE96-95A01A3832A1} => key removed successfully
HKCR\CLSID\{2A4E4621-9C5E-4AFD-BE96-95A01A3832A1} => key not found. 
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin => key removed successfully
Chrome DefaultSearchURL => not found.
Chrome DefaultSuggestURL => not found.
C:\Users\Ruslan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => not found.
C:\Users\Ruslan\AppData\Local\Google\Chrome\Application\55.0.2883.87\pdf.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin2.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin3.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin4.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin5.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin6.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin7.dll => not found.
C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Users\Ruslan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll => not found.
C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll => not found.
c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => not found.
c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => not found.
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key removed successfully
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key removed successfully
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key removed successfully
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key removed successfully
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
HKU\S-1-5-21-3594801013-1716500298-3534427049-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key removed successfully
"C:\Program Files\Common Files\iSkysoft" => not found.
C:\Windows => ":86F51562117711F6" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20940999 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => -7134 B
Edge => 0 B
Chrome => 171994256 B
Firefox => 11732499 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33253 B
systemprofile32 => 49637 B
LocalService => 33125 B
NetworkService => 33125 B
Ruslan => 42342913 B
 
RecycleBin => 0 B
EmptyTemp: => 243.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:53:47 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users