Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"the requested resource is in use"


  • This topic is locked This topic is locked
14 replies to this topic

#1 foreigner00

foreigner00

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 24 March 2017 - 06:39 PM

Whenever I try to open any security program I get this error "the requested resource is in use".

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Sokol (administrator) on SOKOL-PC (24-03-2017 18:19:38)
Running from C:\Users\Sokol\Desktop
Loaded Profiles: Sokol (Available Profiles: Sokol & Vera & Guest & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\Canon\Easy-WebPrint EX\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(TorchMedia Inc.) C:\Users\Sokol\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(BitTorrent Inc.) C:\Users\Sokol\AppData\Roaming\uTorrent\uTorrent.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(BitTorrent Inc.) C:\Users\Sokol\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe
(BitTorrent Inc.) C:\Users\Sokol\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Run: [Google Update] => C:\Users\Sokol\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Run: [uTorrent] => C:\Users\Sokol\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-10] (BitTorrent Inc.)
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Run: [R2LJKL4ZXB] => "C:\Program Files (x86)\BeCleaner\9UWTB.exe"
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\MountPoints2: H - H:\wubi.exe
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\MountPoints2: {3411ca2a-273b-11e3-95f1-001eec836f38} - F:\setup.exe -a
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\MountPoints2: {e8207fe9-1612-11e3-9cac-001eec836f38} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\MountPoints2: {f0da0fe2-251c-11e3-921a-001eec836f38} - F:\KODAK_Software_Downloader.exe
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-03-23]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-03-23]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oxy.lnk [2013-11-01]
ShortcutTarget: Oxy.lnk -> C:\Users\Sokol\AppData\Local\Oxy\Application\bin\start.cmd (No File)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{3F7869CC-E292-4B3C-A2EC-FD7BC6712955}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{428335A4-DE64-46CA-A08A-D6FFEAFE38DE}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{428335A4-DE64-46CA-A08A-D6FFEAFE38DE}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{B587A128-4A0C-4554-8788-465B455D308B}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B587A128-4A0C-4554-8788-465B455D308B}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{DABE7253-53A3-4E78-97E4-AEB7AEB7F05E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{EA1D8264-B4C1-403F-A21C-BAAD0351AA98}: [NameServer] 8.8.8.8,8.8.4.4
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-399097656-3941740853-1436833426-1000 -> {E66A38A2-2390-4967-B7F2-77F7E05E0835} URL = hxxp://www.bing.com/search?FORM=SL5IDF&PC=SL5I&q={searchTerms}&src=IE-SearchBox
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-02-06] ()
BHO: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll [2012-02-08] (Logitech, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-02-06] ()
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll [2012-02-08] (Logitech, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-02-06] ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-02-06] ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-399097656-3941740853-1436833426-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab

FireFox:
========
FF ProfilePath: C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704 [2017-03-24]
FF NewTab: Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704 -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704 -> www.yahoo.com
FF NetworkProxy: Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704 -> type", 0
FF Extension: (Simple YouTube to MP3/MP4 Converter and Downloader) - C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack.xpi [2017-02-15]
FF Extension: (LastPass) - C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704\Extensions\support@lastpass.com [2017-03-22]
FF Extension: (TinEye Reverse Image Search) - C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704\Extensions\tineye@ideeinc.com.xpi [2017-03-22]
FF Extension: (Session Manager) - C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31]
FF Extension: (Google Reverse Image Search) - C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2017-03-13]
FF Extension: (Video DownloadHelper) - C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-03-19]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-11-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-12-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: (Logitech Flow Scroll) - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2016-10-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-12-15] [not signed]
FF HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [No File]
FF Plugin-x32: TorchVLC -> C:\Users\Sokol\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin HKU\S-1-5-21-399097656-3941740853-1436833426-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sokol\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-399097656-3941740853-1436833426-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sokol\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-399097656-3941740853-1436833426-1000: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-07-12] (Nullsoft, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com\/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp:\/\/www.yahoo.com\/"
CHR NewTab: Default ->  Not-active:"chrome-extension://fnhfdmnphmbbjbgppnpcddkefmeokfho/main.html"
CHR DefaultSearchURL: Default -> hxxp:\/\/www.bing.com\/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default [2017-03-24]
CHR Extension: (Google Slides) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-17]
CHR Extension: (Google Docs) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-17]
CHR Extension: (Google Drive) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-17]
CHR Extension: (YouTube) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-17]
CHR Extension: (Google Sheets) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-17]
CHR Extension: (Logitech Flow Scroll) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi [2016-10-04]
CHR Extension: (Google Docs Offline) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (Gmail) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-17]
CHR Extension: (Chrome Media Router) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-25]
CHR HKU\S-1-5-21-399097656-3941740853-1436833426-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2016-10-01]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-04-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [623848 2016-03-09] (Samsung Electronics Co.,Ltd)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 TorchCrashHandler; C:\Users\Sokol\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217344 2016-08-11] (TorchMedia Inc.) <==== ATTENTION
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2016-08-26] (SHAREit Technologies Co.Ltd)
R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [262360 2009-01-08] (Data Perceptions / PowerProgrammer)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe [851456 2017-03-23] () [File not signed] <==== ATTENTION <==== ATTENTION
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare) [File not signed]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [103736 2015-09-22] (Wondershare)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.) [File not signed]
S2 Dataup; C:\PROGRA~2\dataup\dataup.exe [X] <==== ATTENTION
R2 MySQL; "C:\Program Files (x86)\Canon\Easy-WebPrint EX\bin\mysqld" MySQL [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 ASPI32; no ImagePath
R3 AVerBDA6x_x64; C:\Windows\System32\DRIVERS\AVerBDA716x_x64.sys [1354880 2009-06-05] (AVerMedia TECHNOLOGIES, Inc.)
R3 clwvd6; C:\Windows\System32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [80968 2017-03-23] () [File not signed] <==== ATTENTION
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20784 2012-10-28] (Mobile Stream)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-17] (Riverbed Technology, Inc.)
S2 NSHE; C:\Windows\SysWOW64\Drivers\NSHE.SYS [97792 2008-11-23] (T0r0 2008) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-24] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-24] (Zemana Ltd.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.3.38103.0.sys [X]
S3 JMCR; system32\DRIVERS\jmcr.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-24 18:19 - 2017-03-24 18:19 - 00030983 _____ C:\Users\Sokol\Desktop\FRST.txt
2017-03-24 18:19 - 2017-03-24 18:19 - 00000000 ____D C:\FRST
2017-03-24 18:18 - 2017-03-24 18:18 - 02424832 _____ (Farbar) C:\Users\Sokol\Desktop\FRST64.exe
2017-03-24 03:55 - 2017-03-24 03:55 - 00000000 ____D C:\Program Files (x86)\regtool
2017-03-24 02:53 - 2017-03-24 18:19 - 00173089 _____ C:\Windows\ZAM.krnl.trace
2017-03-24 02:53 - 2017-03-24 18:19 - 00045803 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-24 02:53 - 2017-03-24 02:53 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-03-24 02:53 - 2017-03-24 02:53 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-03-24 02:53 - 2017-03-24 02:53 - 00001148 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-24 02:53 - 2017-03-24 02:53 - 00000000 ____D C:\Users\Sokol\AppData\Local\Zemana
2017-03-24 02:53 - 2017-03-24 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-24 02:53 - 2017-03-24 02:53 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-24 02:51 - 2017-03-24 17:34 - 00002032 _____ C:\Users\Sokol\Desktop\Rkill.txt
2017-03-24 02:51 - 2017-03-24 02:51 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Sokol\Desktop\iExplore.exe
2017-03-24 02:46 - 2017-03-24 02:46 - 09741664 _____ (SurfRight B.V.) C:\Users\Sokol\Desktop\HitmanPro_x64.exe
2017-03-24 02:45 - 2017-03-24 02:45 - 04031440 _____ C:\Users\Sokol\Desktop\fIRefox.exe
2017-03-24 02:44 - 2017-03-24 02:44 - 05740956 _____ (Zemana Ltd. ) C:\Users\Sokol\Desktop\eXplorer.exe
2017-03-24 02:43 - 2017-03-24 02:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Sokol\Desktop\rkill.exe
2017-03-24 02:33 - 2017-03-24 02:33 - 00604928 _____ (Reimage) C:\Users\Sokol\Documents\ReimageRepair.exe
2017-03-24 02:28 - 2017-03-24 03:45 - 00000000 ____D C:\Program Files (x86)\dataup
2017-03-23 20:18 - 2017-03-23 20:35 - 412400124 _____ C:\avenger.txt
2017-03-23 20:18 - 2017-03-23 20:18 - 00000000 ____D C:\Avenger
2017-03-23 19:57 - 2017-03-23 19:57 - 00000037 _____ C:\Windows\wininit.ini
2017-03-23 19:55 - 2017-03-23 20:16 - 00190404 _____ C:\Windows\ntbtlog.txt
2017-03-23 19:54 - 2017-03-23 19:54 - 00000000 _____ C:\Windows\SysWOW64\SurfShield.exe
2017-03-23 19:53 - 2017-03-23 19:54 - 00000000 ____D C:\Program Files\54a3ce50cf64b2e59a8bcf85cf02a663
2017-03-23 19:52 - 2017-03-23 19:52 - 00625272 _____ C:\Windows\system32\NetUtils2016.dll
2017-03-23 19:52 - 2017-03-23 19:52 - 00000000 ____D C:\Windows\system32\sstmp
2017-03-23 19:52 - 2017-03-23 19:52 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-03-23 19:52 - 2017-03-23 19:52 - 00000000 ____D C:\Users\Public\Documents\Guid
2017-03-23 19:51 - 2017-03-23 19:57 - 00000000 ____D C:\Program Files (x86)\f10efd1c-0221-421d-94aa-b4db9bf3520a1490316713
2017-03-23 19:51 - 2017-03-23 19:51 - 00000000 _____ C:\TOSTACK
2017-03-23 19:50 - 2017-03-23 20:06 - 00000000 ____D C:\Program Files (x86)\s5
2017-03-23 19:50 - 2017-03-23 19:50 - 00831488 ____N C:\Windows\system32\tprdpw32.exe
2017-03-23 19:50 - 2017-03-23 19:50 - 00080968 ____N C:\Windows\system32\Drivers\drmkpro64.sys
2017-03-23 19:46 - 2017-03-23 19:46 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2017-03-23 19:39 - 2017-03-23 19:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2017-03-23 05:07 - 2017-03-23 05:07 - 00000000 ____D C:\63059e1e72c83711d6ac47f0
2017-03-23 04:38 - 2017-03-23 04:39 - 15261400 _____ (Microsoft Corporation) C:\Users\Sokol\Documents\vc_redist.x64.exe
2017-03-23 04:20 - 2017-03-24 03:28 - 00000000 ____D C:\Program Files (x86)\CronusPRO
2017-03-23 04:20 - 2017-03-23 04:20 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-03-23 04:20 - 2017-03-23 04:20 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CronusPRO
2017-03-23 04:19 - 2017-03-23 04:20 - 00000000 ____D C:\Users\Sokol\Documents\CronusPro
2017-03-23 03:06 - 2017-03-23 03:06 - 4260369091 _____ C:\Windows\MEMORY.DMP
2017-03-23 03:06 - 2017-03-23 03:06 - 00849024 _____ C:\Windows\Minidump\032317-20186-01.dmp
2017-03-22 21:48 - 2017-03-22 21:48 - 00331183 _____ C:\Users\Sokol\Documents\Xbox-One-KInect-sensor-product-guide_US.pdf
2017-03-21 16:40 - 2017-03-21 16:40 - 00000322 _____ C:\Users\Sokol\Desktop\iExplorer.appref-ms
2017-03-21 16:40 - 2017-03-21 16:40 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macroplant LLC
2017-03-21 15:50 - 2017-03-21 15:50 - 00000000 ____D C:\Users\Sokol\Documents\AC
2017-03-21 07:17 - 2017-03-21 07:17 - 00002043 _____ C:\Users\Sokol\Desktop\New Text Document (8).txt
2017-03-21 07:16 - 2017-03-21 07:16 - 00006827 _____ C:\Users\Sokol\Desktop\New Text Document (6).txt
2017-03-21 07:16 - 2017-03-21 07:16 - 00001889 _____ C:\Users\Sokol\Desktop\New Text Document (7).txt
2017-03-21 06:49 - 2017-03-21 06:49 - 00000000 _____ C:\Users\Sokol\Documents\IExplorer screen capture.wmv
2017-03-21 06:34 - 2017-03-21 06:34 - 00596184 _____ () C:\Users\Sokol\Downloads\setup (1).exe
2017-03-21 06:34 - 2017-03-21 06:34 - 00013585 _____ C:\Users\Sokol\Downloads\iExplorer (3).application
2017-03-21 03:50 - 2017-03-23 20:16 - 00003043 _____ C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screen Recorder.lnk
2017-03-21 03:50 - 2017-03-23 20:14 - 00003037 _____ C:\Users\Sokol\Desktop\Screen Recorder.lnk
2017-03-21 03:50 - 2017-03-21 03:50 - 00000000 ____D C:\Program Files (x86)\ScreenRecorder
2017-03-21 03:48 - 2017-03-21 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2017-03-21 03:48 - 2017-03-21 03:48 - 00000000 ____D C:\Program Files\Windows Media Components
2017-03-21 03:47 - 2017-03-21 03:47 - 00000000 ____D C:\UtilityOnlineMarch09
2017-03-19 20:47 - 2017-03-19 23:34 - 00000000 ____D C:\Users\Sokol\dwhelper
2017-03-18 22:25 - 2017-03-18 22:25 - 00492101 _____ C:\Users\Sokol\Documents\IMG_20170318_0001.pdf
2017-03-18 22:24 - 2017-03-18 22:25 - 00000000 ___HD C:\ProgramData\CanonIJScan
2017-03-18 22:24 - 2017-03-18 22:24 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\Canon
2017-03-17 23:10 - 2017-03-17 23:11 - 00000000 ____D C:\Users\Sokol\Documents\HP DV9700
2017-03-17 17:08 - 2017-03-17 17:08 - 02894522 _____ C:\Windows\9d1bb1fd8bff39a52a4e0e91444a5341.exe
2017-03-17 15:41 - 2017-03-17 15:41 - 00013585 _____ C:\Users\Sokol\Downloads\iExplorer.application
2017-03-17 15:41 - 2017-03-17 15:41 - 00013585 _____ C:\Users\Sokol\Downloads\iExplorer (2).application
2017-03-17 15:41 - 2017-03-17 15:41 - 00013585 _____ C:\Users\Sokol\Downloads\iExplorer (1).application
2017-03-17 11:47 - 2017-03-21 16:40 - 00000000 ____D C:\Users\Sokol\AppData\Local\Deployment
2017-03-17 11:47 - 2017-03-17 11:47 - 00000000 ____D C:\Users\Sokol\AppData\Local\Apps\2.0
2017-03-17 10:54 - 2017-03-17 14:15 - 00000000 ____D C:\Program Files (x86)\iExplorer
2017-03-17 10:54 - 2017-03-17 10:54 - 00000000 ____D C:\Users\Sokol\AppData\LocalLow\Apple Computer
2017-03-17 10:49 - 2017-03-17 10:50 - 00038808 _____ C:\Users\Sokol\Documents\cc_20170317_104957.reg
2017-03-17 10:40 - 2017-03-17 10:40 - 00000000 ____D C:\Users\Sokol\AppData\Local\Macroplant_LLC
2017-03-17 10:18 - 2017-03-17 10:19 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\libimobiledevice
2017-03-17 09:57 - 2017-03-17 09:57 - 00119400 ____H C:\Windows\system32\mlfcache.dat
2017-03-17 09:49 - 2017-03-23 20:15 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-17 09:49 - 2017-03-17 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-17 09:48 - 2017-03-17 09:49 - 00000000 ____D C:\Program Files\iTunes
2017-03-17 09:48 - 2017-03-17 09:48 - 00000000 ____D C:\Program Files\iPod
2017-03-17 09:39 - 2017-03-17 11:21 - 00000000 ____D C:\Program Files (x86)\Tansee iPhone Transfer SMS
2017-03-17 09:38 - 2017-03-17 09:39 - 11678760 _____ (Tansee, Inc. ) C:\Users\Sokol\Documents\iDeviceMessageTransfer.exe
2017-03-16 18:05 - 2017-03-16 18:05 - 00949880 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Sokol\Documents\rufus-2.12.exe
2017-03-16 17:49 - 2017-03-16 17:50 - 00000000 ____D C:\Users\Sokol\Desktop\New folder (3)
2017-03-15 12:48 - 2017-03-15 12:48 - 00106485 _____ C:\Users\Sokol\Documents\Phone_Report_832-572-9177.pdf
2017-03-14 20:04 - 2017-03-14 20:04 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\ABBYY
2017-03-14 19:50 - 2017-03-14 19:50 - 00000000 ____D C:\temp
2017-03-14 09:52 - 2017-03-17 11:56 - 00002135 _____ C:\Users\Vera\Desktop\Google Chrome.lnk
2017-03-14 09:52 - 2017-03-17 11:56 - 00001287 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\Documents\HTC
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Roaming\LastPass
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Apple Computer
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Adobe
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\LocalLow\LastPass
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\VirtualStore
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\NVIDIA
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\HTC MediaHub
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\Hewlett-Packard
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\Apple Computer
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\Adobe
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\.android
2017-03-14 09:51 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera
2017-03-14 09:51 - 2017-03-14 09:51 - 00000020 ___SH C:\Users\Vera\ntuser.ini
2017-03-14 09:51 - 2017-03-14 09:51 - 00000000 _SHDL C:\Users\Vera\My Documents
2017-03-14 09:51 - 2017-03-14 09:51 - 00000000 _SHDL C:\Users\Vera\Documents\My Videos
2017-03-14 09:51 - 2017-03-14 09:51 - 00000000 _SHDL C:\Users\Vera\Documents\My Pictures
2017-03-14 09:51 - 2017-03-14 09:51 - 00000000 _SHDL C:\Users\Vera\Documents\My Music
2017-03-14 09:51 - 2013-03-01 11:30 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Macromedia
2017-03-14 09:51 - 2013-02-12 11:33 - 00000000 ____D C:\Users\Vera\AppData\Roaming\TuneUp Software
2017-03-14 09:51 - 2009-07-14 02:45 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Media Center Programs
2017-03-11 12:52 - 2017-03-11 12:53 - 01780419 _____ C:\Users\Sokol\Documents\130-u.pdf
2017-03-10 10:31 - 2017-03-10 10:31 - 02492774 _____ C:\Users\Sokol\Documents\cp200_user_guide.pdf
2017-03-10 10:31 - 2017-03-10 10:31 - 00100237 _____ C:\Users\Sokol\Documents\cp200_series_specifications.pdf
2017-03-09 20:12 - 2017-03-09 20:13 - 00130592 _____ C:\Users\Sokol\Documents\9fbfe9bf-d265-477b-9594-f96911eb1bfb.pdf
2017-03-08 10:54 - 2017-03-08 23:38 - 00000000 ____D C:\Users\Sokol\Documents\Shimano bike
2017-03-07 23:17 - 2017-03-22 14:25 - 00000000 ____D C:\Users\Sokol\Documents\2006 cbr1000tt
2017-02-25 14:46 - 2017-02-25 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightowl

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-24 18:20 - 2013-02-06 05:09 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\uTorrent
2017-03-24 18:18 - 2013-02-06 00:02 - 00000000 ____D C:\Users\Sokol\AppData\LocalLow\LastPass
2017-03-24 18:05 - 2009-07-13 23:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-24 18:05 - 2009-07-13 23:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-24 17:54 - 2016-10-29 19:08 - 00000000 ____D C:\Users\Sokol\Desktop\New folder (2)
2017-03-24 17:35 - 2016-11-18 11:04 - 00000000 ____D C:\Users\Sokol\AppData\LocalLow\Mozilla
2017-03-24 17:25 - 2016-09-20 15:14 - 00000000 ____D C:\Users\Sokol\AppData\Local\HTC MediaHub
2017-03-24 17:25 - 2015-09-04 19:11 - 00000000 ____D C:\Users\Sokol\AppData\LocalLow\uTorrent
2017-03-24 17:25 - 2013-09-23 06:32 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2017-03-24 10:58 - 2016-02-22 20:45 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1456191940
2017-03-24 10:58 - 2016-02-22 20:45 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-24 10:05 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-24 03:51 - 2013-02-05 22:39 - 00000000 ____D C:\Users\Sokol
2017-03-24 03:47 - 2013-05-29 15:20 - 00000000 ____D C:\Windows\Minidump
2017-03-24 03:47 - 2013-02-06 00:28 - 00301819 ____N C:\Windows\Minidump\032417-19936-01.dmp
2017-03-24 02:35 - 2014-06-23 03:08 - 00000000 ____D C:\Users\Sokol\AppData\Local\Adobe
2017-03-24 02:28 - 2016-10-07 22:37 - 02527376 _____ (Trend Micro Inc.) C:\Users\Sokol\Documents\HousecallLauncher64.exe
2017-03-23 20:18 - 2009-07-14 02:46 - 00000000 ____D C:\Windows\ShellNew
2017-03-23 20:16 - 2013-09-23 06:45 - 00001180 _____ C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2017-03-23 20:15 - 2017-01-12 16:18 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-03-23 20:15 - 2017-01-12 16:18 - 00002041 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-03-23 20:15 - 2017-01-09 12:07 - 00002499 _____ C:\Users\Public\Desktop\Smart View.lnk
2017-03-23 20:15 - 2016-12-15 09:00 - 00001309 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2017-03-23 20:15 - 2016-12-15 08:59 - 00001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2017-03-23 20:15 - 2016-12-15 08:54 - 00002161 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2017-03-23 20:15 - 2016-11-07 08:45 - 00002020 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2017-03-23 20:15 - 2016-09-24 12:23 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-23 20:15 - 2016-02-22 20:45 - 00002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-23 20:15 - 2014-09-16 22:31 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2017-03-23 20:15 - 2014-08-09 17:37 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk
2017-03-23 20:15 - 2014-03-07 15:23 - 00001865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-03-23 20:15 - 2013-09-12 16:00 - 00002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
2017-03-23 20:15 - 2013-06-08 01:46 - 00001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-03-23 20:15 - 2013-06-07 22:34 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-23 20:15 - 2013-05-14 09:54 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Stumbler.lnk
2017-03-23 20:15 - 2013-05-10 09:08 - 00002521 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTether.lnk
2017-03-23 20:15 - 2013-04-23 15:40 - 00002565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearView1.lnk
2017-03-23 20:15 - 2013-04-23 15:40 - 00002565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearView.lnk
2017-03-23 20:15 - 2013-03-09 17:09 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2017-03-23 20:15 - 2013-03-01 11:34 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2017-03-23 20:15 - 2013-03-01 11:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2017-03-23 20:15 - 2013-03-01 11:32 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2017-03-23 20:15 - 2013-03-01 11:30 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2017-03-23 20:15 - 2013-02-16 04:21 - 00001887 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2017-03-23 20:15 - 2013-02-16 04:04 - 00002062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
2017-03-23 20:15 - 2013-02-14 22:14 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-23 20:15 - 2013-02-11 02:06 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
2017-03-23 20:15 - 2013-02-06 01:07 - 00001950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
2017-03-23 20:15 - 2013-02-06 00:29 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-03-23 20:15 - 2013-02-06 00:29 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-03-23 20:15 - 2009-07-13 23:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-03-23 20:15 - 2009-07-13 23:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2017-03-23 20:15 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2017-03-23 20:15 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2017-03-23 20:14 - 2016-12-15 09:00 - 00001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2017-03-23 20:14 - 2013-07-22 20:50 - 00001209 _____ C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2017-03-23 20:14 - 2013-07-22 14:53 - 00000831 _____ C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-03-23 20:14 - 2013-02-05 22:39 - 00001413 _____ C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-23 20:14 - 2009-07-14 00:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2017-03-23 20:14 - 2009-07-13 23:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2017-03-23 20:07 - 2015-06-26 17:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-23 19:55 - 2009-07-13 23:45 - 04906368 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-23 19:53 - 2013-02-05 23:37 - 00065408 _____ C:\Users\Sokol\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-23 19:38 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-03-23 16:33 - 2013-02-10 06:07 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\vlc
2017-03-23 13:19 - 2016-09-28 03:52 - 00000000 ____D C:\Users\Sokol\AppData\Local\CrashDumps
2017-03-23 09:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-23 04:40 - 2013-05-10 09:08 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-23 04:15 - 2016-07-14 23:46 - 00000000 ____D C:\Users\Sokol\Documents\traxxas
2017-03-22 12:52 - 2017-01-29 15:47 - 00000000 ____D C:\Users\Sokol\Documents\Innova 3030e
2017-03-22 09:55 - 2016-10-14 17:36 - 00000400 __RSH C:\ProgramData\ntuser.pol
2017-03-21 16:33 - 2013-03-18 13:43 - 04966912 ___SH C:\Users\Sokol\Documents\Thumbs.db
2017-03-21 14:22 - 2017-02-17 16:04 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSokol
2017-03-21 14:22 - 2017-02-17 16:04 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForSokol.job
2017-03-21 00:02 - 2017-02-11 15:24 - 00000000 ____D C:\Users\Sokol\Documents\Taning
2017-03-20 23:11 - 2013-02-11 02:06 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2017-03-19 03:21 - 2016-11-17 16:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-19 03:21 - 2013-02-05 23:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-17 14:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-03-17 13:44 - 2013-06-18 04:41 - 00007244 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-03-17 13:44 - 2009-07-14 00:13 - 00007446 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-17 12:06 - 2013-07-28 11:27 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-03-17 11:56 - 2013-11-01 13:49 - 00001287 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-17 09:48 - 2013-09-27 15:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2017-03-17 09:48 - 2013-06-07 22:34 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-15 14:04 - 2013-06-08 01:46 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\Audacity
2017-03-15 00:11 - 2013-02-06 01:06 - 00000000 ____D C:\Users\Sokol\AppData\Local\ABBYY
2017-03-14 19:52 - 2013-02-06 01:06 - 00000000 ____D C:\ProgramData\ABBYY
2017-03-14 13:26 - 2013-07-01 20:35 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 13:26 - 2013-05-08 07:19 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 13:26 - 2013-05-08 07:19 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 13:26 - 2013-02-05 23:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-14 13:26 - 2013-02-05 23:46 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-06 22:34 - 2016-12-20 21:20 - 30485900 _____ C:\Users\Sokol\Documents\DA68-02952A-08.pdf
2017-03-05 19:02 - 2013-02-06 01:11 - 00000000 ____D C:\Users\Sokol\AppData\Local\ElevatedDiagnostics
2017-03-05 19:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-03-05 18:37 - 2017-01-24 21:14 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-05 07:10 - 2016-12-30 17:38 - 00000000 ____D C:\Users\Sokol\Documents\Nordictrack T5.3
2017-03-05 07:10 - 2015-04-11 16:54 - 00000000 ____D C:\Users\Sokol\Documents\TurboTax
2017-03-05 07:09 - 2017-02-07 19:46 - 00000000 ____D C:\Users\Sokol\Documents\Chase
2017-03-05 02:36 - 2016-09-03 16:04 - 00000000 ___HD C:\Users\Sokol\Documents\VSO Downloader
2017-03-05 01:13 - 2009-07-14 00:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-28 11:32 - 2017-01-02 21:50 - 00000000 ____D C:\Users\Sokol\Documents\Kawasaki Ninja ZX10R
2017-02-25 14:46 - 2016-08-17 09:10 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\Nightowl
2017-02-23 12:52 - 2015-04-11 16:53 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\Intuit
2017-02-22 20:27 - 2013-03-14 00:52 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\Media Player Classic

==================== Files in the root of some directories =======

2013-02-06 00:02 - 2013-02-06 00:02 - 14794312 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-02-09 19:10 - 2016-10-30 06:25 - 0007859 _____ () C:\Users\Sokol\AppData\Roaming\pcouffin.cat
2013-02-09 19:10 - 2016-10-30 06:25 - 0001167 _____ () C:\Users\Sokol\AppData\Roaming\pcouffin.inf
2013-02-09 19:10 - 2016-10-30 06:25 - 0000034 _____ () C:\Users\Sokol\AppData\Roaming\pcouffin.log
2013-02-09 19:10 - 2016-10-30 06:25 - 0082816 _____ (VSO Software) C:\Users\Sokol\AppData\Roaming\pcouffin.sys
2013-03-18 22:15 - 2013-03-25 01:26 - 0000154 _____ () C:\Users\Sokol\AppData\Roaming\Rim.Desktop.Exception.log
2013-03-18 22:13 - 2013-03-18 22:13 - 0001153 _____ () C:\Users\Sokol\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-03-18 22:15 - 2013-03-25 01:26 - 0000154 _____ () C:\Users\Sokol\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-07-20 19:10 - 2014-07-20 19:10 - 0000037 ___SH () C:\Users\Sokol\AppData\Local\42747051538627b9063d49.45359236
2013-05-14 10:00 - 2013-05-14 10:00 - 0000037 ___SH () C:\Users\Sokol\AppData\Local\70149b02515b3bb20dd492.47983420
2016-12-15 19:50 - 2016-12-15 19:51 - 308516124 _____ () C:\Users\Sokol\AppData\Local\ACCCx3_9_1_335.zip
2016-10-08 01:21 - 2016-10-08 01:21 - 1548756 _____ () C:\Users\Sokol\AppData\Local\ars.cache
2013-02-06 01:39 - 2013-02-06 01:39 - 0000000 _____ () C:\Users\Sokol\AppData\Local\AtStart.txt
2016-10-08 01:22 - 2016-10-08 01:22 - 1259769 _____ () C:\Users\Sokol\AppData\Local\census.cache
2013-02-06 01:39 - 2013-02-06 01:39 - 0000000 _____ () C:\Users\Sokol\AppData\Local\DSwitch.txt
2016-10-07 22:37 - 2016-10-07 22:37 - 0000036 _____ () C:\Users\Sokol\AppData\Local\housecall.guid.cache
2013-02-06 01:39 - 2013-02-06 01:39 - 0000000 _____ () C:\Users\Sokol\AppData\Local\QSwitch.txt
2013-03-30 18:34 - 2016-10-26 00:30 - 0007635 _____ () C:\Users\Sokol\AppData\Local\Resmon.ResmonCfg
2016-10-07 22:50 - 2016-10-08 01:08 - 0000010 _____ () C:\Users\Sokol\AppData\Local\sponge.last.runtime.cache
2013-07-03 16:20 - 2013-07-03 16:20 - 0038227 _____ () C:\Users\Sokol\AppData\Local\tmp21232_10200550773266265_489192168_N.0
2013-07-03 16:20 - 2013-07-03 16:20 - 0039857 _____ () C:\Users\Sokol\AppData\Local\tmp21232_10200550773266265_489192168_N.JPG
2013-11-25 21:03 - 2013-11-25 21:03 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-02-08 00:48 - 2016-10-12 13:00 - 0000192 _____ () C:\ProgramData\HPWALog.txt
2016-12-15 08:48 - 2016-12-15 09:15 - 0000857 _____ () C:\ProgramData\hpzinstall.log
2015-04-11 16:52 - 2017-01-31 20:39 - 0000774 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
2013-11-01 14:16 - 2013-11-01 14:16 - 0947200 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) C:\Users\Guest\AppData\Local\Temp\htmlayout.dll
2017-03-23 19:39 - 2017-03-23 19:39 - 0387012 _____ (                                                            ) C:\Users\Sokol\AppData\Local\Temp\global_installer.exe
2017-03-23 20:04 - 2017-03-23 20:04 - 0308224 _____ () C:\Users\Sokol\AppData\Local\Temp\I7TG700SFLCD.exe
2017-01-11 03:53 - 2017-01-11 03:53 - 0762992 _____ () C:\Users\Sokol\AppData\Local\Temp\InstallHelper.exe
2016-11-06 03:21 - 2016-11-06 03:21 - 0109568 _____ () C:\Users\Sokol\AppData\Local\Temp\nsz6F08.exe
2017-03-23 19:51 - 2017-03-23 19:51 - 0425674 _____ (WeMonetize                                                  ) C:\Users\Sokol\AppData\Local\Temp\SWDPK7U.exe

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\SurfShield.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION

LastRegBack: 2017-03-24 04:09

==================== End of FRST.txt ============================


Edited by hamluis, 24 March 2017 - 06:57 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:59 AM

Posted 24 March 2017 - 08:49 PM

Welcome. :)

Download the attached file [attachment=191954:Fixlist.txt] and save it in the same directory FRST64 is saved.

 

  • Boot in Safe Mode
  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 foreigner00

foreigner00
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 25 March 2017 - 08:46 AM

I can give you the Fixlog.txt but I'm unable to run Junkware Removal cause as soon as I try I get the same error "the requested resource is in use".

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Sokol (25-03-2017 08:17:48) Run:1
Running from C:\Users\Sokol\Desktop\New folder (7)
Loaded Profiles: Sokol (Available Profiles: Sokol & Vera & Guest)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
GroupPolicy: Restriction <======= ATTENTION
R2 TorchCrashHandler; C:\Users\Sokol\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217344 2016-08-11] (TorchMedia Inc.) <==== ATTENTION
R2 windowsmanagementservice; C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe [851456 2017-03-23] () [File not signed] <==== ATTENTION <==== ATTENTION
S2 Dataup; C:\PROGRA~2\dataup\dataup.exe [X] <==== ATTENTION
R0 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [80968 2017-03-23] () [File not signed] <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShortcutTarget: Oxy.lnk -> C:\Users\Sokol\AppData\Local\Oxy\Application\bin\start.cmd (No File)
Toolbar: HKU\S-1-5-21-399097656-3941740853-1436833426-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-399097656-3941740853-1436833426-1000: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [No File]
C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe
R2 windowsmanagementservice; C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe [851456 2017-03-23] () [File not signed] <==== ATTENTION <==== ATTENTION
2013-11-01 14:16 - 2013-11-01 14:16 - 0947200 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) C:\Users\Guest\AppData\Local\Temp\htmlayout.dll
2017-03-23 19:39 - 2017-03-23 19:39 - 0387012 _____ (                                                            ) C:\Users\Sokol\AppData\Local\Temp\global_installer.exe
2017-03-23 20:04 - 2017-03-23 20:04 - 0308224 _____ () C:\Users\Sokol\AppData\Local\Temp\I7TG700SFLCD.exe
2017-01-11 03:53 - 2017-01-11 03:53 - 0762992 _____ () C:\Users\Sokol\AppData\Local\Temp\InstallHelper.exe
2016-11-06 03:21 - 2016-11-06 03:21 - 0109568 _____ () C:\Users\Sokol\AppData\Local\Temp\nsz6F08.exe
2017-03-23 19:51 - 2017-03-23 19:51 - 0425674 _____ (WeMonetize                                                  ) C:\Users\Sokol\AppData\Local\Temp\SWDPK7U.exe
2017-03-23 19:52 - 2017-03-23 19:52 - 00000000 ____D C:\Windows\system32\sstmp
2013-07-03 16:20 - 2013-07-03 16:20 - 0038227 _____ () C:\Users\Sokol\AppData\Local\tmp21232_10200550773266265_489192168_N.0
2013-07-03 16:20 - 2013-07-03 16:20 - 0039857 _____ () C:\Users\Sokol\AppData\Local\tmp21232_10200550773266265_489192168_N.JPG
C:\PROGRA~2\dataup
C:\Program Files (x86)\cpx
C:\Windows\SysWOW64\SurfShield.exe
2013-11-01 14:16 - 2013-11-01 14:16 - 0947200 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) C:\Users\Guest\AppData\Local\Temp\htmlayout.dll
2017-03-23 19:39 - 2017-03-23 19:39 - 0387012 _____ (                                                            ) C:\Users\Sokol\AppData\Local\Temp\global_installer.exe
2017-03-23 20:04 - 2017-03-23 20:04 - 0308224 _____ () C:\Users\Sokol\AppData\Local\Temp\I7TG700SFLCD.exe
2017-01-11 03:53 - 2017-01-11 03:53 - 0762992 _____ () C:\Users\Sokol\AppData\Local\Temp\InstallHelper.exe
2016-11-06 03:21 - 2016-11-06 03:21 - 0109568 _____ () C:\Users\Sokol\AppData\Local\Temp\nsz6F08.exe
2017-03-23 19:51 - 2017-03-23 19:51 - 0425674 _____ (WeMonetize                                                  ) C:\Users\Sokol\AppData\Local\Temp\SWDPK7U.exe
2014-07-20 19:10 - 2014-07-20 19:10 - 0000037 ___SH () C:\Users\Sokol\AppData\Local\42747051538627b9063d49.45359236
2013-05-14 10:00 - 2013-05-14 10:00 - 0000037 ___SH () C:\Users\Sokol\AppData\Local\70149b02515b3bb20dd492.47983420
2016-12-15 19:50 - 2016-12-15 19:51 - 308516124 _____ () C:\Users\Sokol\AppData\Local\ACCCx3_9_1_335.zip
2016-10-08 01:21 - 2016-10-08 01:21 - 1548756 _____ () C:\Users\Sokol\AppData\Local\ars.cache
2013-02-06 01:39 - 2013-02-06 01:39 - 0000000 _____ () C:\Users\Sokol\AppData\Local\AtStart.txt
2016-10-08 01:22 - 2016-10-08 01:22 - 1259769 _____ () C:\Users\Sokol\AppData\Local\census.cache
2013-02-06 01:39 - 2013-02-06 01:39 - 0000000 _____ () C:\Users\Sokol\AppData\Local\DSwitch.txt
2016-10-07 22:37 - 2016-10-07 22:37 - 0000036 _____ () C:\Users\Sokol\AppData\Local\housecall.guid.cache
2013-02-06 01:39 - 2013-02-06 01:39 - 0000000 _____ () C:\Users\Sokol\AppData\Local\QSwitch.txt
2013-03-30 18:34 - 2016-10-26 00:30 - 0007635 _____ () C:\Users\Sokol\AppData\Local\Resmon.ResmonCfg
2016-10-07 22:50 - 2016-10-08 01:08 - 0000010 _____ () C:\Users\Sokol\AppData\Local\sponge.last.runtime.cache
2013-07-03 16:20 - 2013-07-03 16:20 - 0038227 _____ () C:\Users\Sokol\AppData\Local\tmp21232_10200550773266265_489192168_N.0
2013-07-03 16:20 - 2013-07-03 16:20 - 0039857 _____ () C:\Users\Sokol\AppData\Local\tmp21232_10200550773266265_489192168_N.JPG
2013-11-25 21:03 - 2013-11-25 21:03 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-02-08 00:48 - 2016-10-12 13:00 - 0000192 _____ () C:\ProgramData\HPWALog.txt
2016-12-15 08:48 - 2016-12-15 09:15 - 0000857 _____ () C:\ProgramData\hpzinstall.log
2015-04-11 16:52 - 2017-01-31 20:39 - 0000774 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.3.38103.0.sys [X]
S3 JMCR; system32\DRIVERS\jmcr.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
C:\Windows\System32\drivers\drmkpro64.sys
C:\Users\Sokol\AppData\Local\Temp\20170323
HKLM-x32\...\Run: [svcvmx] => "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup
C:\Program Files (x86)\svcvmx
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value could not remove.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\TorchCrashHandler => key removed successfully
TorchCrashHandler => service removed successfully
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
drmkpro64 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\drmkpro64 => key could not remove, key could be protected
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Users\Sokol\AppData\Local\Oxy\Application\bin\start.cmd => not found.
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@EDVR/WebClient => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\samsung.com/SamsungLinkPCPlugin => key removed successfully
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin => key removed successfully
C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll => not found.
Could not move "C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe" => Scheduled to move on reboot.
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
C:\Users\Guest\AppData\Local\Temp\htmlayout.dll => moved successfully
C:\Users\Sokol\AppData\Local\Temp\global_installer.exe => moved successfully
C:\Users\Sokol\AppData\Local\Temp\I7TG700SFLCD.exe => moved successfully
C:\Users\Sokol\AppData\Local\Temp\InstallHelper.exe => moved successfully
C:\Users\Sokol\AppData\Local\Temp\nsz6F08.exe => moved successfully
C:\Users\Sokol\AppData\Local\Temp\SWDPK7U.exe => moved successfully
C:\Windows\system32\sstmp => moved successfully
C:\Users\Sokol\AppData\Local\tmp21232_10200550773266265_489192168_N.0 => moved successfully
C:\Users\Sokol\AppData\Local\tmp21232_10200550773266265_489192168_N.JPG => moved successfully
C:\PROGRA~2\dataup => moved successfully
"C:\Program Files (x86)\cpx" => not found.
C:\Windows\SysWOW64\SurfShield.exe => moved successfully
"C:\Users\Guest\AppData\Local\Temp\htmlayout.dll" => not found.
"C:\Users\Sokol\AppData\Local\Temp\global_installer.exe" => not found.
"C:\Users\Sokol\AppData\Local\Temp\I7TG700SFLCD.exe" => not found.
"C:\Users\Sokol\AppData\Local\Temp\InstallHelper.exe" => not found.
"C:\Users\Sokol\AppData\Local\Temp\nsz6F08.exe" => not found.
"C:\Users\Sokol\AppData\Local\Temp\SWDPK7U.exe" => not found.
C:\Users\Sokol\AppData\Local\42747051538627b9063d49.45359236 => moved successfully
C:\Users\Sokol\AppData\Local\70149b02515b3bb20dd492.47983420 => moved successfully
C:\Users\Sokol\AppData\Local\ACCCx3_9_1_335.zip => moved successfully
C:\Users\Sokol\AppData\Local\ars.cache => moved successfully
C:\Users\Sokol\AppData\Local\AtStart.txt => moved successfully
C:\Users\Sokol\AppData\Local\census.cache => moved successfully
C:\Users\Sokol\AppData\Local\DSwitch.txt => moved successfully
C:\Users\Sokol\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Sokol\AppData\Local\QSwitch.txt => moved successfully
C:\Users\Sokol\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Sokol\AppData\Local\sponge.last.runtime.cache => moved successfully
"C:\Users\Sokol\AppData\Local\tmp21232_10200550773266265_489192168_N.0" => not found.
"C:\Users\Sokol\AppData\Local\tmp21232_10200550773266265_489192168_N.JPG" => not found.
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\HPWALog.txt => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc => moved successfully
HKLM\System\CurrentControlSet\Services\dgderdrv => key removed successfully
dgderdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\DisplayLinkUsbPort => key removed successfully
DisplayLinkUsbPort => service removed successfully
HKLM\System\CurrentControlSet\Services\JMCR => key removed successfully
JMCR => service removed successfully
HKLM\System\CurrentControlSet\Services\Synth3dVsc => key removed successfully
Synth3dVsc => service removed successfully
HKLM\System\CurrentControlSet\Services\tsusbhub => key removed successfully
tsusbhub => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
HKLM\System\CurrentControlSet\Services\VMnetAdapter => key removed successfully
VMnetAdapter => service removed successfully
Could not move "C:\Windows\System32\drivers\drmkpro64.sys" => Scheduled to move on reboot.

"C:\Users\Sokol\AppData\Local\Temp\20170323" folder move:

Could not move "C:\Users\Sokol\AppData\Local\Temp\20170323" => Scheduled to move on reboot.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value could not remove.
"C:\Program Files (x86)\svcvmx" => not found.

========= netsh advfirewall reset =========


An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

There's no user specified settings to be reset.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.



========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 50126692 B
Java, Flash, Steam htmlcache => 9072 B
Windows/system/drivers => 101253769 B
Edge => 0 B
Chrome => 17797299 B
Firefox => 1115629862 B
Opera => 9902816 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 66363 B
LocalService => 132244 B
NetworkService => 67616 B
Sokol => 192216402 B
UpdatusUser => 0 B
Vera => 1146566 B
Guest => 2612973 B
Classic .NET AppPool => 0 B
DefaultAppPool => 0 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Safe Mode (minimal)) (Date&Time: 25-03-2017 08:20:34)

"C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe" => Could not move
"C:\Windows\System32\drivers\drmkpro64.sys" => Could not move
"C:\Users\Sokol\AppData\Local\Temp\20170323" => Could not move

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Dataup => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\drmkpro64 => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key could not remove, key could be protected

==== End of Fixlog 08:20:36 ====



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:59 AM

Posted 25 March 2017 - 09:52 AM

Download the attached file [attachment=191983:Fixlist.txt] and save it in the same directory FRST64 is saved.

  • Boot in Safe Mode
  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
  • Restart the computer.

Please copy and paste the contents of the Fixlog.txt in your next reply.

Also, open FRST64 in Normal Mode. Make sure there is a check mark under the addition.txt, then click on Scan. It shall produce two logs. Frst.txt and Addition.txt. Please post their content in your next reply.


Edited by JSntgRvr, 25 March 2017 - 10:09 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 foreigner00

foreigner00
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 25 March 2017 - 10:50 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Sokol (25-03-2017 10:37:09) Run:2
Running from C:\Users\Sokol\Desktop\New folder (7)
Loaded Profiles: Sokol (Available Profiles: Sokol & Vera & Guest)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
DeleteValue: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run|svcvmx
DeleteValue: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run|cpx
Unlock: HKLM\System\CurrentControlSet\Services\Dataup
Unlock: HKLM\System\CurrentControlSet\Services\drmkpro64
Unlock: HKLM\System\CurrentControlSet\Services\windowsmanagementservice
Unlock: C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe
Unlock: C:\Windows\System32\drivers\drmkpro64.sys
Unlock: C:\Users\Sokol\AppData\Local\Temp\20170323
Reg: Reg delete HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run /v svcvmx /f
Reg: Reg delete HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run /v cpx /f
Reg: Reg delete HKLM\System\CurrentControlSet\Services\Dataup /f
Reg: Reg delete HKLM\System\CurrentControlSet\Services\drmkpro64 /f
Reg: Reg delete HKLM\System\CurrentControlSet\Services\windowsmanagementservice /f
C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe
C:\Windows\System32\drivers\drmkpro64.sys
C:\Users\Sokol\AppData\Local\Temp\20170323

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value could not remove.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value could not remove.
"HKLM\System\CurrentControlSet\Services\Dataup" => key was unlocked
"HKLM\System\CurrentControlSet\Services\drmkpro64" => key was unlocked
"HKLM\System\CurrentControlSet\Services\windowsmanagementservice" => key was unlocked
"C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe" => could not be unlocked
"C:\Windows\System32\drivers\drmkpro64.sys" => could not be unlocked
"C:\Users\Sokol\AppData\Local\Temp\20170323" => was unlocked

========= Reg delete HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run /v svcvmx /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= Reg delete HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run /v cpx /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= Reg delete HKLM\System\CurrentControlSet\Services\Dataup /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= Reg delete HKLM\System\CurrentControlSet\Services\drmkpro64 /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= Reg delete HKLM\System\CurrentControlSet\Services\windowsmanagementservice /f =========

ERROR: Access is denied.



========= End of Reg: =========

Could not move "C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\drivers\drmkpro64.sys" => Scheduled to move on reboot.

"C:\Users\Sokol\AppData\Local\Temp\20170323" folder move:

Could not move "C:\Users\Sokol\AppData\Local\Temp\20170323" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Safe Mode (minimal)) (Date&Time: 25-03-2017 10:39:12)

"C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe" => Could not move
"C:\Windows\System32\drivers\drmkpro64.sys" => Could not move
"C:\Users\Sokol\AppData\Local\Temp\20170323" => Could not move

==== End of Fixlog 10:39:14 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Sokol (administrator) on SOKOL-PC (25-03-2017 10:44:36)
Running from C:\Users\Sokol\Desktop\New folder (7)
Loaded Profiles: Sokol (Available Profiles: Sokol & Vera & Guest & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files (x86)\Canon\Easy-WebPrint EX\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Samsung Electronics Co.,Ltd) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() C:\Windows\System32\tprdpw32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Run: [Google Update] => C:\Users\Sokol\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Run: [uTorrent] => C:\Users\Sokol\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-10] (BitTorrent Inc.)
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Run: [R2LJKL4ZXB] => "C:\Program Files (x86)\BeCleaner\9UWTB.exe"
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\MountPoints2: H - H:\wubi.exe
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\MountPoints2: {3411ca2a-273b-11e3-95f1-001eec836f38} - F:\setup.exe -a
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\MountPoints2: {e8207fe9-1612-11e3-9cac-001eec836f38} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\MountPoints2: {f0da0fe2-251c-11e3-921a-001eec836f38} - F:\KODAK_Software_Downloader.exe
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-03-23]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-03-23]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oxy.lnk [2013-11-01]
ShortcutTarget: Oxy.lnk -> C:\Users\Sokol\AppData\Local\Oxy\Application\bin\start.cmd (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{3F7869CC-E292-4B3C-A2EC-FD7BC6712955}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{428335A4-DE64-46CA-A08A-D6FFEAFE38DE}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{428335A4-DE64-46CA-A08A-D6FFEAFE38DE}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{B587A128-4A0C-4554-8788-465B455D308B}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{DABE7253-53A3-4E78-97E4-AEB7AEB7F05E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{EA1D8264-B4C1-403F-A21C-BAAD0351AA98}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-399097656-3941740853-1436833426-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-399097656-3941740853-1436833426-1000 -> {E66A38A2-2390-4967-B7F2-77F7E05E0835} URL = hxxp://www.bing.com/search?FORM=SL5IDF&PC=SL5I&q={searchTerms}&src=IE-SearchBox
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-02-06] ()
BHO: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll [2012-02-08] (Logitech, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-02-06] ()
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll [2012-02-08] (Logitech, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-02-06] ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-02-06] ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab

FireFox:
========
FF ProfilePath: C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704 [2017-03-25]
FF NewTab: Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704 -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704 -> www.yahoo.com
FF NetworkProxy: Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704 -> type", 0
FF Extension: (Simple YouTube to MP3/MP4 Converter and Downloader) - C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack.xpi [2017-02-15]
FF Extension: (LastPass) - C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704\Extensions\support@lastpass.com [2017-03-22]
FF Extension: (TinEye Reverse Image Search) - C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704\Extensions\tineye@ideeinc.com.xpi [2017-03-22]
FF Extension: (Session Manager) - C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31]
FF Extension: (Google Reverse Image Search) - C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2017-03-13]
FF Extension: (Video DownloadHelper) - C:\Users\Sokol\AppData\Roaming\Mozilla\Firefox\Profiles\uan27k4y.default-1474737851704\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-03-19]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-11-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-12-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: (Logitech Flow Scroll) - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2016-10-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-12-15] [not signed]
FF HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: TorchVLC -> C:\Users\Sokol\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin HKU\S-1-5-21-399097656-3941740853-1436833426-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sokol\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-399097656-3941740853-1436833426-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sokol\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-07-12] (Nullsoft, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com\/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp:\/\/www.yahoo.com\/"
CHR NewTab: Default ->  Not-active:"chrome-extension://fnhfdmnphmbbjbgppnpcddkefmeokfho/main.html"
CHR DefaultSearchURL: Default -> hxxp:\/\/www.bing.com\/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default [2017-03-25]
CHR Extension: (Google Slides) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-17]
CHR Extension: (Google Docs) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-17]
CHR Extension: (Google Drive) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-17]
CHR Extension: (YouTube) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-17]
CHR Extension: (Google Sheets) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-17]
CHR Extension: (Logitech Flow Scroll) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi [2016-10-04]
CHR Extension: (Google Docs Offline) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (Gmail) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-17]
CHR Extension: (Chrome Media Router) - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-25]
CHR HKU\S-1-5-21-399097656-3941740853-1436833426-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2016-10-01]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-04-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43624 2012-08-14] (ArcSoft, Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [623848 2016-03-09] (Samsung Electronics Co.,Ltd)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2016-08-26] (SHAREit Technologies Co.Ltd)
R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [262360 2009-01-08] (Data Perceptions / PowerProgrammer)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe [851456 2017-03-23] () [File not signed] <==== ATTENTION <==== ATTENTION
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare) [File not signed]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [103736 2015-09-22] (Wondershare)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.) [File not signed]
S2 Dataup; C:\PROGRA~2\dataup\dataup.exe [X] <==== ATTENTION
R2 MySQL; "C:\Program Files (x86)\Canon\Easy-WebPrint EX\bin\mysqld" MySQL [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 ASPI32; no ImagePath
R3 AVerBDA6x_x64; C:\Windows\System32\DRIVERS\AVerBDA716x_x64.sys [1354880 2009-06-05] (AVerMedia TECHNOLOGIES, Inc.)
R3 clwvd6; C:\Windows\System32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [80968 2017-03-23] () [File not signed] <==== ATTENTION
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20784 2012-10-28] (Mobile Stream)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-17] (Riverbed Technology, Inc.)
S2 NSHE; C:\Windows\SysWOW64\Drivers\NSHE.SYS [97792 2008-11-23] (T0r0 2008) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-24] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-24] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-25 08:26 - 2017-03-25 08:26 - 00000159 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-03-25 08:09 - 2017-03-25 08:09 - 04031440 _____ C:\Users\Sokol\Desktop\adwcleaner_6.044.exe
2017-03-25 08:08 - 2017-03-25 08:08 - 01663904 _____ (Malwarebytes) C:\Users\Sokol\Desktop\jrt.exe
2017-03-25 08:06 - 2017-03-25 10:44 - 00000000 ____D C:\Users\Sokol\Desktop\New folder (7)
2017-03-25 08:02 - 2017-03-25 08:02 - 00000466 _____ C:\Users\Sokol\Desktop\New Text Document (9).txt
2017-03-25 04:37 - 2017-03-25 10:41 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-03-24 18:19 - 2017-03-25 10:44 - 00000000 ____D C:\FRST
2017-03-24 02:53 - 2017-03-25 10:44 - 00063352 _____ C:\Windows\ZAM.krnl.trace
2017-03-24 02:53 - 2017-03-25 10:44 - 00021816 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-24 02:53 - 2017-03-24 02:53 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-03-24 02:53 - 2017-03-24 02:53 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-03-24 02:53 - 2017-03-24 02:53 - 00001148 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-24 02:53 - 2017-03-24 02:53 - 00000000 ____D C:\Users\Sokol\AppData\Local\Zemana
2017-03-24 02:53 - 2017-03-24 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-24 02:53 - 2017-03-24 02:53 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-24 02:51 - 2017-03-24 17:34 - 00002032 _____ C:\Users\Sokol\Desktop\Rkill.txt
2017-03-24 02:51 - 2017-03-24 02:51 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Sokol\Desktop\iExplore.exe
2017-03-24 02:46 - 2017-03-24 02:46 - 09741664 _____ (SurfRight B.V.) C:\Users\Sokol\Desktop\HitmanPro_x64.exe
2017-03-24 02:45 - 2017-03-24 02:45 - 04031440 _____ C:\Users\Sokol\Desktop\fIRefox.exe
2017-03-24 02:44 - 2017-03-24 02:44 - 05740956 _____ (Zemana Ltd. ) C:\Users\Sokol\Desktop\eXplorer.exe
2017-03-24 02:43 - 2017-03-24 02:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Sokol\Desktop\rkill.exe
2017-03-24 02:33 - 2017-03-24 02:33 - 00604928 _____ (Reimage) C:\Users\Sokol\Documents\ReimageRepair.exe
2017-03-23 20:18 - 2017-03-23 20:35 - 412400124 _____ C:\avenger.txt
2017-03-23 20:18 - 2017-03-23 20:18 - 00000000 ____D C:\Avenger
2017-03-23 19:57 - 2017-03-23 19:57 - 00000037 _____ C:\Windows\wininit.ini
2017-03-23 19:55 - 2017-03-25 10:39 - 02058072 _____ C:\Windows\ntbtlog.txt
2017-03-23 19:53 - 2017-03-23 19:54 - 00000000 ____D C:\Program Files\54a3ce50cf64b2e59a8bcf85cf02a663
2017-03-23 19:52 - 2017-03-23 19:52 - 00625272 _____ C:\Windows\system32\NetUtils2016.dll
2017-03-23 19:52 - 2017-03-23 19:52 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-03-23 19:52 - 2017-03-23 19:52 - 00000000 ____D C:\Users\Public\Documents\Guid
2017-03-23 19:51 - 2017-03-23 19:57 - 00000000 ____D C:\Program Files (x86)\f10efd1c-0221-421d-94aa-b4db9bf3520a1490316713
2017-03-23 19:51 - 2017-03-23 19:51 - 00000000 _____ C:\TOSTACK
2017-03-23 19:50 - 2017-03-23 20:06 - 00000000 ____D C:\Program Files (x86)\s5
2017-03-23 19:50 - 2017-03-23 19:50 - 00831488 ____N C:\Windows\system32\tprdpw32.exe
2017-03-23 19:50 - 2017-03-23 19:50 - 00080968 ____N C:\Windows\system32\Drivers\drmkpro64.sys
2017-03-23 19:46 - 2017-03-23 19:46 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2017-03-23 19:39 - 2017-03-23 19:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Toolkit Final
2017-03-23 05:07 - 2017-03-23 05:07 - 00000000 ____D C:\63059e1e72c83711d6ac47f0
2017-03-23 04:38 - 2017-03-23 04:39 - 15261400 _____ (Microsoft Corporation) C:\Users\Sokol\Documents\vc_redist.x64.exe
2017-03-23 04:20 - 2017-03-24 03:28 - 00000000 ____D C:\Program Files (x86)\CronusPRO
2017-03-23 04:20 - 2017-03-23 04:20 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-03-23 04:20 - 2017-03-23 04:20 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CronusPRO
2017-03-23 04:19 - 2017-03-23 04:20 - 00000000 ____D C:\Users\Sokol\Documents\CronusPro
2017-03-23 03:06 - 2017-03-23 03:06 - 4260369091 _____ C:\Windows\MEMORY.DMP
2017-03-23 03:06 - 2017-03-23 03:06 - 00849024 _____ C:\Windows\Minidump\032317-20186-01.dmp
2017-03-22 21:48 - 2017-03-22 21:48 - 00331183 _____ C:\Users\Sokol\Documents\Xbox-One-KInect-sensor-product-guide_US.pdf
2017-03-21 16:40 - 2017-03-21 16:40 - 00000322 _____ C:\Users\Sokol\Desktop\iExplorer.appref-ms
2017-03-21 16:40 - 2017-03-21 16:40 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macroplant LLC
2017-03-21 15:50 - 2017-03-21 15:50 - 00000000 ____D C:\Users\Sokol\Documents\AC
2017-03-21 07:17 - 2017-03-21 07:17 - 00002043 _____ C:\Users\Sokol\Desktop\New Text Document (8).txt
2017-03-21 07:16 - 2017-03-21 07:16 - 00006827 _____ C:\Users\Sokol\Desktop\New Text Document (6).txt
2017-03-21 07:16 - 2017-03-21 07:16 - 00001889 _____ C:\Users\Sokol\Desktop\New Text Document (7).txt
2017-03-21 06:49 - 2017-03-21 06:49 - 00000000 _____ C:\Users\Sokol\Documents\IExplorer screen capture.wmv
2017-03-21 06:34 - 2017-03-21 06:34 - 00596184 _____ () C:\Users\Sokol\Downloads\setup (1).exe
2017-03-21 06:34 - 2017-03-21 06:34 - 00013585 _____ C:\Users\Sokol\Downloads\iExplorer (3).application
2017-03-21 03:50 - 2017-03-23 20:16 - 00003043 _____ C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screen Recorder.lnk
2017-03-21 03:50 - 2017-03-23 20:14 - 00003037 _____ C:\Users\Sokol\Desktop\Screen Recorder.lnk
2017-03-21 03:50 - 2017-03-21 03:50 - 00000000 ____D C:\Program Files (x86)\ScreenRecorder
2017-03-21 03:48 - 2017-03-21 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2017-03-21 03:48 - 2017-03-21 03:48 - 00000000 ____D C:\Program Files\Windows Media Components
2017-03-21 03:47 - 2017-03-21 03:47 - 00000000 ____D C:\UtilityOnlineMarch09
2017-03-19 20:47 - 2017-03-19 23:34 - 00000000 ____D C:\Users\Sokol\dwhelper
2017-03-18 22:25 - 2017-03-18 22:25 - 00492101 _____ C:\Users\Sokol\Documents\IMG_20170318_0001.pdf
2017-03-18 22:24 - 2017-03-18 22:25 - 00000000 ___HD C:\ProgramData\CanonIJScan
2017-03-18 22:24 - 2017-03-18 22:24 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\Canon
2017-03-17 23:10 - 2017-03-17 23:11 - 00000000 ____D C:\Users\Sokol\Documents\HP DV9700
2017-03-17 17:08 - 2017-03-17 17:08 - 02894522 _____ C:\Windows\9d1bb1fd8bff39a52a4e0e91444a5341.exe
2017-03-17 15:41 - 2017-03-17 15:41 - 00013585 _____ C:\Users\Sokol\Downloads\iExplorer.application
2017-03-17 15:41 - 2017-03-17 15:41 - 00013585 _____ C:\Users\Sokol\Downloads\iExplorer (2).application
2017-03-17 15:41 - 2017-03-17 15:41 - 00013585 _____ C:\Users\Sokol\Downloads\iExplorer (1).application
2017-03-17 11:47 - 2017-03-21 16:40 - 00000000 ____D C:\Users\Sokol\AppData\Local\Deployment
2017-03-17 11:47 - 2017-03-17 11:47 - 00000000 ____D C:\Users\Sokol\AppData\Local\Apps\2.0
2017-03-17 10:54 - 2017-03-17 14:15 - 00000000 ____D C:\Program Files (x86)\iExplorer
2017-03-17 10:54 - 2017-03-17 10:54 - 00000000 ____D C:\Users\Sokol\AppData\LocalLow\Apple Computer
2017-03-17 10:49 - 2017-03-17 10:50 - 00038808 _____ C:\Users\Sokol\Documents\cc_20170317_104957.reg
2017-03-17 10:40 - 2017-03-17 10:40 - 00000000 ____D C:\Users\Sokol\AppData\Local\Macroplant_LLC
2017-03-17 10:18 - 2017-03-17 10:19 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\libimobiledevice
2017-03-17 09:57 - 2017-03-17 09:57 - 00119400 ____H C:\Windows\system32\mlfcache.dat
2017-03-17 09:49 - 2017-03-23 20:15 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-17 09:49 - 2017-03-17 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-17 09:48 - 2017-03-17 09:49 - 00000000 ____D C:\Program Files\iTunes
2017-03-17 09:48 - 2017-03-17 09:48 - 00000000 ____D C:\Program Files\iPod
2017-03-17 09:39 - 2017-03-17 11:21 - 00000000 ____D C:\Program Files (x86)\Tansee iPhone Transfer SMS
2017-03-17 09:38 - 2017-03-17 09:39 - 11678760 _____ (Tansee, Inc. ) C:\Users\Sokol\Documents\iDeviceMessageTransfer.exe
2017-03-16 18:05 - 2017-03-16 18:05 - 00949880 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Sokol\Documents\rufus-2.12.exe
2017-03-16 17:49 - 2017-03-16 17:50 - 00000000 ____D C:\Users\Sokol\Desktop\New folder (3)
2017-03-15 12:48 - 2017-03-15 12:48 - 00106485 _____ C:\Users\Sokol\Documents\Phone_Report_832-572-9177.pdf
2017-03-14 20:04 - 2017-03-14 20:04 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\ABBYY
2017-03-14 19:50 - 2017-03-14 19:50 - 00000000 ____D C:\temp
2017-03-14 09:52 - 2017-03-17 11:56 - 00002135 _____ C:\Users\Vera\Desktop\Google Chrome.lnk
2017-03-14 09:52 - 2017-03-17 11:56 - 00001287 _____ C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\Documents\HTC
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Roaming\LastPass
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Apple Computer
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Adobe
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\LocalLow\LastPass
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\VirtualStore
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\NVIDIA
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\HTC MediaHub
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\Hewlett-Packard
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\Google
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\Apple Computer
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\AppData\Local\Adobe
2017-03-14 09:52 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera\.android
2017-03-14 09:51 - 2017-03-14 09:52 - 00000000 ____D C:\Users\Vera
2017-03-14 09:51 - 2017-03-14 09:51 - 00000020 ___SH C:\Users\Vera\ntuser.ini
2017-03-14 09:51 - 2017-03-14 09:51 - 00000000 _SHDL C:\Users\Vera\My Documents
2017-03-14 09:51 - 2017-03-14 09:51 - 00000000 _SHDL C:\Users\Vera\Documents\My Videos
2017-03-14 09:51 - 2017-03-14 09:51 - 00000000 _SHDL C:\Users\Vera\Documents\My Pictures
2017-03-14 09:51 - 2017-03-14 09:51 - 00000000 _SHDL C:\Users\Vera\Documents\My Music
2017-03-14 09:51 - 2013-03-01 11:30 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Macromedia
2017-03-14 09:51 - 2013-02-12 11:33 - 00000000 ____D C:\Users\Vera\AppData\Roaming\TuneUp Software
2017-03-14 09:51 - 2009-07-14 02:45 - 00000000 ____D C:\Users\Vera\AppData\Roaming\Media Center Programs
2017-03-11 12:52 - 2017-03-11 12:53 - 01780419 _____ C:\Users\Sokol\Documents\130-u.pdf
2017-03-10 10:31 - 2017-03-10 10:31 - 02492774 _____ C:\Users\Sokol\Documents\cp200_user_guide.pdf
2017-03-10 10:31 - 2017-03-10 10:31 - 00100237 _____ C:\Users\Sokol\Documents\cp200_series_specifications.pdf
2017-03-09 20:12 - 2017-03-09 20:13 - 00130592 _____ C:\Users\Sokol\Documents\9fbfe9bf-d265-477b-9594-f96911eb1bfb.pdf
2017-03-08 10:54 - 2017-03-08 23:38 - 00000000 ____D C:\Users\Sokol\Documents\Shimano bike
2017-03-07 23:17 - 2017-03-22 14:25 - 00000000 ____D C:\Users\Sokol\Documents\2006 cbr1000tt
2017-02-25 14:46 - 2017-02-25 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightowl

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-25 10:44 - 2016-11-18 11:04 - 00000000 ____D C:\Users\Sokol\AppData\LocalLow\Mozilla
2017-03-25 10:44 - 2013-02-06 00:02 - 00000000 ____D C:\Users\Sokol\AppData\LocalLow\LastPass
2017-03-25 10:42 - 2015-09-04 19:11 - 00000000 ____D C:\Users\Sokol\AppData\LocalLow\uTorrent
2017-03-25 10:42 - 2013-02-06 05:09 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\uTorrent
2017-03-25 10:41 - 2016-09-20 15:14 - 00000000 ____D C:\Users\Sokol\AppData\Local\HTC MediaHub
2017-03-25 10:41 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-25 10:34 - 2009-07-13 23:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-25 10:34 - 2009-07-13 23:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-25 10:29 - 2013-02-05 22:39 - 00000000 ____D C:\Users\Sokol
2017-03-25 08:24 - 2016-10-14 17:36 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-03-25 08:18 - 2013-02-06 00:30 - 00000000 ___SD C:\Users\Sokol\AppData\LocalLow\Temp
2017-03-25 08:17 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-25 08:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-03-25 08:12 - 2013-09-23 06:32 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2017-03-25 07:59 - 2016-09-28 03:52 - 00000000 ____D C:\Users\Sokol\AppData\Local\CrashDumps
2017-03-25 04:52 - 2014-06-23 03:08 - 00000000 ____D C:\Users\Sokol\AppData\Local\Adobe
2017-03-24 17:54 - 2016-10-29 19:08 - 00000000 ____D C:\Users\Sokol\Desktop\New folder (2)
2017-03-24 10:58 - 2016-02-22 20:45 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1456191940
2017-03-24 10:58 - 2016-02-22 20:45 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-24 03:47 - 2013-05-29 15:20 - 00000000 ____D C:\Windows\Minidump
2017-03-24 03:47 - 2013-02-06 00:28 - 00301819 ____N C:\Windows\Minidump\032417-19936-01.dmp
2017-03-24 02:28 - 2016-10-07 22:37 - 02527376 _____ (Trend Micro Inc.) C:\Users\Sokol\Documents\HousecallLauncher64.exe
2017-03-23 20:18 - 2009-07-14 02:46 - 00000000 ____D C:\Windows\ShellNew
2017-03-23 20:16 - 2013-09-23 06:45 - 00001180 _____ C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2017-03-23 20:15 - 2017-01-12 16:18 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-03-23 20:15 - 2017-01-12 16:18 - 00002041 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-03-23 20:15 - 2017-01-09 12:07 - 00002499 _____ C:\Users\Public\Desktop\Smart View.lnk
2017-03-23 20:15 - 2016-12-15 09:00 - 00001309 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2017-03-23 20:15 - 2016-12-15 08:59 - 00001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2017-03-23 20:15 - 2016-12-15 08:54 - 00002161 _____ C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
2017-03-23 20:15 - 2016-11-07 08:45 - 00002020 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2017-03-23 20:15 - 2016-09-24 12:23 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-23 20:15 - 2016-02-22 20:45 - 00002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-23 20:15 - 2014-09-16 22:31 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2017-03-23 20:15 - 2014-08-09 17:37 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk
2017-03-23 20:15 - 2014-03-07 15:23 - 00001865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-03-23 20:15 - 2013-09-12 16:00 - 00002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
2017-03-23 20:15 - 2013-06-08 01:46 - 00001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-03-23 20:15 - 2013-06-07 22:34 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-23 20:15 - 2013-05-14 09:54 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Stumbler.lnk
2017-03-23 20:15 - 2013-05-10 09:08 - 00002521 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTether.lnk
2017-03-23 20:15 - 2013-04-23 15:40 - 00002565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearView1.lnk
2017-03-23 20:15 - 2013-04-23 15:40 - 00002565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearView.lnk
2017-03-23 20:15 - 2013-03-09 17:09 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2017-03-23 20:15 - 2013-03-01 11:34 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2017-03-23 20:15 - 2013-03-01 11:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2017-03-23 20:15 - 2013-03-01 11:32 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2017-03-23 20:15 - 2013-03-01 11:30 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2017-03-23 20:15 - 2013-02-16 04:21 - 00001887 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2017-03-23 20:15 - 2013-02-16 04:04 - 00002062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
2017-03-23 20:15 - 2013-02-14 22:14 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-23 20:15 - 2013-02-11 02:06 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
2017-03-23 20:15 - 2013-02-06 01:07 - 00001950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
2017-03-23 20:15 - 2013-02-06 00:29 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-03-23 20:15 - 2013-02-06 00:29 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-03-23 20:15 - 2009-07-13 23:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-03-23 20:15 - 2009-07-13 23:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2017-03-23 20:15 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2017-03-23 20:15 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2017-03-23 20:14 - 2016-12-15 09:00 - 00001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2017-03-23 20:14 - 2013-07-22 20:50 - 00001209 _____ C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2017-03-23 20:14 - 2013-07-22 14:53 - 00000831 _____ C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-03-23 20:14 - 2013-02-05 22:39 - 00001413 _____ C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-23 20:14 - 2009-07-14 00:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2017-03-23 20:14 - 2009-07-13 23:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2017-03-23 20:07 - 2015-06-26 17:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-23 19:55 - 2009-07-13 23:45 - 04906368 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-23 19:53 - 2013-02-05 23:37 - 00065408 _____ C:\Users\Sokol\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-23 19:38 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-03-23 16:33 - 2013-02-10 06:07 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\vlc
2017-03-23 09:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-23 04:40 - 2013-05-10 09:08 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-23 04:15 - 2016-07-14 23:46 - 00000000 ____D C:\Users\Sokol\Documents\traxxas
2017-03-22 12:52 - 2017-01-29 15:47 - 00000000 ____D C:\Users\Sokol\Documents\Innova 3030e
2017-03-21 16:33 - 2013-03-18 13:43 - 04966912 ___SH C:\Users\Sokol\Documents\Thumbs.db
2017-03-21 14:22 - 2017-02-17 16:04 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSokol
2017-03-21 14:22 - 2017-02-17 16:04 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForSokol.job
2017-03-21 00:02 - 2017-02-11 15:24 - 00000000 ____D C:\Users\Sokol\Documents\Taning
2017-03-20 23:11 - 2013-02-11 02:06 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2017-03-19 03:21 - 2016-11-17 16:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-19 03:21 - 2013-02-05 23:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-17 14:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-03-17 13:44 - 2013-06-18 04:41 - 00007244 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-03-17 13:44 - 2009-07-14 00:13 - 00007446 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-17 12:06 - 2013-07-28 11:27 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-03-17 11:56 - 2013-11-01 13:49 - 00001287 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-17 09:48 - 2013-09-27 15:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2017-03-17 09:48 - 2013-06-07 22:34 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-15 14:04 - 2013-06-08 01:46 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\Audacity
2017-03-15 00:11 - 2013-02-06 01:06 - 00000000 ____D C:\Users\Sokol\AppData\Local\ABBYY
2017-03-14 19:52 - 2013-02-06 01:06 - 00000000 ____D C:\ProgramData\ABBYY
2017-03-14 13:26 - 2013-07-01 20:35 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 13:26 - 2013-05-08 07:19 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 13:26 - 2013-05-08 07:19 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 13:26 - 2013-02-05 23:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-14 13:26 - 2013-02-05 23:46 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-06 22:34 - 2016-12-20 21:20 - 30485900 _____ C:\Users\Sokol\Documents\DA68-02952A-08.pdf
2017-03-05 19:02 - 2013-02-06 01:11 - 00000000 ____D C:\Users\Sokol\AppData\Local\ElevatedDiagnostics
2017-03-05 19:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-03-05 18:37 - 2017-01-24 21:14 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-05 07:10 - 2016-12-30 17:38 - 00000000 ____D C:\Users\Sokol\Documents\Nordictrack T5.3
2017-03-05 07:10 - 2015-04-11 16:54 - 00000000 ____D C:\Users\Sokol\Documents\TurboTax
2017-03-05 07:09 - 2017-02-07 19:46 - 00000000 ____D C:\Users\Sokol\Documents\Chase
2017-03-05 02:36 - 2016-09-03 16:04 - 00000000 ___HD C:\Users\Sokol\Documents\VSO Downloader
2017-03-05 01:13 - 2009-07-14 00:08 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-28 11:32 - 2017-01-02 21:50 - 00000000 ____D C:\Users\Sokol\Documents\Kawasaki Ninja ZX10R
2017-02-25 14:46 - 2016-08-17 09:10 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\Nightowl
2017-02-23 12:52 - 2015-04-11 16:53 - 00000000 ____D C:\Users\Sokol\AppData\Roaming\Intuit

==================== Files in the root of some directories =======

2013-02-06 00:02 - 2013-02-06 00:02 - 14794312 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-02-09 19:10 - 2016-10-30 06:25 - 0007859 _____ () C:\Users\Sokol\AppData\Roaming\pcouffin.cat
2013-02-09 19:10 - 2016-10-30 06:25 - 0001167 _____ () C:\Users\Sokol\AppData\Roaming\pcouffin.inf
2013-02-09 19:10 - 2016-10-30 06:25 - 0000034 _____ () C:\Users\Sokol\AppData\Roaming\pcouffin.log
2013-02-09 19:10 - 2016-10-30 06:25 - 0082816 _____ (VSO Software) C:\Users\Sokol\AppData\Roaming\pcouffin.sys
2013-03-18 22:15 - 2013-03-25 01:26 - 0000154 _____ () C:\Users\Sokol\AppData\Roaming\Rim.Desktop.Exception.log
2013-03-18 22:13 - 2013-03-18 22:13 - 0001153 _____ () C:\Users\Sokol\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-03-18 22:15 - 2013-03-25 01:26 - 0000154 _____ () C:\Users\Sokol\AppData\Roaming\Rim.DesktopHelper.Exception.log
2017-03-25 08:26 - 2017-03-25 08:26 - 0000159 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION

LastRegBack: 2017-03-24 04:09

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Sokol (25-03-2017 10:45:25)
Running from C:\Users\Sokol\Desktop\New folder (7)
Windows 7 Ultimate Service Pack 1 (X64) (2013-02-06 05:29:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-399097656-3941740853-1436833426-500 - Administrator - Disabled)
Guest (S-1-5-21-399097656-3941740853-1436833426-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-399097656-3941740853-1436833426-1004 - Limited - Enabled)
Sokol (S-1-5-21-399097656-3941740853-1436833426-1000 - Administrator - Enabled) => C:\Users\Sokol
Vera (S-1-5-21-399097656-3941740853-1436833426-1005 - Limited - Enabled) => C:\Users\Vera

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Advanced Archive Password Recovery (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Advanced Archive Password Recovery) (Version: 4.53 - ElcomSoft Co. Ltd.)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft MediaConverter 8 (HKLM-x32\...\{936FA6E0-8A87-4A03-8004-138AB7A97637}) (Version: 8.0.0.16 - ArcSoft, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Autostar Suite (HKLM-x32\...\Autostar Suite) (Version:  - )
AVerMedia TV Tuner Card 1.0.0.4 (HKLM-x32\...\AVerMedia TV Tuner Card) (Version: 1.0.0.4 - AVerMedia TECHNOLOGIES, Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.37 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.37 - Research In Motion Ltd.) Hidden
BlackBerry Device Software v4.6.0 for the BlackBerry 8220 smartphone (HKLM-x32\...\{12BA4B30-873F-4F14-BB3A-2C0EF8C3A6C7}) (Version: 4.6.0.180 (Platform 4.1.0.61) - Research In Motion Ltd.)
BMW M3 Challenge (HKLM-x32\...\{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1) (Version: BMW M3 Challenge v1.0.0.0 - 10TACLE STUDIOS AG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
calibre 64bit (HKLM\...\{3D86FF77-8124-45D5-8DDE-18951DC79000}) (Version: 0.9.39 - Kovid Goyal)
Calibrize 2.0 (HKLM-x32\...\Calibrize_is1) (Version:  - Colorjinn)
CalMANv4 (HKLM-x32\...\{6CE910E3-99C6-4121-9279-3CCA665ABFF3}) (Version: 4.3.0.256 - SpectraCal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Canon MX530 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX530_series) (Version: 1.00 - Canon Inc.)
Canon MX530 series On-screen Manual (HKLM-x32\...\Canon MX530 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MX530 series User Registration (HKLM-x32\...\Canon MX530 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
Chief Architect Premier X5 (HKLM-x32\...\{BA4EC1AF-CACF-492B-99CF-4BD58070CE8F}) (Version: 15.1.0.0 - Chief Architect)
ClearView (HKLM-x32\...\{A95AF23D-1875-41E7-B684-ECA583126755}) (Version: 5.3.4 - SVKSystems)
ConvertXtoDVD 4.0.12.327 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.12.327 - )
Coolmuster Android Assistant (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Coolmuster Android Assistant) (Version: 2.4.219 - Coolmuster)
CopyTrans Suite Remove Only (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Cronus PRO 1.12 (HKLM-x32\...\Cronus PRO) (Version: 1.12 - CronusMAX Team)
CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2326.0 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DetectorTools (HKLM-x32\...\{E8F0431A-A158-49F6-96AC-7C1380D9AF21}) (Version: 1.11.21 - Escort)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.22 - NCH Software)
EasyTether (HKLM-x32\...\{8d3ac0f3-14ee-49ab-9193-a8dbdc6fec0c}) (Version: 1.1.17 - Mobile Stream)
EasyTether (Version: 1.1.17 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{7DD41AE3-10F5-4C46-961C-FAE786519FFF}) (Version: 1.0.0 - Mobile Stream)
Elcomsoft Internet Password Breaker (HKLM-x32\...\{918E1CCE-45B0-4F58-84B7-53DDA2790A3C}) (Version: 2.0.306.413 - Elcomsoft Co. Ltd.)
EPSON Artisan 837 Series Printer Uninstall (HKLM\...\EPSON Artisan 837 Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{39787FA9-9E15-4EE6-9D93-D9BBB81868E9}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
EPSON NX420 Series Printer Uninstall (HKLM\...\EPSON NX420 Series) (Version:  - SEIKO EPSON Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.05.00 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Remote Print Uninstall (HKLM\...\EPSON Remote Print) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ETKA 7.2 V5 International 2010 (HKLM-x32\...\ETKA7.2V5i) (Version:  - )
Express Burn (HKLM-x32\...\ExpressBurn) (Version:  - NCH Software)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow [rev 2895] [2009-04-21] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FMS (HKLM-x32\...\FMS) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.2.413 - Foxit Corporation)
future-3d.themepack (HKLM\...\future-3d_folder) (Version:  - )
GearDrivers (HKLM-x32\...\GearDrivers) (Version:  - )
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.50.5145 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Play Music Desktop Player (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\GPMDP_3) (Version: 3.6.0 - Samuel Attard)
Google SketchUp Pro 8 (HKLM-x32\...\{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}) (Version: 3.0.3117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoPro CineForm Studio 1.3.2 (HKLM-x32\...\GoPro CineForm Studio) (Version: 1.3.2 - CineForm, Inc & GoPro, Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GraffixPro Studio (HKLM-x32\...\com.pulsemicro.graffixprostudio) (Version: 2.5 - UNKNOWN)
GraffixPro Studio (x32 Version: 2.5 - UNKNOWN) Hidden
GraffixPro Studio Administrator (HKLM-x32\...\{BD46B867-B495-4CC2-A220-464E4E34E9EE}) (Version: 2.50.1067 - Pulse Microsystems Ltd.)
GraffixPro Studio Library (HKLM-x32\...\{80A5981C-FF53-4238-96A7-AE188B159584}) (Version: 1.00.1009 - Pulse Microsystems Ltd.)
Hardlock Device Drivers (HKLM-x32\...\Hardlock Device Drivers) (Version:  - )
HGST Align Tool (HKLM-x32\...\{DD432BE5-28CD-413E-875F-1B04550ED306}) (Version: 2.0.154 - Acronis)
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3316 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{24C7AD6B-F418-4D3B-B7F2-F3603FD720BF}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Product Improvement Study (HKLM\...\{566BB063-0E28-4273-A748-690BE86A7E26}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.3.50.9 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.5.32.203 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.72.3 - HTC)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6207.0 - IDT)
iExplorer (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\262f11f6ff148a12) (Version: 4.1.0.16 - Macroplant LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
inSSIDer Wi-Fi Helper (HKLM-x32\...\{E9AB7FB6-D488-4273-B719-4EC757D03D78}) (Version: 1.0.0.39 - MetaGeek, LLC)
Intel® Driver Update Utility 2.6 (x32 Version: 2.6.0.32 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
J4500 (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
K-Lite Codec Pack 9.8.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.8.0 - )
K-Lite Codec Pack 9.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech)
Logitech Harmony Remote Software (x86) (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Home Edition (Version: 6.1.1366 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Meade LPI (HKLM-x32\...\{23484C5A-E7AE-4F59-B7DF-88D63BEF18F4}) (Version: 2.46.3.0 - )
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 en-US)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\MusicManager) (Version:  - Google, Inc.)
MyFreeCodec (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\MyFreeCodec) (Version:  - )
MySQL Connector Net 6.4.4 (HKLM-x32\...\{2DDC7E93-29AB-4260-A9DB-697F7FA88157}) (Version: 6.4.4 - Oracle)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{BBFD9BC5-BB9A-4F9C-AD77-0BE3897FFE0F}) (Version: 3.51.30 - Oracle Corporation)
MySQL Server 5.5 (HKLM-x32\...\{B727353D-02CB-4FA6-A2DC-A60A720AAD09}) (Version: 5.5.21 - Oracle Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Night Owl HD CMS version 1.1.72 (HKLM-x32\...\{DDC5185C-7C8A-420B-B831-BCE5AAB1F449}_is1) (Version: 1.1.72 - Night Owl SP,LLC)
Night Owl Player (HKLM-x32\...\{78D1E686-EE69-4B26-9D0F-7AD3970CF1BA}) (Version: 1.2.20 - Night Owl)
Nucleus Kernel Macintosh ver 4.04 (HKLM-x32\...\Nucleus Kernel Macintosh_is1) (Version:  - Nucleus Technologies.com)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.96 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Officejet J4500 Series (HKLM\...\{E11448F2-0B44-4239-B04E-D88FE743E929}) (Version: 13.0 - HP)
Opera Stable 44.0.2510.857 (HKLM-x32\...\Opera 44.0.2510.857) (Version: 44.0.2510.857 - Opera Software)
OSForensics (HKLM\...\OSForensics_is1) (Version:  - PassMark Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Power Commander Control Center 3.2.0 (Test Build 1) (HKLM-x32\...\Power Commander 3 Usb_is1) (Version:  - Dynojet Research, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
RepairSolutions (HKLM-x32\...\{CF77710A-4915-4FC7-AD3F-9F40BDE0E13E}) (Version: 1.2.5 - Innova Electronics)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link 2.0.0.1603091618 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1603091618 - Samsung Electronics Co.,Ltd)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler)
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.4.146 - SHAREit Technologies Co.Ltd)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16084.4 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16084.4 - Samsung Electronics Co., Ltd.) Hidden
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Software Update Wizard (Redist) 4.5 (HKLM-x32\...\Software Update Wizard (Redist)) (Version: 4.5 - PowerProgrammer)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SSD Tweaker version 3.1.1 (HKLM-x32\...\{83FA601A-241A-4956-8A21-F7D525C4422F}_is1) (Version: 3.1.1 - Elpamsoft.com)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd)
Streaming Video Recorder V4.2.5 (HKLM\...\{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1) (Version: 4.2.5 - Apowersoft)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version:  - )
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Torch (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Torch) (Version: 51.0.0.11603 - Torch Media, Inc) <==== ATTENTION
Torrents Open Registrations Checker v1.26 (HKLM-x32\...\{DF1D714A-EBD3-49C6-BB09-6BD9B5FC3A66}_is1) (Version:  - TEAM ROOTS)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TSS GSX-R750 2004-2015 Edition (HKLM-x32\...\TSS GSX-R750 2004-2015 Edition9.1) (Version: 9.1 - TechSpark Studio)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO Batcher (HKLM-x32\...\{C528E2AD-8176-4D97-B72C-C48B392AB937}_is1) (Version: 1.1.9.26 - VSO Software)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.45 - VSO-Software SARL)
VSO Downloader 4.5.0.17 (HKLM-x32\...\{A0D0BA9E-F1A6-44FF-AA14-03ED96B3D56D}_is1) (Version: 4.5.0.17 - VSO Software)
WebClient (HKLM-x32\...\WebClient) (Version:  - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WhoCrashed 5.02 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.581  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Remote (HKLM-x32\...\Orb) (Version: 2.2008.0508.1530 - Orb Networks)
WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
WinDirStat 1.1.2 (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - DVR (CXATHENA) Media  (07/22/2010 4.0.0) (HKLM\...\04BA94D87F499518F6D0C66698293E67F2096DBC) (Version: 07/22/2010 4.0.0 - DVR)
Windows Driver Package - DVR (CXATHENA) Media  (07/22/2010 4.0.0) (HKLM\...\9A959193F6C402892680260B45902B6FC61C13E5) (Version: 07/22/2010 4.0.0 - DVR)
Windows Driver Package - DVR (TW68XX) Media  (05/14/2010 1.2.0.0) (HKLM\...\A07844C7719F5357EB7A5C1EA1CA3FA849AFC393) (Version: 05/14/2010 1.2.0.0 - DVR)
Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0) (HKLM\...\B30ECD0209A21D638611F893829C8AF3A483A302) (Version: 04/29/2008 2.5.0.0 - ENE)
Windows Driver Package - ESCORT Inc. (WinUSB) MyDeviceClass  (07/22/2014 ) (HKLM\...\4E1EEB249F725E12EB935B8B5E8F754B19491D84) (Version: 07/22/2014  - ESCORT Inc.)
Windows Driver Package - ESCORT, Inc. (usbser) Ports  (04/24/2013 1.0.0.0) (HKLM\...\81CF09C262F2AF50FED94F55B77F731D76C948F2) (Version: 04/24/2013 1.0.0.0 - ESCORT, Inc.)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 4.20 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.1 - win.rar GmbH)
Wondershare Dr.Fone for Android(Build 5.5.0.6) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 5.5.0.6 - Wondershare Software Co.,Ltd.)
yacib Portable Mp3 (HKLM-x32\...\{1E661EFE-D6EA-4356-BC5A-268316C6D130}) (Version: 3.6.1 - yacib)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-399097656-3941740853-1436833426-1000_Classes\CLSID\{1401734E-0F6D-FF7F-461E-6DCD1462411E}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-399097656-3941740853-1436833426-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Sokol\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-399097656-3941740853-1436833426-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sokol\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {121306DF-5224-45C7-A7C7-905E0BCBA351} - System32\Tasks\RunAsStdUser Task => C:\Users\Sokol\AppData\Local\gameflakeSA\bin\1.0.11.0\GameFlakeSA.exe  <==== ATTENTION
Task: {155EF0CA-3631-43BD-9989-15EDAA4D9BE7} - System32\Tasks\HPCeeScheduleForSokol => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {17AF7E46-7021-42C6-99B5-8A8AD112AF2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.)
Task: {19824F44-E3F2-46CA-9AD5-92D3609D429E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {1A698E25-C15B-4A4E-A2D2-CC440AB084A7} - \Traffic Exchange v209 - 3 -> No File <==== ATTENTION
Task: {1EEE0E66-84FD-4F80-AAE3-92E3A64188D3} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-12-06] (HP Inc.)
Task: {2EC33ED7-E52E-46B6-AC64-1E35818FC526} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {42CF2D05-8F55-4B11-97BD-A35B1B151CE6} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-06] (CL)
Task: {4565EA2A-28B9-4B3C-8391-A529857D7CB5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {4CAD33DB-F378-4B1A-942E-B8AC75F88572} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {4E197D63-8D8E-42C0-BD3C-B67E6E7E0780} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2016-12-07] (HP Inc.)
Task: {4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} - \HDWallPaper -> No File <==== ATTENTION
Task: {539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} - \Traffic Exchange Guard -> No File <==== ATTENTION
Task: {59730F6C-ED39-487B-8514-7BA6B2024E01} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {5A460F03-062A-4E6F-AA59-15E90D48FFFD} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-06] (CyberLink Corp.)
Task: {5DF04716-64CF-40F7-9A1D-8EC92DDA35CE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5F8A43C4-E1ED-478C-908C-AF194E41E91B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-399097656-3941740853-1436833426-1000UA => C:\Users\Sokol\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-31] (Google Inc.)
Task: {61F0A6C7-7DF0-4202-972C-612CF4C69F52} - System32\Tasks\AdobeAAMUpdater-1.0-Sokol-PC-Sokol => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {65244A80-A299-457F-B2B2-2A0CF69D091D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {69543F25-A008-441F-A0FD-034068484326} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {69E8BD78-71B4-4A03-8CDD-10290CA8DD7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {6B3F39AD-4483-410B-9937-150688E0F222} - \{0A7F0C47-7D0D-0C7A-7D11-0D080C0E1179} -> No File <==== ATTENTION
Task: {6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} - \Traffic Exchange Guardian -> No File <==== ATTENTION
Task: {78398F9D-DD45-4623-9A1D-6A92963554AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {7D1E7027-1BD5-4142-AFF1-AAD5B2F2649D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {81719183-C3BF-4FB9-A3BC-72E6B073DA65} - \PPI Update -> No File <==== ATTENTION
Task: {84738984-1B64-432D-840F-665F350E0BDC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-399097656-3941740853-1436833426-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} - \Traffic Exchange Updater -> No File <==== ATTENTION
Task: {8DE114BD-5465-4358-ADC9-9E4EDC650085} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-06] (CL)
Task: {942FDD22-0493-4AF8-9F76-D6C282B1A964} - \BuzzSocialPoints_DNS_Checker -> No File <==== ATTENTION
Task: {9734C708-19D1-4A58-ABE4-3EDE59507839} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {9795A737-458C-4045-A9B2-08037BB7C751} - \Traffic Exchange v2 - 1 -> No File <==== ATTENTION
Task: {9C98DB7F-0115-4289-B7F4-A195848865C0} - \Traffic Exchange -> No File <==== ATTENTION
Task: {AB866182-D1F9-478E-B424-418665AD4D6B} - \Traffic Exchange v2 - 3 -> No File <==== ATTENTION
Task: {AFACC486-1E41-4176-979A-896850179039} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-399097656-3941740853-1436833426-1000Core => C:\Users\Sokol\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-31] (Google Inc.)
Task: {B285FB9C-E7E4-4AAD-8830-5D38CA7AABCA} - System32\Tasks\{E3E0EA9E-F501-4C55-BB06-A3152B81035C} => pcalua.exe -a C:\Users\Sokol\Downloads\iPod_Support_v3_10.exe -d C:\Users\Sokol\Downloads
Task: {B4AF3069-89F8-4644-851E-9757F3D26798} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-09-16] (CyberLink)
Task: {C12AFA7D-0F5B-4159-9C87-F556F53BC158} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {C41D773A-7042-4477-96A7-4CB7100F4579} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C487F742-8749-453E-B87E-B56E7325C8E7} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-06] (CL)
Task: {C5BAF38D-99DD-4513-90F8-8FBEA6039851} - \Traffic Exchange v2 - 2 -> No File <==== ATTENTION
Task: {D4043A8F-59C4-4076-BE8C-2A0871D69AD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {D657E94B-35A1-40CE-BDE9-993023E85BDF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {D6D19F93-7621-4594-A6B1-0F898CD1BC45} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-399097656-3941740853-1436833426-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D8677A03-9DFA-4A86-87BE-8323F23FA24C} - \Traffic Exchange v209 - 1 -> No File <==== ATTENTION
Task: {D90AA02B-790E-4958-A616-7EA853307B8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {E347968A-5DC8-44C4-9275-63A407E730E7} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E45154DD-156A-4C18-9209-D85814E66891} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {E5E43D57-518F-45E7-A8AB-6C71D958DF70} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {E684539E-0733-40EA-9D0F-A0A0A9A9C5CB} - System32\Tasks\{DD395380-5D61-422B-8314-6021D2CA37C6} => pcalua.exe -a "C:\Users\Sokol\Documents\NEC LT260\NECDIU200114_ENG.exe" -d "C:\Users\Sokol\Documents\NEC LT260"
Task: {E9212B17-4E59-4C0F-A488-6F0C6DD6665E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {EBD358FB-92CD-4FC7-8091-2936BB30D099} - \System Healer Task -> No File <==== ATTENTION
Task: {F6971C8B-5766-43A0-A993-DEFE3BA29BCD} - System32\Tasks\Opera scheduled Autoupdate 1456191940 => C:\Program Files (x86)\Opera\launcher.exe [2017-03-21] (Opera Software)
Task: {F930AD02-9C4C-42AC-8853-5A06FAA547AB} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} - \Traffic Exchange v209 - 2 -> No File <==== ATTENTION
Task: {FE3F7C47-720C-47E7-AD7E-068F575CA070} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForSokol.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Sokol\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2013-02-05 23:52 - 2016-05-30 12:36 - 00133568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-31 16:05 - 2012-01-31 16:05 - 08184320 _____ () C:\Program Files (x86)\Canon\Easy-WebPrint EX\bin\mysqld.exe
2016-09-27 16:09 - 2016-06-14 15:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-09-27 16:09 - 2016-06-14 15:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-09-27 16:09 - 2016-06-14 15:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-09-27 16:09 - 2016-06-14 15:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2013-06-21 19:28 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-06-08 00:10 - 2016-03-09 17:18 - 00025088 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2016-09-19 10:01 - 2016-03-09 17:18 - 02513920 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2016-09-19 10:01 - 2016-03-09 17:18 - 02436096 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-12-21 11:25 - 2013-12-21 11:25 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll
2013-12-21 11:26 - 2013-12-21 11:26 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll
2013-12-21 11:27 - 2013-12-21 11:27 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll
2013-10-22 09:52 - 2013-10-22 09:52 - 00030720 _____ () C:\Windows\system32\MediaDB64.dll
2013-10-22 09:52 - 2013-10-22 09:52 - 00908800 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll
2013-12-21 11:27 - 2013-12-21 11:27 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-09-27 16:09 - 2016-06-14 15:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-09-27 16:09 - 2016-06-14 15:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-09-27 16:09 - 2016-06-14 15:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-09-27 16:09 - 2016-06-14 15:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-03-23 19:50 - 2017-03-23 19:50 - 00831488 ____N () C:\windows\system32\tprdpw32.exe
2016-09-27 16:09 - 2016-06-14 15:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-09-27 16:09 - 2016-06-14 15:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-06-22 14:43 - 2016-06-22 14:43 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2016-06-22 14:40 - 2016-06-22 14:40 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2016-06-22 14:42 - 2016-06-22 14:42 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2016-06-22 14:42 - 2016-06-22 14:42 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2016-06-22 14:42 - 2016-06-22 14:42 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2016-06-22 14:43 - 2016-06-22 14:43 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2016-06-22 14:44 - 2016-06-22 14:44 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2016-06-22 14:46 - 2016-06-22 14:46 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2016-09-27 16:09 - 2016-06-14 15:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-13 02:24 - 2016-12-13 02:24 - 40523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2009-09-16 17:42 - 2009-09-16 17:42 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [134]
AlternateDataStreams: C:\Users\Sokol\AppData\Local\Temporary Internet Files:dvPLDTRQABBTJtZ6 [2096]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-03-24 03:43 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-399097656-3941740853-1436833426-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\Windows\pss\CineForm Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sokol^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk => C:\Windows\pss\Epson all-in-one Registration.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge =>
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BingSvc => C:\Users\Sokol\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EasyTether => "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: EPSON NX420 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Users\Sokol\AppData\Local\Temp\E_SCBB7.tmp" /EF "HKCU"
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -update plugin
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Sokol\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Photosmart 7510 series (NET) => "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN261342KQ05PX:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LTCM Client => C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
MSCONFIG\startupreg: MusicManager => "C:\Users\Sokol\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Orb => "C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe" /background
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: RepairSolutions => "C:\Program Files (x86)\RepairSolutions\RepairSolutions.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: Samsung Link => "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Sokol\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
MSCONFIG\startupreg: YouCam Service6 => "C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A8A14220-87C8-4E60-B55E-0F8EA8C6CA7E}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{092BC719-1953-4DF2-902C-1B079766CDC4}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{C3109857-02FE-4459-A91D-57945F0A7C78}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{E731E46B-022E-4EA3-8BF7-02A77C74870C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{AF51B868-7224-4063-95E3-4D370BFB4983}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{13B3C3E3-D99E-4E02-A662-380CCA80F3BB}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{65D9CED0-2C69-4131-9264-8DD03C7ABC43}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{05D28EC8-B8D8-44B6-947C-FCAC72F6808A}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{AB7315E3-B37D-4E4B-B7AB-BD2A50AE00F9}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{0A63C1B0-DEC5-4BF3-AD3B-75215E3DE49E}C:\program files (x86)\meade\autostarsuite\autostarsuite.exe] => (Allow) C:\program files (x86)\meade\autostarsuite\autostarsuite.exe
FirewallRules: [UDP Query User{B4FDB69D-A0D6-494D-8779-E1E4F1A31427}C:\program files (x86)\meade\autostarsuite\autostarsuite.exe] => (Allow) C:\program files (x86)\meade\autostarsuite\autostarsuite.exe
FirewallRules: [{AF82D706-E24F-4252-A701-0A811B9EE36E}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{0CF69DA2-2E24-4BDF-92E3-7E4926537716}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{75285EB1-1D56-4D1C-AAEC-C8AA4D5ABE6E}] => (Allow) LPort=4481
FirewallRules: [{4D8AC218-0A6A-47AD-BE2F-DC4FAA00F5F6}] => (Allow) LPort=4481
FirewallRules: [{13363577-E932-4936-94B3-7814BFFE4222}] => (Allow) LPort=4482
FirewallRules: [{AE786C6A-A373-4125-B56C-F988D8A8426A}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{B35E851B-473B-4FF5-AA0D-C03C0690B594}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{3E6B6DE4-098F-4A71-A078-57370F50E22A}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{7A8E8C07-B9A7-48B8-AC61-1FB2191FACF1}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{A40FB569-FA18-4EF3-BF12-22E768B8B3B3}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{56E14771-B572-4DBA-81B2-CFA489E58908}] => (Allow) LPort=8743
FirewallRules: [{5487C15E-E0F7-49B8-8BB5-DD618157CE72}] => (Allow) LPort=8643
FirewallRules: [{EE6031E1-99A4-4258-807B-FC0EB06995F5}] => (Allow) LPort=7676
FirewallRules: [{774CBD67-44E8-48D9-80A9-CC8A80EC4000}] => (Allow) LPort=7679
FirewallRules: [{69BF833E-0692-4D49-B89F-46F1E07399CA}] => (Allow) LPort=24234
FirewallRules: [{B532AF11-42C4-4309-813C-5536F0DD25C6}] => (Allow) LPort=7900
FirewallRules: [{5A341623-9D9E-4764-8766-4CD752BD4599}] => (Allow) LPort=1900
FirewallRules: [{DE547398-F454-419A-B605-BD804D188204}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{E8725C52-787C-4644-A394-F44D5D6AB8B1}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{582EE0E9-5EE4-45DA-AAD3-6B65B422726E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{1864D6B0-2763-4A35-9D43-18CE244881D4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{37DD727A-57A1-4B93-AE56-28A58760D060}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{F90DD031-E07C-4E8C-9439-3D65EFF236A1}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\Streaming-Video-Recorder.exe
FirewallRules: [{80F10026-3B20-4241-A2C4-D491341FFA81}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\StreamingVideoRecorder.exe
FirewallRules: [{B28494A6-8284-488B-BF3B-D71A781F1EFB}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
FirewallRules: [{5F16F56F-75BA-4B63-A906-59864E7669F4}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
FirewallRules: [{24E72E91-80B7-477D-92FE-04CC83714B97}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{34F2EA49-4A48-495E-BD95-11893C139E34}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{0C0CDE4B-6578-4119-9706-F966C1452C9D}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{306B9D1A-1B49-498B-BF9E-28FBBB6AA3D1}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{E1AFF606-E64E-4941-A879-18EA165E2F2B}] => (Allow) C:\Users\Sokol\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7F14B006-22A5-45FA-8204-BCC7896FDBF9}] => (Allow) C:\Users\Sokol\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{24EF6574-2078-4C69-A006-D5F66D1CADB2}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{C970DB89-E561-43A9-8D6D-C8EBEDEF1810}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{E2FF9A77-9A4F-487D-8B59-B6DF92986774}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{7F5B6E4C-34BE-4B59-832A-AA42184C33CA}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [TCP Query User{4F1E1940-6A30-4357-B911-EE4EFBED633A}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{C67B5751-14A5-42D9-B9D3-C59C53A6ABB5}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{4AB2BD86-D52F-4220-9653-1D5D18CC4F62}C:\program files\digivue\digivue.exe] => (Allow) C:\program files\digivue\digivue.exe
FirewallRules: [UDP Query User{BE31AE5D-EEE1-4A80-8286-6C47D642E3F2}C:\program files\digivue\digivue.exe] => (Allow) C:\program files\digivue\digivue.exe
FirewallRules: [TCP Query User{29E6907D-46DD-4562-910A-73443BAB673F}C:\program files\digivue\httpsvr.dll] => (Allow) C:\program files\digivue\httpsvr.dll
FirewallRules: [UDP Query User{E119FBCF-35E8-448E-9970-3008072E56F4}C:\program files\digivue\httpsvr.dll] => (Allow) C:\program files\digivue\httpsvr.dll
FirewallRules: [{8ED875D2-CA6C-40BC-AA19-F34581D75E65}] => (Allow) C:\Program Files (x86)\Winamp Remote\bin\Orb.exe
FirewallRules: [{63FED9E9-B56B-46C5-9706-A03A4DB0D0A3}] => (Allow) C:\Program Files (x86)\Winamp Remote\bin\Orb.exe
FirewallRules: [{8CFAC161-AB1B-4D78-BB42-C18033C89B38}] => (Allow) C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe
FirewallRules: [{49D19FB6-DC30-4914-9BFB-327906FECE46}] => (Allow) C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe
FirewallRules: [{B66DD25C-497E-4C9B-8CB3-9793DB4FE200}] => (Allow) C:\Program Files (x86)\Winamp Remote\bin\OrbIR.exe
FirewallRules: [{C2564B1A-0775-4734-9795-A03062A54091}] => (Allow) C:\Program Files (x86)\Winamp Remote\bin\OrbIR.exe
FirewallRules: [{49321489-680B-4826-8FB7-1608DEB58232}] => (Allow) C:\Program Files (x86)\Winamp Remote\bin\OrbStreamerClient.exe
FirewallRules: [{ACC1920C-8027-41C7-BD00-16C2D82C4F0D}] => (Allow) C:\Program Files (x86)\Winamp Remote\bin\OrbStreamerClient.exe
FirewallRules: [TCP Query User{9356207B-C23F-400E-BB5A-C3D4F2E8BA19}C:\program files (x86)\winamp remote\bin\orbtray.exe] => (Block) C:\program files (x86)\winamp remote\bin\orbtray.exe
FirewallRules: [UDP Query User{F33249EE-54E7-4CEE-8A7B-621A38C8021D}C:\program files (x86)\winamp remote\bin\orbtray.exe] => (Block) C:\program files (x86)\winamp remote\bin\orbtray.exe
FirewallRules: [TCP Query User{02F743AD-7C27-4579-BDD1-FA0283000589}C:\users\guest\appdata\local\oxy\application\bin\oxy-downloader.exe] => (Block) C:\users\guest\appdata\local\oxy\application\bin\oxy-downloader.exe
FirewallRules: [UDP Query User{9E454B14-A39D-4BA3-9AD7-462AE9E7F8E8}C:\users\guest\appdata\local\oxy\application\bin\oxy-downloader.exe] => (Block) C:\users\guest\appdata\local\oxy\application\bin\oxy-downloader.exe
FirewallRules: [{ED44E988-CC04-4624-8C33-A72E7945D6A9}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\DeviceSetup.exe
FirewallRules: [{774DD38B-3610-4621-914A-FE1BF1319763}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A52C1D26-AC65-4D43-8A7E-678DC1163EEB}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B1E98DB1-A894-4D1A-A514-034E29C5EC35}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{FE94D7CA-97E9-4415-A9FC-F4330F6A9C4D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A07BC8C6-FF4C-42F3-99D8-AC0B6D081EC9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{00F82639-8AAE-404C-820D-095DE8F8CD65}] => (Allow) C:\Users\Sokol\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3A716DF-B84A-4958-AED5-46E561B17BB3}] => (Allow) C:\Users\Sokol\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{769B206E-3EED-4E5D-B8F6-3AD2003A1F17}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F991943A-FB20-4592-9EAF-DEF112D55914}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9229E06B-1D3A-429D-BA7E-DC211BF9FA22}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA905894-0F89-426F-A4C7-78F030DCABDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9ACDA65E-B0DB-4ADF-AC22-9517D0C9799B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FF2440D7-57FB-4E44-8D5B-CA70A6F44D1E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{38A08979-4815-4208-B9E8-56351428E647}C:\program files (x86)\nightowl\night owl hd cms\night owl hd cms.exe] => (Allow) C:\program files (x86)\nightowl\night owl hd cms\night owl hd cms.exe
FirewallRules: [UDP Query User{53783F9E-6DB6-4C05-8EDD-844A885A5F32}C:\program files (x86)\nightowl\night owl hd cms\night owl hd cms.exe] => (Allow) C:\program files (x86)\nightowl\night owl hd cms\night owl hd cms.exe
FirewallRules: [{5D429BE0-1AB9-401F-9559-41765906C8C2}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{8B25A0C2-4027-414A-9006-4C5573229335}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{9EB18C4A-AE7A-47CE-A1F3-E6F194F69D0A}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{26A20DE7-C96A-4FB8-BDD2-31DA0FBB50DF}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{325E808B-2F41-4B4E-A439-3DFAC2A48243}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{6D1F760C-4E96-432E-9E47-9E7F1EDBEB3C}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{12A95A5B-2651-40D8-90CB-01BE1D220D01}] => (Allow) C:\Users\Sokol\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{5EC491CD-B207-4D8D-BB01-BD6A0D074F36}] => (Allow) C:\Users\Sokol\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{57642A51-EDF8-44C0-86E6-2BF64D73EC78}] => (Allow) C:\Users\Sokol\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [{1ECEBA23-DD05-4B61-A62D-1612DBAA21F0}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{F764FDBE-92C1-4E11-A2BD-ECA7035E409B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8C67565-FADA-4A6D-8B73-14F0FFC473ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B485F2BE-7BB0-4CF9-AFF5-E52E0B518A6D}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{5950482B-49A0-48F3-BDDF-8B9D7F0F765C}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [TCP Query User{23C9F3EB-77FE-4FA9-9839-DFB9FAC31B53}C:\program files (x86)\coolmuster\coolmuster android assistant\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\coolmuster\coolmuster android assistant\bin\androidassistserver.exe
FirewallRules: [UDP Query User{4EF58CF6-854D-48CF-969A-37CDC27B7770}C:\program files (x86)\coolmuster\coolmuster android assistant\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\coolmuster\coolmuster android assistant\bin\androidassistserver.exe
FirewallRules: [{C1E75FCF-1FC3-41ED-AB20-C2B2D671EFE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{43FC1813-02BE-458C-8004-FC5259A1E7A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1DB3524A-8AA4-4B5D-9FA9-84AD29BD8CEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{BCBDEFF4-2EEF-4155-A3F7-8F3294C5AC7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A2A7E148-ED09-430F-A67A-CCEE572DBACB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8B17A0E3-DAB1-4783-B70B-CE752554F45B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{FE1C8EEC-B5F8-460E-B45E-86E3F0BFA4AB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{329DEB5B-21BA-4A48-A598-8EEF800AC6EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{F107C8D6-D164-4D4E-97E3-463C3A8AF798}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{1A5061CF-4251-4EAC-95C6-FBCB439A0ED1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{2FB454D6-38A3-4E6E-88BB-58CE5A90F148}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{ABA0890A-E3F5-4CD1-A7AD-4570B4EEB519}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{91AECF7A-39FF-4EC2-9359-195F5D23AF36}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{09B1F967-7A11-4161-9507-D4F6816EEF07}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{6CD12AA0-B73B-4A8C-B4B3-8F00880B6350}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{893A86D5-A23F-4791-B7BE-00A116148AD2}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{5CBEC1A7-584C-43FD-A14A-93FF352E3668}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{19BE20C9-7EE2-4C2F-81BD-4D25C11BE4D4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{E429AB0C-D314-4C7C-BF45-736614B15CEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{4B2D5F4F-4AA7-4C3E-B4B4-1741DCEF86D2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{EC001294-78E7-41DC-9B7A-94A902E040A0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{62F16980-014D-436C-B525-046C71C30A62}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{707AA129-A9D3-40B4-B873-D639F69578FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{2AE37FEC-DE1C-4C4D-B5AD-F4748C6D04BA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3AE8F7C0-AE04-4C9B-BB97-51F580916476}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{54CA5B5E-8486-4372-ABF4-DFD152121930}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{EF041CC8-92BA-406E-8CE0-5372FAF5DAAB}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{E6413F64-E244-4291-B007-015FF37749BE}] => (Allow) LPort=80
FirewallRules: [TCP Query User{81181327-BA4E-4938-B691-A2561E8ED16E}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe
FirewallRules: [UDP Query User{7C7C6629-1722-414D-A01C-28505681CB70}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe
FirewallRules: [{5A42CB7A-B365-4696-8DA8-60560714E2D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FD552981-A11E-4223-A6C9-CEB0DE98BFED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{01FBE749-F370-4115-BD50-51727E25D592}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8F54903F-C0CB-4F36-9514-703B246CD414}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8A843694-CA7C-43D7-89AF-C1562CEDFCFC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{28955182-D841-4AA4-A18F-D785DF49FD8F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{04DE8E69-73C6-4B1A-9C60-93A73964F77D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{62762ED5-9CFD-4DFD-B811-B6A4CFF62C2A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8C32174F-B220-4B99-B2D9-F852A53E4677}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{33BFB88E-3283-4D78-A2C0-235ED9E6E5B5}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{1C76DBF8-09C6-4674-8E0F-064E468D5D7F}] => (Allow) C:\Program Files (x86)\Opera\44.0.2510.857\opera.exe

==================== Restore Points =========================

17-03-2017 13:44:49 Device Driver Package Install: EldoS Corporation StorLib devices
21-03-2017 03:48:09 Installed Windows Media Encoder 9 Series x64 Edition
21-03-2017 03:50:23 Installed ScreenRecorder
23-03-2017 04:40:36 Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: EldoS Corporation
Service: cbfs3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/25/2017 10:43:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Management Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/25/2017 10:43:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Management Service service to connect.

Error: (03/25/2017 10:41:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32

Error: (03/25/2017 10:41:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Guardant Emulator Driver service failed to start due to the following error:
This driver has been blocked from loading

Error: (03/25/2017 10:41:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\Drivers\NSHE.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/25/2017 10:41:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dataup Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/25/2017 10:39:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/25/2017 10:39:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/25/2017 10:39:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/25/2017 10:39:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 42%
Total physical RAM: 4062.96 MB
Available physical RAM: 2342.87 MB
Total Virtual: 12253.15 MB
Available Virtual: 10205.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:34.67 GB) NTFS
Drive f: () (Fixed) (Total:250.8 GB) (Free:21.34 GB) NTFS
Drive k: () (Fixed) (Total:36 GB) (Free:21.28 GB) NTFS
Drive l: (HP_RECOVERY) (Fixed) (Total:11.29 GB) (Free:11.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6E4C6E4C)
Partition 1: (Active) - (Size=250.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=36 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 2BE5E3E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:59 AM

Posted 25 March 2017 - 12:14 PM

We will need to run this fix in the Recovery Environment. You will need a USB Flash drive.

  • Copy the entire contents of the Quote Box below to Notepad.
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
S2 windowsmanagementservice; C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe [851456 2017-03-23] () [File not signed] <==== ATTENTION <==== ATTENTION
S2 Dataup; C:\PROGRA~2\dataup\dataup.exe [X] <==== ATTENTION
R0 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [80968 2017-03-23] () [File not signed] <==== ATTENTION
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
C:\Program Files (x86)\cpx
C:\Users\Sokol\AppData\Local\Temp\20170323
C:\PROGRA~2\dataup
C:\Windows\System32\drivers\drmkpro64.sys
HKLM-x32\...\Run: [svcvmx] => "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup
C:\Program Files (x86)\svcvmx
C:\Windows\system32\tprdpw32.exe
C:\Program Files (x86)\s5
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [134]
AlternateDataStreams: C:\Users\Sokol\AppData\Local\Temporary Internet Files:dvPLDTRQABBTJtZ6 [2096]
Torch (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Torch) (Version: 51.0.0.11603 - Torch Media, Inc) <==== ATTENTION
Task: {121306DF-5224-45C7-A7C7-905E0BCBA351} - System32\Tasks\RunAsStdUser Task => C:\Users\Sokol\AppData\Local\gameflakeSA\bin\1.0.11.0\GameFlakeSA.exe  <==== ATTENTION
Task: {1A698E25-C15B-4A4E-A2D2-CC440AB084A7} - \Traffic Exchange v209 - 3 -> No File <==== ATTENTION
Task: {4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} - \HDWallPaper -> No File <==== ATTENTION
Task: {539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} - \Traffic Exchange Guard -> No File <==== ATTENTION
Task: {59730F6C-ED39-487B-8514-7BA6B2024E01} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {6B3F39AD-4483-410B-9937-150688E0F222} - \{0A7F0C47-7D0D-0C7A-7D11-0D080C0E1179} -> No File <==== ATTENTION
Task: {6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} - \Traffic Exchange Guardian -> No File <==== ATTENTION
Task: {81719183-C3BF-4FB9-A3BC-72E6B073DA65} - \PPI Update -> No File <==== ATTENTION
Task: {870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} - \Traffic Exchange Updater -> No File <==== ATTENTION
Task: {942FDD22-0493-4AF8-9F76-D6C282B1A964} - \BuzzSocialPoints_DNS_Checker -> No File <==== ATTENTION
Task: {9795A737-458C-4045-A9B2-08037BB7C751} - \Traffic Exchange v2 - 1 -> No File <==== ATTENTION
Task: {9C98DB7F-0115-4289-B7F4-A195848865C0} - \Traffic Exchange -> No File <==== ATTENTION
Task: {AB866182-D1F9-478E-B424-418665AD4D6B} - \Traffic Exchange v2 - 3 -> No File <==== ATTENTION
Task: {C12AFA7D-0F5B-4159-9C87-F556F53BC158} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {C5BAF38D-99DD-4513-90F8-8FBEA6039851} - \Traffic Exchange v2 - 2 -> No File <==== ATTENTION
Task: {D8677A03-9DFA-4A86-87BE-8323F23FA24C} - \Traffic Exchange v209 - 1 -> No File <==== ATTENTION
Task: {EBD358FB-92CD-4FC7-8091-2936BB30D099} - \System Healer Task -> No File <==== ATTENTION
Task: {FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} - \Traffic Exchange v209 - 2 -> No File <==== ATTENTION
ShortcutTarget: Oxy.lnk -> C:\Users\Sokol\AppData\Local\Oxy\Application\bin\start.cmd (No File)
Task: {1A698E25-C15B-4A4E-A2D2-CC440AB084A7} - \Traffic Exchange v209 - 3 -> No File <==== ATTENTION
Task: {4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} - \HDWallPaper -> No File <==== ATTENTION
Task: {539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} - \Traffic Exchange Guard -> No File <==== ATTENTION
Task: {59730F6C-ED39-487B-8514-7BA6B2024E01} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {6B3F39AD-4483-410B-9937-150688E0F222} - \{0A7F0C47-7D0D-0C7A-7D11-0D080C0E1179} -> No File <==== ATTENTION
Task: {6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} - \Traffic Exchange Guardian -> No File <==== ATTENTION
Task: {81719183-C3BF-4FB9-A3BC-72E6B073DA65} - \PPI Update -> No File <==== ATTENTION
Task: {870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} - \Traffic Exchange Updater -> No File <==== ATTENTION
Task: {942FDD22-0493-4AF8-9F76-D6C282B1A964} - \BuzzSocialPoints_DNS_Checker -> No File <==== ATTENTION
Task: {9795A737-458C-4045-A9B2-08037BB7C751} - \Traffic Exchange v2 - 1 -> No File <==== ATTENTION
Task: {9C98DB7F-0115-4289-B7F4-A195848865C0} - \Traffic Exchange -> No File <==== ATTENTION
Task: {AB866182-D1F9-478E-B424-418665AD4D6B} - \Traffic Exchange v2 - 3 -> No File <==== ATTENTION
Task: {C12AFA7D-0F5B-4159-9C87-F556F53BC158} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {C5BAF38D-99DD-4513-90F8-8FBEA6039851} - \Traffic Exchange v2 - 2 -> No File <==== ATTENTION
Task: {D8677A03-9DFA-4A86-87BE-8323F23FA24C} - \Traffic Exchange v209 - 1 -> No File <==== ATTENTION
Task: {EBD358FB-92CD-4FC7-8091-2936BB30D099} - \System Healer Task -> No File <==== ATTENTION
Task: {FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} - \Traffic Exchange v209 - 2 -> No File <==== ATTENTION
S2 windowsmanagementservice; C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe [851456 2017-03-23] () [File not signed] <==== ATTENTION <==== ATTENTION
AlternateDataStreams: C:\Users\Sokol\AppData\Local\Temporary Internet Files:dvPLDTRQABBTJtZ6 [2096]

 

 

 

  • Name the file as Fixlist.txt
  • Change the Save as Type to All Files
  • and Save it in the USB drive

Please download Farbar Recovery Scan Tool and save it to a flash drive.

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Select Command Prompt

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Restart the computer. Please copy and paste its contents in your next reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 foreigner00

foreigner00
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 25 March 2017 - 12:54 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by SYSTEM (25-03-2017 12:46:24) Run:3
Running from I:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup <===== ATTENTION
S2 windowsmanagementservice; C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe [851456 2017-03-23] () [File not signed] <==== ATTENTION <==== ATTENTION
S2 Dataup; C:\PROGRA~2\dataup\dataup.exe [X] <==== ATTENTION
R0 drmkpro64; C:\Windows\System32\drivers\drmkpro64.sys [80968 2017-03-23] () [File not signed] <==== ATTENTION
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
C:\Program Files (x86)\cpx
C:\Users\Sokol\AppData\Local\Temp\20170323
C:\PROGRA~2\dataup
C:\Windows\System32\drivers\drmkpro64.sys
HKLM-x32\...\Run: [svcvmx] => "C:\Program Files (x86)\svcvmx\svcvmx.exe" -starup
C:\Program Files (x86)\svcvmx
C:\Windows\system32\tprdpw32.exe
C:\Program Files (x86)\s5
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [134]
AlternateDataStreams: C:\Users\Sokol\AppData\Local\Temporary Internet Files:dvPLDTRQABBTJtZ6 [2096]
Torch (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Torch) (Version: 51.0.0.11603 - Torch Media, Inc) <==== ATTENTION
Task: {121306DF-5224-45C7-A7C7-905E0BCBA351} - System32\Tasks\RunAsStdUser Task => C:\Users\Sokol\AppData\Local\gameflakeSA\bin\1.0.11.0\GameFlakeSA.exe  <==== ATTENTION
Task: {1A698E25-C15B-4A4E-A2D2-CC440AB084A7} - \Traffic Exchange v209 - 3 -> No File <==== ATTENTION
Task: {4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} - \HDWallPaper -> No File <==== ATTENTION
Task: {539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} - \Traffic Exchange Guard -> No File <==== ATTENTION
Task: {59730F6C-ED39-487B-8514-7BA6B2024E01} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {6B3F39AD-4483-410B-9937-150688E0F222} - \{0A7F0C47-7D0D-0C7A-7D11-0D080C0E1179} -> No File <==== ATTENTION
Task: {6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} - \Traffic Exchange Guardian -> No File <==== ATTENTION
Task: {81719183-C3BF-4FB9-A3BC-72E6B073DA65} - \PPI Update -> No File <==== ATTENTION
Task: {870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} - \Traffic Exchange Updater -> No File <==== ATTENTION
Task: {942FDD22-0493-4AF8-9F76-D6C282B1A964} - \BuzzSocialPoints_DNS_Checker -> No File <==== ATTENTION
Task: {9795A737-458C-4045-A9B2-08037BB7C751} - \Traffic Exchange v2 - 1 -> No File <==== ATTENTION
Task: {9C98DB7F-0115-4289-B7F4-A195848865C0} - \Traffic Exchange -> No File <==== ATTENTION
Task: {AB866182-D1F9-478E-B424-418665AD4D6B} - \Traffic Exchange v2 - 3 -> No File <==== ATTENTION
Task: {C12AFA7D-0F5B-4159-9C87-F556F53BC158} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {C5BAF38D-99DD-4513-90F8-8FBEA6039851} - \Traffic Exchange v2 - 2 -> No File <==== ATTENTION
Task: {D8677A03-9DFA-4A86-87BE-8323F23FA24C} - \Traffic Exchange v209 - 1 -> No File <==== ATTENTION
Task: {EBD358FB-92CD-4FC7-8091-2936BB30D099} - \System Healer Task -> No File <==== ATTENTION
Task: {FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} - \Traffic Exchange v209 - 2 -> No File <==== ATTENTION
ShortcutTarget: Oxy.lnk -> C:\Users\Sokol\AppData\Local\Oxy\Application\bin\start.cmd (No File)
Task: {1A698E25-C15B-4A4E-A2D2-CC440AB084A7} - \Traffic Exchange v209 - 3 -> No File <==== ATTENTION
Task: {4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} - \HDWallPaper -> No File <==== ATTENTION
Task: {539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} - \Traffic Exchange Guard -> No File <==== ATTENTION
Task: {59730F6C-ED39-487B-8514-7BA6B2024E01} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {6B3F39AD-4483-410B-9937-150688E0F222} - \{0A7F0C47-7D0D-0C7A-7D11-0D080C0E1179} -> No File <==== ATTENTION
Task: {6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} - \Traffic Exchange Guardian -> No File <==== ATTENTION
Task: {81719183-C3BF-4FB9-A3BC-72E6B073DA65} - \PPI Update -> No File <==== ATTENTION
Task: {870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} - \Traffic Exchange Updater -> No File <==== ATTENTION
Task: {942FDD22-0493-4AF8-9F76-D6C282B1A964} - \BuzzSocialPoints_DNS_Checker -> No File <==== ATTENTION
Task: {9795A737-458C-4045-A9B2-08037BB7C751} - \Traffic Exchange v2 - 1 -> No File <==== ATTENTION
Task: {9C98DB7F-0115-4289-B7F4-A195848865C0} - \Traffic Exchange -> No File <==== ATTENTION
Task: {AB866182-D1F9-478E-B424-418665AD4D6B} - \Traffic Exchange v2 - 3 -> No File <==== ATTENTION
Task: {C12AFA7D-0F5B-4159-9C87-F556F53BC158} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {C5BAF38D-99DD-4513-90F8-8FBEA6039851} - \Traffic Exchange v2 - 2 -> No File <==== ATTENTION
Task: {D8677A03-9DFA-4A86-87BE-8323F23FA24C} - \Traffic Exchange v209 - 1 -> No File <==== ATTENTION
Task: {EBD358FB-92CD-4FC7-8091-2936BB30D099} - \System Healer Task -> No File <==== ATTENTION
Task: {FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} - \Traffic Exchange v209 - 2 -> No File <==== ATTENTION
S2 windowsmanagementservice; C:\Users\Sokol\AppData\Local\Temp\20170323\ct.exe [851456 2017-03-23] () [File not signed] <==== ATTENTION <==== ATTENTION
AlternateDataStreams: C:\Users\Sokol\AppData\Local\Temporary Internet Files:dvPLDTRQABBTJtZ6 [2096]
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value removed successfully
HKLM\System\ControlSet001\Services\windowsmanagementservice => key removed successfully
windowsmanagementservice => service removed successfully
HKLM\System\ControlSet001\Services\Dataup => key removed successfully
Dataup => service removed successfully
HKLM\System\ControlSet001\Services\drmkpro64 => key removed successfully
drmkpro64 => service removed successfully

=========================  bcdedit ========================


The operation completed successfully.

========= End of bcdedit =========

Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
"C:\Program Files (x86)\cpx" => not found.
C:\Users\Sokol\AppData\Local\Temp\20170323 => moved successfully
"C:\PROGRA~2\dataup" => not found.
C:\Windows\System32\drivers\drmkpro64.sys => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value removed successfully
"C:\Program Files (x86)\svcvmx" => not found.
C:\Windows\system32\tprdpw32.exe => moved successfully
C:\Program Files (x86)\s5 => moved successfully
C:\ProgramData\TEMP => ":054203E4" ADS removed successfully.
C:\Users\Sokol\AppData\Local\Temporary Internet Files => ":dvPLDTRQABBTJtZ6" ADS removed successfully.
Torch (HKU\S-1-5-21-399097656-3941740853-1436833426-1000\...\Torch) (Version: 51.0.0.11603 - Torch Media, Inc) <==== ATTENTION => Error: No automatic fix found for this entry.
Task: {121306DF-5224-45C7-A7C7-905E0BCBA351} - System32\Tasks\RunAsStdUser Task => C:\Users\Sokol\AppData\Local\gameflakeSA\bin\1.0.11.0\GameFlakeSA.exe  <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {1A698E25-C15B-4A4E-A2D2-CC440AB084A7} - \Traffic Exchange v209 - 3 -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} - \HDWallPaper -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} - \Traffic Exchange Guard -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {59730F6C-ED39-487B-8514-7BA6B2024E01} - \SystemHealer Run Delay -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {6B3F39AD-4483-410B-9937-150688E0F222} - \{0A7F0C47-7D0D-0C7A-7D11-0D080C0E1179} -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} - \Traffic Exchange Guardian -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {81719183-C3BF-4FB9-A3BC-72E6B073DA65} - \PPI Update -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} - \Traffic Exchange Updater -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {942FDD22-0493-4AF8-9F76-D6C282B1A964} - \BuzzSocialPoints_DNS_Checker -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {9795A737-458C-4045-A9B2-08037BB7C751} - \Traffic Exchange v2 - 1 -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {9C98DB7F-0115-4289-B7F4-A195848865C0} - \Traffic Exchange -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {AB866182-D1F9-478E-B424-418665AD4D6B} - \Traffic Exchange v2 - 3 -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {C12AFA7D-0F5B-4159-9C87-F556F53BC158} - \SystemHealer Monitor -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {C5BAF38D-99DD-4513-90F8-8FBEA6039851} - \Traffic Exchange v2 - 2 -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {D8677A03-9DFA-4A86-87BE-8323F23FA24C} - \Traffic Exchange v209 - 1 -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {EBD358FB-92CD-4FC7-8091-2936BB30D099} - \System Healer Task -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} - \Traffic Exchange v209 - 2 -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
C:\Users\Sokol\AppData\Local\Oxy\Application\bin\start.cmd => not found.
Task: {1A698E25-C15B-4A4E-A2D2-CC440AB084A7} - \Traffic Exchange v209 - 3 -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} - \HDWallPaper -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} - \Traffic Exchange Guard -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {59730F6C-ED39-487B-8514-7BA6B2024E01} - \SystemHealer Run Delay -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {6B3F39AD-4483-410B-9937-150688E0F222} - \{0A7F0C47-7D0D-0C7A-7D11-0D080C0E1179} -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} - \Traffic Exchange Guardian -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {81719183-C3BF-4FB9-A3BC-72E6B073DA65} - \PPI Update -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} - \Traffic Exchange Updater -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {942FDD22-0493-4AF8-9F76-D6C282B1A964} - \BuzzSocialPoints_DNS_Checker -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {9795A737-458C-4045-A9B2-08037BB7C751} - \Traffic Exchange v2 - 1 -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {9C98DB7F-0115-4289-B7F4-A195848865C0} - \Traffic Exchange -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {AB866182-D1F9-478E-B424-418665AD4D6B} - \Traffic Exchange v2 - 3 -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {C12AFA7D-0F5B-4159-9C87-F556F53BC158} - \SystemHealer Monitor -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {C5BAF38D-99DD-4513-90F8-8FBEA6039851} - \Traffic Exchange v2 - 2 -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {D8677A03-9DFA-4A86-87BE-8323F23FA24C} - \Traffic Exchange v209 - 1 -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {EBD358FB-92CD-4FC7-8091-2936BB30D099} - \System Healer Task -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} - \Traffic Exchange v209 - 2 -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
windowsmanagementservice => service not found.
"C:\Users\Sokol\AppData\Local\Temporary Internet Files" => ":dvPLDTRQABBTJtZ6" ADS not found.

==== End of Fixlog 12:46:30 ====



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:59 AM

Posted 25 March 2017 - 03:30 PM

Lets remove what was not. This time in Normal Mode. Do not have to use the copy of FRST in the USB.

  • Copy the entire contents of the Quote Box below to Notepad.

Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Task: {121306DF-5224-45C7-A7C7-905E0BCBA351} - System32\Tasks\RunAsStdUser Task => C:\Users\Sokol\AppData\Local\gameflakeSA\bin\1.0.11.0\GameFlakeSA.exe  <==== ATTENTION
Task: {1A698E25-C15B-4A4E-A2D2-CC440AB084A7} - \Traffic Exchange v209 - 3 -> No File <==== ATTENTION
Task: {4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} - \HDWallPaper -> No File <==== ATTENTION
Task: {539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} - \Traffic Exchange Guard -> No File <==== ATTENTION
Task: {59730F6C-ED39-487B-8514-7BA6B2024E01} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {6B3F39AD-4483-410B-9937-150688E0F222} - \{0A7F0C47-7D0D-0C7A-7D11-0D080C0E1179} -> No File <==== ATTENTION
Task: {6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} - \Traffic Exchange Guardian -> No File <==== ATTENTION
Task: {81719183-C3BF-4FB9-A3BC-72E6B073DA65} - \PPI Update -> No File <==== ATTENTION
Task: {870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} - \Traffic Exchange Updater -> No File <==== ATTENTION
Task: {942FDD22-0493-4AF8-9F76-D6C282B1A964} - \BuzzSocialPoints_DNS_Checker -> No File <==== ATTENTION
Task: {9795A737-458C-4045-A9B2-08037BB7C751} - \Traffic Exchange v2 - 1 -> No File <==== ATTENTION
Task: {9C98DB7F-0115-4289-B7F4-A195848865C0} - \Traffic Exchange -> No File <==== ATTENTION
Task: {AB866182-D1F9-478E-B424-418665AD4D6B} - \Traffic Exchange v2 - 3 -> No File <==== ATTENTION
Task: {C12AFA7D-0F5B-4159-9C87-F556F53BC158} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {C5BAF38D-99DD-4513-90F8-8FBEA6039851} - \Traffic Exchange v2 - 2 -> No File <==== ATTENTION
Task: {D8677A03-9DFA-4A86-87BE-8323F23FA24C} - \Traffic Exchange v209 - 1 -> No File <==== ATTENTION
Task: {EBD358FB-92CD-4FC7-8091-2936BB30D099} - \System Healer Task -> No File <==== ATTENTION
Task: {FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} - \Traffic Exchange v209 - 2 -> No File <==== ATTENTION
Task: {1A698E25-C15B-4A4E-A2D2-CC440AB084A7} - \Traffic Exchange v209 - 3 -> No File <==== ATTENTION
Task: {4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} - \HDWallPaper -> No File <==== ATTENTION
Task: {539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} - \Traffic Exchange Guard -> No File <==== ATTENTION
Task: {59730F6C-ED39-487B-8514-7BA6B2024E01} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {6B3F39AD-4483-410B-9937-150688E0F222} - \{0A7F0C47-7D0D-0C7A-7D11-0D080C0E1179} -> No File <==== ATTENTION
Task: {6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} - \Traffic Exchange Guardian -> No File <==== ATTENTION
Task: {81719183-C3BF-4FB9-A3BC-72E6B073DA65} - \PPI Update -> No File <==== ATTENTION
Task: {870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} - \Traffic Exchange Updater -> No File <==== ATTENTION
Task: {942FDD22-0493-4AF8-9F76-D6C282B1A964} - \BuzzSocialPoints_DNS_Checker -> No File <==== ATTENTION
Task: {9795A737-458C-4045-A9B2-08037BB7C751} - \Traffic Exchange v2 - 1 -> No File <==== ATTENTION
Task: {9C98DB7F-0115-4289-B7F4-A195848865C0} - \Traffic Exchange -> No File <==== ATTENTION
Task: {AB866182-D1F9-478E-B424-418665AD4D6B} - \Traffic Exchange v2 - 3 -> No File <==== ATTENTION
Task: {C12AFA7D-0F5B-4159-9C87-F556F53BC158} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {C5BAF38D-99DD-4513-90F8-8FBEA6039851} - \Traffic Exchange v2 - 2 -> No File <==== ATTENTION
Task: {D8677A03-9DFA-4A86-87BE-8323F23FA24C} - \Traffic Exchange v209 - 1 -> No File <==== ATTENTION
Task: {EBD358FB-92CD-4FC7-8091-2936BB30D099} - \System Healer Task -> No File <==== ATTENTION
Task: {FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} - \Traffic Exchange v209 - 2 -> No File <==== ATTENTION

  • Name the file as Fixlist.txt
  • Change the Save as Type to All Files
  • and Save it in the same location FRST64 is saved in the computer
  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Edited by JSntgRvr, 25 March 2017 - 03:34 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 foreigner00

foreigner00
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 25 March 2017 - 05:19 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Sokol (25-03-2017 16:50:15) Run:4
Running from C:\Users\Sokol\Desktop\New folder (7)
Loaded Profiles: Sokol (Available Profiles: Sokol & Vera & Guest & Classic .NET AppPool & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Task: {121306DF-5224-45C7-A7C7-905E0BCBA351} - System32\Tasks\RunAsStdUser Task => C:\Users\Sokol\AppData\Local\gameflakeSA\bin\1.0.11.0\GameFlakeSA.exe  <==== ATTENTION
Task: {1A698E25-C15B-4A4E-A2D2-CC440AB084A7} - \Traffic Exchange v209 - 3 -> No File <==== ATTENTION
Task: {4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} - \HDWallPaper -> No File <==== ATTENTION
Task: {539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} - \Traffic Exchange Guard -> No File <==== ATTENTION
Task: {59730F6C-ED39-487B-8514-7BA6B2024E01} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {6B3F39AD-4483-410B-9937-150688E0F222} - \{0A7F0C47-7D0D-0C7A-7D11-0D080C0E1179} -> No File <==== ATTENTION
Task: {6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} - \Traffic Exchange Guardian -> No File <==== ATTENTION
Task: {81719183-C3BF-4FB9-A3BC-72E6B073DA65} - \PPI Update -> No File <==== ATTENTION
Task: {870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} - \Traffic Exchange Updater -> No File <==== ATTENTION
Task: {942FDD22-0493-4AF8-9F76-D6C282B1A964} - \BuzzSocialPoints_DNS_Checker -> No File <==== ATTENTION
Task: {9795A737-458C-4045-A9B2-08037BB7C751} - \Traffic Exchange v2 - 1 -> No File <==== ATTENTION
Task: {9C98DB7F-0115-4289-B7F4-A195848865C0} - \Traffic Exchange -> No File <==== ATTENTION
Task: {AB866182-D1F9-478E-B424-418665AD4D6B} - \Traffic Exchange v2 - 3 -> No File <==== ATTENTION
Task: {C12AFA7D-0F5B-4159-9C87-F556F53BC158} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {C5BAF38D-99DD-4513-90F8-8FBEA6039851} - \Traffic Exchange v2 - 2 -> No File <==== ATTENTION
Task: {D8677A03-9DFA-4A86-87BE-8323F23FA24C} - \Traffic Exchange v209 - 1 -> No File <==== ATTENTION
Task: {EBD358FB-92CD-4FC7-8091-2936BB30D099} - \System Healer Task -> No File <==== ATTENTION
Task: {FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} - \Traffic Exchange v209 - 2 -> No File <==== ATTENTION
Task: {1A698E25-C15B-4A4E-A2D2-CC440AB084A7} - \Traffic Exchange v209 - 3 -> No File <==== ATTENTION
Task: {4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} - \HDWallPaper -> No File <==== ATTENTION
Task: {539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} - \Traffic Exchange Guard -> No File <==== ATTENTION
Task: {59730F6C-ED39-487B-8514-7BA6B2024E01} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {6B3F39AD-4483-410B-9937-150688E0F222} - \{0A7F0C47-7D0D-0C7A-7D11-0D080C0E1179} -> No File <==== ATTENTION
Task: {6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} - \Traffic Exchange Guardian -> No File <==== ATTENTION
Task: {81719183-C3BF-4FB9-A3BC-72E6B073DA65} - \PPI Update -> No File <==== ATTENTION
Task: {870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} - \Traffic Exchange Updater -> No File <==== ATTENTION
Task: {942FDD22-0493-4AF8-9F76-D6C282B1A964} - \BuzzSocialPoints_DNS_Checker -> No File <==== ATTENTION
Task: {9795A737-458C-4045-A9B2-08037BB7C751} - \Traffic Exchange v2 - 1 -> No File <==== ATTENTION
Task: {9C98DB7F-0115-4289-B7F4-A195848865C0} - \Traffic Exchange -> No File <==== ATTENTION
Task: {AB866182-D1F9-478E-B424-418665AD4D6B} - \Traffic Exchange v2 - 3 -> No File <==== ATTENTION
Task: {C12AFA7D-0F5B-4159-9C87-F556F53BC158} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {C5BAF38D-99DD-4513-90F8-8FBEA6039851} - \Traffic Exchange v2 - 2 -> No File <==== ATTENTION
Task: {D8677A03-9DFA-4A86-87BE-8323F23FA24C} - \Traffic Exchange v209 - 1 -> No File <==== ATTENTION
Task: {EBD358FB-92CD-4FC7-8091-2936BB30D099} - \System Healer Task -> No File <==== ATTENTION
Task: {FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} - \Traffic Exchange v209 - 2 -> No File <==== ATTENTION
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{121306DF-5224-45C7-A7C7-905E0BCBA351} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{121306DF-5224-45C7-A7C7-905E0BCBA351} => key removed successfully
C:\Windows\System32\Tasks\RunAsStdUser Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A698E25-C15B-4A4E-A2D2-CC440AB084A7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A698E25-C15B-4A4E-A2D2-CC440AB084A7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 3 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDWallPaper => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Guard => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59730F6C-ED39-487B-8514-7BA6B2024E01} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59730F6C-ED39-487B-8514-7BA6B2024E01} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B3F39AD-4483-410B-9937-150688E0F222} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B3F39AD-4483-410B-9937-150688E0F222} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0A7F0C47-7D0D-0C7A-7D11-0D080C0E1179} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Guardian => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81719183-C3BF-4FB9-A3BC-72E6B073DA65} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81719183-C3BF-4FB9-A3BC-72E6B073DA65} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPI Update => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Updater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{942FDD22-0493-4AF8-9F76-D6C282B1A964} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{942FDD22-0493-4AF8-9F76-D6C282B1A964} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BuzzSocialPoints_DNS_Checker => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9795A737-458C-4045-A9B2-08037BB7C751} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9795A737-458C-4045-A9B2-08037BB7C751} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C98DB7F-0115-4289-B7F4-A195848865C0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C98DB7F-0115-4289-B7F4-A195848865C0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB866182-D1F9-478E-B424-418665AD4D6B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB866182-D1F9-478E-B424-418665AD4D6B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 3 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C12AFA7D-0F5B-4159-9C87-F556F53BC158} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C12AFA7D-0F5B-4159-9C87-F556F53BC158} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5BAF38D-99DD-4513-90F8-8FBEA6039851} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5BAF38D-99DD-4513-90F8-8FBEA6039851} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8677A03-9DFA-4A86-87BE-8323F23FA24C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8677A03-9DFA-4A86-87BE-8323F23FA24C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBD358FB-92CD-4FC7-8091-2936BB30D099} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBD358FB-92CD-4FC7-8091-2936BB30D099} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A698E25-C15B-4A4E-A2D2-CC440AB084A7} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 3 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F2883AB-CA7E-4F55-BBC9-ADBBBE8EDD12} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDWallPaper => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{539B8387-1E9D-40D9-A7EF-0EB8B05FCC67} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Guard => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59730F6C-ED39-487B-8514-7BA6B2024E01} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B3F39AD-4483-410B-9937-150688E0F222} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0A7F0C47-7D0D-0C7A-7D11-0D080C0E1179} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CEF41F6-5856-45C2-AC5F-EFB7A3F47BB9} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Guardian => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81719183-C3BF-4FB9-A3BC-72E6B073DA65} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPI Update => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{870D2092-44DA-4B4C-B3AA-9D1B660ED6CA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Updater => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{942FDD22-0493-4AF8-9F76-D6C282B1A964} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BuzzSocialPoints_DNS_Checker => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9795A737-458C-4045-A9B2-08037BB7C751} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 1 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C98DB7F-0115-4289-B7F4-A195848865C0} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB866182-D1F9-478E-B424-418665AD4D6B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 3 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C12AFA7D-0F5B-4159-9C87-F556F53BC158} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5BAF38D-99DD-4513-90F8-8FBEA6039851} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v2 - 2 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8677A03-9DFA-4A86-87BE-8323F23FA24C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 1 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBD358FB-92CD-4FC7-8091-2936BB30D099} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC56F2D7-9088-4B62-AD8E-0F93A757C3CF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 2 => key not found.

==== End of Fixlog 16:50:18 ====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Ultimate x64
Ran by Sokol (Administrator) on Sat 03/25/2017 at 16:52:54.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 17

Failed to delete: C:\Users\Sokol\AppData\Local\torch (Folder)
Successfully deleted: C:\ProgramData\torchcrashhandler (Folder)
Successfully deleted: C:\users\Public\Documents\guid (Folder)
Successfully deleted: C:\Users\Sokol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\torch.lnk (Shortcut)
Successfully deleted: C:\Users\Sokol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\torch.lnk (Shortcut)
Successfully deleted: C:\Users\Sokol\AppData\Roaming\videoplayer (Folder)
Successfully deleted: C:\Users\Sokol\Start Menu\Programs\torch.lnk (Shortcut)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\myfree codec (Folder)
Successfully deleted: C:\Users\Sokol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1BI0CY2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sokol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFWK05JN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sokol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LN0GOWM7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sokol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SNDWUGBL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1BI0CY2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFWK05JN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LN0GOWM7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SNDWUGBL (Temporary Internet Files Folder)



Registry: 3

Successfully deleted: HKLM\Software\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj (Registry Key)
Successfully deleted: HKLM\Software\MozillaPlugins\torchvlc (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/25/2017 at 16:56:26.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v6.044 - Logfile created 25/03/2017 at 17:14:34
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-23.2 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Sokol - SOKOL-PC
# Running from : C:\Users\Sokol\Desktop\adwcleaner_6.044.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Sokol\AppData\Local\torch
[-] Folder deleted: C:\Users\Sokol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
[-] Folder deleted: C:\Users\Guest\AppData\Local\Oxy
[-] Folder deleted: C:\Users\Guest\AppData\Roaming\Oxy
[-] Folder deleted: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Folder deleted: C:\quardata


***** [ Files ] *****

[-] File deleted: C:\Users\Sokol\Documents\ReimageRepair.exe
[-] File deleted: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oxy.lnk
[-] File deleted: C:\Users\Guest\Desktop\Oxy.lnk
[-] File deleted: C:\Users\Guest\Desktop\Oxy-Downloader.lnk
[-] File deleted: C:\Users\Guest\Desktop\PileFile.lnk
[-] File deleted: C:\Windows\SysNative\NetUtils2016.dll
[-] File deleted: C:\TOSTACK


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\Vera\Desktop\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Vera\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Vera\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Vera\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk


***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup
[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\dataup
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\dataup
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKU\S-1-5-21-399097656-3941740853-1436833426-1000\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-399097656-3941740853-1436833426-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-399097656-3941740853-1436833426-1000\Software\Myfree Codec
[-] Key deleted: HKU\S-1-5-21-399097656-3941740853-1436833426-1000\Software\torch
[-] Key deleted: HKU\S-1-5-21-399097656-3941740853-1436833426-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key deleted: HKU\S-1-5-21-399097656-3941740853-1436833426-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-399097656-3941740853-1436833426-1000\Software\SweetIM
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-399097656-3941740853-1436833426-1000\Software\Updater By Sweetpacks
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\Myfree Codec
[#] Key deleted on reboot: HKCU\Software\torch
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
[-] Key deleted: HKLM\SOFTWARE\AVG Secure Search
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\dlQUE
[-] Key deleted: HKLM\SOFTWARE\Myfree Codec
[-] Key deleted: HKLM\SOFTWARE\PIP
[-] Key deleted: HKLM\SOFTWARE\torch
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-399097656-3941740853-1436833426-1000\Software\SweetIM
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-399097656-3941740853-1436833426-1000\Software\Updater By Sweetpacks
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\Myfree Codec
[#] Key deleted on reboot: [x64] HKCU\Software\torch
[-] Key deleted: [x64] HKLM\SOFTWARE\HDWallpaper
[-] Key deleted: [x64] HKLM\SOFTWARE\DtsEncodeTools
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\Torch.exe
[-] Key deleted: HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Web browsers ] *****

[-] [C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\Sokol\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fnhfdmnphmbbjbgppnpcddkefmeokfho
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9244 Bytes] - [25/03/2017 17:14:34]
C:\AdwCleaner\AdwCleaner[S0].txt - [8958 Bytes] - [25/03/2017 17:05:54]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9390 Bytes] ##########
 



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:59 AM

Posted 25 March 2017 - 06:21 PM

How is the computer doing so far.

 

favicon-32x32.png Please download Malwarebytes to your desktop.
 
Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
 
Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
 
The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.
 
10a.png
 
After a scan has been executed, scan results are displayed as shown below. In this scan, three threats were detected.
 
13a.png
 
Put a checkmark on all detected and click on "Quarantine Selected"
 
18a.png
 
Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.
 
19a.png
 
Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents in a reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 foreigner00

foreigner00
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 25 March 2017 - 11:15 PM

Ok that was weird. A few minutes ago I was about post the results you asked for and as soon as I typed "Running pretty good for it's age", the laptop froze up and nothing worked. Not even the control, alt, delete. had reboot by holding the power button. Other than that it's running good, can't thank you enough.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/25/17
Scan Time: 10:18 PM
Logfile: Malwarebytes scan.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1394
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sokol-PC\Sokol

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 572439
Time Elapsed: 19 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Disabled
PUM: Disabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 6
Spyware.Boaxxe, C:\PROGRAM FILES (X86)\MICROSOFT TOOLKIT FINAL\WINDOWS_ACTIVATON.EXE, Quarantined, [49], [381727],1.0.1394
PUP.Optional.Amonetize, C:\PROGRAM FILES (X86)\MICROSOFT TOOLKIT FINAL\MICROSOFT TOOLKIT 2.6.6__9465_IL19.EXE, Quarantined, [13], [381948],1.0.1394
RiskWare.HeuristicsReservedWordExploit, C:\USERS\SOKOL\DESKTOP\EXPLORER.EXE, Quarantined, [18043], [293543],1.0.1394
PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\MICROSOFT TOOLKIT FINAL\ADAGENT-BUILD1201.EXE, Quarantined, [8], [380488],1.0.1394
PUP.Optional.Amonetize, C:\PROGRAM FILES (X86)\MICROSOFT TOOLKIT FINAL\SETUP ACTIVATION.EXE, Quarantined, [13], [344466],1.0.1394
PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\MICROSOFT TOOLKIT FINAL\WINDOWS_REG_AC.EXE, Quarantined, [8], [80770],1.0.1394

Physical Sector: 0
(No malicious items detected)


(end)



#12 foreigner00

foreigner00
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 26 March 2017 - 12:20 AM

It just happened again while I was watching a trailer online. Froze up with the sound repeating that split second and nothing I could do but hit the power button.



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:59 AM

Posted 01 April 2017 - 02:29 PM

Sorry, missed your post.

 

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.


Post the ESET log.txt report.

Don't forget to re-enable previously switched-off protection software!


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:59 AM

Posted 04 April 2017 - 04:42 PM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:59 AM

Posted 06 April 2017 - 08:23 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users