Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run any exe file or program on my windows 10 laptop


  • This topic is locked This topic is locked
42 replies to this topic

#1 Databuff

Databuff

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 10 August 2017 - 01:01 PM

Hi All,

Please i need your urgent help.

1, my laptop was infected by the virus "the requested resource is in use " with svcmcx and vmxclient processes running.
2, Now I can't run any program nor any exe file.
Things done
I have tried to follow some of the guides here to no avail. This was prior to not been able to run any program.

Please assist me. My work has stalled.

Looking forward to a favorable response.
Thanks

BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:20 PM

Posted 10 August 2017 - 02:10 PM

Hi Databuff,

 

My name is Ray and I'll be assisting you with your issue. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

Ray
 


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 Databuff

Databuff
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 11 August 2017 - 10:44 AM

Hi Rays,
Thank you for your response, and so sorry for the unusual delayed response. I had an emergency I had to attend to.

I am ready now, please.

#4 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:20 PM

Posted 12 August 2017 - 02:58 AM

Hi Databuff,
 
I need you to scan your PC using Farbar Recovery Scan Tool (FRST).
 
Please download the tool from here and rename it FRST.com before you launch it. Be sure to download the 64-bit version if your version of Windows 10 is 64 bit.
 
After you rename the tool, double-click on FRST.com. Don't change any of the checkmarked options. Just click Scan. You can see more info about the tool in the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help by Lawrence Abrams.

 

FRST.com will produce two logs: FRST.txt and Addition.txt. Please copy and paste the entire contents of both logs into the body of your reply (don't attach them).

 

Please also confirm whether Notepad will open. Press the Start key and type Notepad. Then click on "Notepad" in the search results. No need to actually create any document. Just tell me whether Notepad opens normally.

 

If you encounter any problems, please  give me a complete description of what you see, including verbatim copy of all error messages (if any).

 

Summary

  • Copy and paste FRST.txt and Addition.txt into your reply.
  • Confirm whether Notepad opens.
  • Fully describe any problems you encounter.

 

Thank you,

 

Ray

 

Edit: Added question about Notepad.


Edited by RayS, 12 August 2017 - 05:01 AM.

I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:20 PM

Posted 15 August 2017 - 09:26 PM

Hi Databuff,

3 Day Bump

It has been 3 days since my last post.

  • Do you still need help with this? If not, please let me know as soon as possible. Other people are requesting my help.
  • If you will be away for an extended period, please let me know in advance.
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#6 Databuff

Databuff
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 18 August 2017 - 01:41 PM

Hi RayS,

 

            I still do need your help.

            I have haven't responded since because I have been swamped by many issues, and I by no means minimize the importance of your assistance.

            I have started running the tool, and shall send the generated reports.

            This time, no more distractions from my end.

            Truly grateful.

 

Databuff



#7 Databuff

Databuff
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 18 August 2017 - 01:46 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-08-2017
Ran by Nkem (administrator) on HILLFOCUS-NKEM (18-08-2017 14:35:34)
Running from C:\Users\Nkem\Desktop
Loaded Profiles: Nkem & ReportServer$MSSQLSERVERPROD & MSOLAP$MSSQLSERVERPROD & DefaultAppPool (Available Profiles: Nkem & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & ReportServer$MSSQLSERVERPROD & MsDtsServer120 & MSSQLSERVER & MSOLAP$MSSQLSERVERPROD & MSSQLFDLauncher$MSSQLSERVERPROD & MSSQL$MSSQLSERVERPROD & DemoApp & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalwareService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER2014\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Outlook.TelemetryService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantDisplayService.exe
() C:\MongoDB\Server\3.0\bin\mongod.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER2014\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVERPROD\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER2014\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVERPROD\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER2014\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER2014\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER2014\MSSQL\Binn\SQLAGENT.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Windows\System32\tprdpw64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Users\Nkem\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
() C:\Users\Nkem\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Nkem\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1439_none_7efe016621f50bd0\TiWorker.exe
() C:\Users\Nkem\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Nkem\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Nkem\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Farbar) C:\Users\Nkem\Desktop\FRST.com
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2014-09-15] (Intel Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM-x32\...\Run: [cpx] => "C:\Users\Nkem\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\Nkem\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
HKLM-x32\...\Run: [Stronghold AntiMalware] => C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe [9167456 2017-07-07] ()
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-80-3601417626-1787677323-2746304910-1752982994-1612513421\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-80-4172529921-2013222826-1004157458-3856387818-1685295101\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
Startup: C:\Users\Nkem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\importantupdates.vbs [2017-07-05] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6615da8e-9c3e-4ef7-86cb-92ff0ec22be3}: [DhcpNameServer] 192.168.40.1
Tcpip\..\Interfaces\{8134f1f4-5f74-4296-8776-ae8487f5d387}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-3882979512-183718844-2655391270-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131436878677659186&GUID=F8B5603E-6BF9-4F49-B78D-B646B2B07099
HKU\S-1-5-21-3882979512-183718844-2655391270-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-3882979512-183718844-2655391270-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3882979512-183718844-2655391270-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-07-04] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-04] (Oracle Corporation)
Handler: crmolk - {30C1F68E-AD06-4845-8CFD-8573822E96AB} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: crmolk - {30C1F68E-AD06-4845-8CFD-8573822E96AB} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Nkem\AppData\Roaming\Mozilla\Firefox\Profiles\ssgdqb6p.default-1442594177680 [2017-07-20]
FF user.js: detected! => C:\Users\Nkem\AppData\Roaming\Mozilla\Firefox\Profiles\ssgdqb6p.default-1442594177680\user.js [2017-05-10]
FF Extension: (Tables) - C:\Users\Nkem\AppData\Roaming\Mozilla\Firefox\Profiles\ssgdqb6p.default-1442594177680\Extensions\455574@extcorp.com.xpi [2017-06-24]
FF Extension: (ADB Helper) - C:\Users\Nkem\AppData\Roaming\Mozilla\Firefox\Profiles\ssgdqb6p.default-1442594177680\Extensions\adbhelper@mozilla.org [2017-07-04]
FF Extension: (Firebug) - C:\Users\Nkem\AppData\Roaming\Mozilla\Firefox\Profiles\ssgdqb6p.default-1442594177680\Extensions\firebug@software.joehewitt.com.xpi [2017-07-04]
FF Extension: (Valence) - C:\Users\Nkem\AppData\Roaming\Mozilla\Firefox\Profiles\ssgdqb6p.default-1442594177680\Extensions\fxdevtools-adapters@mozilla.org [2017-07-04]
FF Extension: (Video DownloadHelper) - C:\Users\Nkem\AppData\Roaming\Mozilla\Firefox\Profiles\ssgdqb6p.default-1442594177680\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-07-04]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\Nkem\AppData\Roaming\Mozilla\Firefox\Profiles\ssgdqb6p.default-1442594177680\features\{860c402c-bb37-4e09-aa0c-656cea178a98}\malware-remediation@mozilla.org.xpi [2017-07-04]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: (FiddlerHook) - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-10-06] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3882979512-183718844-2655391270-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Nkem\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-18] (Citrix Online)
FF Plugin HKU\S-1-5-21-3882979512-183718844-2655391270-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\Nkem\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-11-23] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nkem\AppData\Local\Google\Chrome\User Data\Default [2017-07-20]
CHR Extension: (Adobe Acrobat) - C:\Users\Nkem\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nkem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-14]
CHR Extension: (Chrome Media Router) - C:\Users\Nkem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"drmkpro64" => service could not be unlocked. <==== ATTENTION
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2016-09-05] (Microsoft Corporation)
R2 CrmClientTelemetryService; C:\Program Files (x86)\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Outlook.TelemetryService.exe [39128 2017-04-17] (Microsoft Corporation)
R2 CrmSqlStartupSvc; C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [34520 2017-04-17] (Microsoft Corporation)
R2 DptfParticipantDisplayService; C:\WINDOWS\System32\DptfParticipantDisplayService.exe [141944 2014-09-15] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [115656 2014-09-15] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [116680 2014-09-15] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [148160 2014-09-15] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [124904 2014-09-15] (Intel Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 MongoDB3v302; C:\mongodb\Server\3.0\bin\mongod.exe [19124736 2016-01-11] () [File not signed]
S2 MsDtsServer120; C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe [216768 2016-05-27] (Microsoft Corporation)
R2 MSOLAP$MSSQLSERVERPROD; C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVERPROD\OLAP\bin\msmdsrv.exe [51170496 2016-05-27] (Microsoft Corporation)
S2 MSSQL$MSSQLSERVERPROD; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVERPROD\MSSQL\Binn\sqlservr.exe [370368 2016-05-27] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER2014\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
S3 MSSQLFDLauncher$MSSQLSERVERPROD; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVERPROD\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER2014\MSSQL\Binn\sqlservr.exe [370368 2016-05-27] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER2014\OLAP\bin\msmdsrv.exe [51170496 2016-05-27] (Microsoft Corporation)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER2014\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2468032 2016-05-27] (Microsoft Corporation)
R2 ReportServer$MSSQLSERVERPROD; C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVERPROD\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2468032 2016-05-27] (Microsoft Corporation)
R2 ServiceSAM; C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalwareService.exe [3657312 2017-07-07] ()
S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [163680 2017-06-15] (Sophos Limited)
S2 SpyRemoverService; C:\Program Files (x86)\Support King LLC\SpyRemover Pro\Service\SpyRemoverService.exe [27120 2017-07-07] ()
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayClient\DReplayClient.exe [139968 2014-02-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\120\Tools\DReplayController\DReplayController.exe [345280 2014-02-21] (Microsoft Corporation)
S3 SQLAgent$MSSQLSERVERPROD; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVERPROD\MSSQL\Binn\SQLAGENT.EXE [613056 2016-05-27] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER2014\MSSQL\Binn\SQLAGENT.EXE [613056 2016-05-27] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [203264 2016-07-16] (Microsoft Corporation)
S2 Dataup; C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
S2 windowsmanagementservice; C:\Users\Nkem\AppData\Local\bcfsuru\atlhwb\ct.exe [X] <==== ATTENTION
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMFsFilter; C:\WINDOWS\System32\DRIVERS\AMFsFilter.sys [26208 2017-07-07] (Security Stronghold)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [70752 2014-09-15] (Intel Corporation)
R3 DptfDevDram; C:\WINDOWS\system32\DRIVERS\DptfDevDram.sys [145640 2014-09-15] (Intel Corporation)
S3 DptfDevFan; C:\WINDOWS\System32\drivers\DptfDevFan.sys [50640 2014-09-15] (Intel Corporation)
S3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [78504 2014-09-15] (Intel Corporation)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [116752 2014-09-15] (Intel Corporation)
S3 DptfDevPower; C:\WINDOWS\System32\drivers\DptfDevPower.sys [71808 2014-09-15] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [290256 2014-09-15] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [495320 2014-09-15] (Intel Corporation)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-07-20] (Greatis Software)
S4 RsFx0301; C:\WINDOWS\System32\DRIVERS\RsFx0301.sys [249024 2016-05-27] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-01] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43920 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-28] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205952 2017-04-28] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-07-06] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-06] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-18 14:35 - 2017-08-18 14:35 - 000024284 _____ C:\Users\Nkem\Desktop\FRST.txt
2017-08-18 14:35 - 2017-08-18 14:35 - 000000000 ____D C:\FRST
2017-08-18 14:20 - 2017-08-18 14:27 - 002395648 _____ (Farbar) C:\Users\Nkem\Desktop\FRST.com
2017-07-26 14:46 - 2017-07-26 14:46 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Nkem\Desktop\esetonlinescanner_enu.exe
2017-07-26 14:13 - 2017-07-26 14:13 - 000000000 ____D C:\WINDOWS\Panther
2017-07-23 04:59 - 2017-07-23 05:00 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Nkem\Desktop\explorer.exe
2017-07-22 03:07 - 2017-07-22 03:07 - 000000000 ____D C:\ProgramData\Sophos
2017-07-22 03:05 - 2017-07-22 03:05 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-07-22 03:05 - 2017-07-22 03:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-07-22 03:05 - 2017-07-22 03:05 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-07-22 02:59 - 2017-07-22 03:04 - 172340488 _____ (Sophos Limited) C:\Users\Nkem\Desktop\Sophos Virus Removal Tool.exe
2017-07-22 02:42 - 2017-07-22 02:42 - 000001379 _____ C:\Users\Nkem\Desktop\Stronghold AntiMalware.lnk
2017-07-22 02:42 - 2017-07-22 02:42 - 000000000 ____D C:\Program Files (x86)\Stronghold AntiMalware
2017-07-22 02:42 - 2017-07-07 15:31 - 000026208 _____ (Security Stronghold) C:\WINDOWS\system32\Drivers\AMFsFilter.sys
2017-07-22 02:19 - 2017-07-26 14:21 - 000000000 ____D C:\Users\Nkem\AppData\Local\llssoft
2017-07-21 00:57 - 2017-07-21 00:59 - 155325928 _____ C:\Users\Nkem\Downloads\psalms.exe
2017-07-20 20:54 - 2017-06-21 02:53 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe
2017-07-20 20:53 - 2017-03-28 01:34 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdp.dll
2017-07-20 20:52 - 2017-03-28 01:38 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevToolsLauncher.exe
2017-07-20 20:52 - 2017-03-28 01:34 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperToolsSvc.exe
2017-07-20 20:52 - 2016-12-21 03:10 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2017-07-20 20:52 - 2016-12-21 03:09 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2017-07-20 20:52 - 2016-12-21 03:08 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2017-07-20 20:52 - 2016-12-21 03:08 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2017-07-20 17:01 - 2017-07-22 02:19 - 000000000 ____D C:\Users\Nkem\AppData\Local\ntuserlitelist
2017-07-20 16:00 - 2017-07-20 16:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2017-07-20 14:08 - 2017-07-23 04:17 - 000003360 _____ C:\Users\Nkem\Desktop\Rkill.txt
2017-07-20 14:04 - 2017-07-20 14:08 - 002107392 _____ (Bleeping Computer, LLC) C:\Users\Nkem\Downloads\lelo.exe
2017-07-20 13:08 - 2017-07-20 13:08 - 000002139 _____ C:\Users\Nkem\Desktop\SpyRemover Pro.lnk
2017-07-20 13:08 - 2017-07-20 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Support King LLC
2017-07-20 13:08 - 2017-07-20 13:08 - 000000000 ____D C:\Program Files (x86)\Support King LLC
2017-07-20 13:06 - 2017-07-20 13:06 - 002880456 _____ (Support King LLC) C:\Users\Nkem\Desktop\SpyRemoverPro.exe
2017-07-20 11:50 - 2017-07-20 11:50 - 053792976 _____ (Kaspersky Lab AO) C:\Users\Nkem\Desktop\kkjm.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-18 14:38 - 2017-07-06 16:45 - 000071655 _____ C:\WINDOWS\ZAM.krnl.trace
2017-08-18 14:38 - 2017-07-06 16:45 - 000038957 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-08-18 14:31 - 2015-01-09 15:41 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-18 14:27 - 2016-07-16 07:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-18 14:10 - 2016-09-05 04:01 - 001914356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-18 14:09 - 2014-12-05 12:26 - 000000093 _____ C:\Users\Nkem\AppData\Roaming\sp_data.sys
2017-08-18 14:07 - 2016-09-05 03:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-08-18 14:07 - 2014-12-05 12:25 - 000000000 __SHD C:\Users\Nkem\IntelGraphicsProfiles
2017-08-18 14:06 - 2016-09-05 04:02 - 000000000 ____D C:\Users\MSSQL$MSSQLSERVERPROD
2017-08-18 14:05 - 2016-09-05 05:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-18 14:05 - 2016-09-05 04:02 - 000000000 ____D C:\Users\ReportServer$MSSQLSERVERPROD
2017-08-18 14:05 - 2016-09-05 04:02 - 000000000 ____D C:\Users\Nkem
2017-08-18 14:05 - 2016-09-05 04:02 - 000000000 ____D C:\Users\MSOLAP$MSSQLSERVERPROD
2017-08-18 14:05 - 2016-09-05 03:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-06 03:18 - 2016-07-16 02:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-08-06 03:15 - 2016-07-16 07:45 - 000000000 ____D C:\WINDOWS\INF
2017-08-06 03:11 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-06 03:11 - 2014-08-31 11:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-06 03:03 - 2016-09-05 03:54 - 000375544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-26 16:25 - 2016-07-16 07:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-26 16:25 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-26 16:25 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-26 16:25 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-26 16:25 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-26 16:25 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-26 14:13 - 2017-07-06 21:51 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-07-22 08:08 - 2017-07-05 01:06 - 000000000 ____D C:\Program Files\Common Files\67ORMKOS4
2017-07-22 08:04 - 2016-07-16 07:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-07-22 07:24 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\rescache
2017-07-22 04:42 - 2017-07-05 16:29 - 000000000 ____D C:\Users\Public\Documents\Stronghold AntiMalware
2017-07-22 02:42 - 2017-07-05 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold AntiMalware
2017-07-21 19:17 - 2017-07-14 19:52 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-07-21 15:19 - 2017-04-20 14:03 - 000000000 ___RD C:\Users\Nkem\Downloads\vmfolder shared
2017-07-20 16:29 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-07-20 15:50 - 2014-12-05 12:25 - 000000000 ____D C:\Users\Nkem\AppData\Local\Packages
2017-07-20 15:09 - 2017-07-05 01:06 - 000000000 ____D C:\Users\Nkem\AppData\Local\bocmeujm
2017-07-20 15:09 - 2017-07-04 23:59 - 000000000 ____D C:\Users\Nkem\AppData\Local\dkyurqi
2017-07-20 15:09 - 2017-07-04 22:16 - 000000000 ____D C:\Users\Nkem\AppData\Local\bcfsuru
2017-07-20 15:09 - 2017-07-04 20:17 - 000000000 ____D C:\Users\Nkem\AppData\Local\gmexwp
2017-07-20 15:09 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-07-20 13:08 - 2014-12-05 13:58 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-20 12:35 - 2017-07-14 18:52 - 000040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2017-07-20 12:35 - 2017-07-14 18:52 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2017-07-20 12:30 - 2017-07-14 20:06 - 000246294 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2017-07-20 12:11 - 2017-07-14 19:56 - 000000000 ____D C:\@RestoreQuarantine
2017-07-20 11:52 - 2017-07-14 18:52 - 000000000 ____D C:\Users\Nkem\Documents\RegRun2
==================== Files in the root of some directories =======
2014-12-05 12:26 - 2017-08-18 14:09 - 000000093 _____ () C:\Users\Nkem\AppData\Roaming\sp_data.sys
2015-03-12 19:59 - 2017-04-20 13:30 - 000000600 _____ () C:\Users\Nkem\AppData\Roaming\winscp.rnd
2016-09-05 03:57 - 2016-09-05 03:57 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-16 16:02 - 2009-07-22 06:04 - 000024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-16 16:02 - 2012-09-07 07:37 - 000000103 _____ () C:\ProgramData\SetStretch.VBS
Files to move or delete:
====================
C:\Users\Nkem\.mongorc.js

==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-22 02:29
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-08-2017
Ran by Nkem (18-08-2017 14:39:21)
Running from C:\Users\Nkem\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-05 09:38:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3882979512-183718844-2655391270-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3882979512-183718844-2655391270-503 - Limited - Disabled)
Guest (S-1-5-21-3882979512-183718844-2655391270-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3882979512-183718844-2655391270-1003 - Limited - Enabled)
Nkem (S-1-5-21-3882979512-183718844-2655391270-1001 - Administrator - Enabled) => C:\Users\Nkem
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
"Minimal SYStem 1.0.11" (HKLM-x32\...\MSYS-1.0_is1) (Version: 1.0.11 - MinGW)
%SQL_PRODUCT_SHORT_NAME% Data Tools - BI for Visual Studio 2013 (HKLM-x32\...\{B0966B41-F778-41B1-98DB-145885CD2213}) (Version: 12.0.2430.0 - Microsoft Corporation) Hidden
%SQL_PRODUCT_SHORT_NAME% SSIS 64Bit For SSDTBI (HKLM\...\{B94FEEA2-93E4-4682-942C-140C2BCECD29}) (Version: 12.0.2430.0 - Microsoft Corporation) Hidden
7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Application Insights Tools for Visual Studio 2013 (HKLM-x32\...\{873F2D30-973B-415E-9BCA-E465AF816CCF}) (Version: 2.5 - Microsoft Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{D25C9EDD-984F-444C-9229-5A58130C6B10}) (Version: 4.3.60226.3 - Microsoft Corporation)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.1 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0036 - ASUS)
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Azure Resource Manager Tools (VS 2013) - v1.1 (HKLM-x32\...\{30ADA59D-F734-49E6-B7C1-8B6F705D0D7B}) (Version: 1.1.0.0 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{7A1ECE07-0EA1-4C5F-B813-284557B87BD9}) (Version: 2.6.30508.1601 - Microsoft Corporation) Hidden
AzureTools.Notifications.VwdExpress (HKLM-x32\...\{3B775CF9-9B4A-452B-BC65-7BDC2BEB9B86}) (Version: 2.6.30508.1601 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{594DB57D-58D1-4AA3-AE6C-BF99484F52F8}) (Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{B2429EA1-767E-4947-A458-F2204A2AA1BB}) (Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Brackets (HKLM-x32\...\{A4330D4D-ACAB-4790-A6BF-D1C9599FD93B}) (Version: 1.3 - brackets.io)
Build Tools - amd64 (HKLM\...\{DE293220-4F3A-40C8-B825-E151A231455A}) (Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{20C6C9E5-B5B0-40A2-8ACD-EF08A9562A5B}) (Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools for Windows 10 - ENU (HKLM-x32\...\{2E14B568-0775-4AC4-AB8F-8501017C7F1C}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Build Tools for Windows 10 (HKLM-x32\...\{891DCCD3-CC38-4FC6-B0D9-FC53A5ECD550}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{ACE05087-00E9-480F-A955-1C3D7B977A7D}) (Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{2F2A7D0D-C28D-4953-A59A-A5EF1171E03F}) (Version: 12.0.40629 - Microsoft Corporation) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Cloud Deployment Project for Microsoft Visual Studio 2013 - v1.1 (HKLM-x32\...\{B6BA1D9B-819E-4C52-BEB4-F4CF920DC041}) (Version: 1.1.0.0 - Microsoft Corporation) Hidden
CodedUITestUAP (HKLM-x32\...\{7875D06C-0405-3704-A68F-DEE7F2AF135F}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Devart dbForge SQL Complete, v4.8, Trial Edition (HKLM-x32\...\DevartSqlComplete_is1) (Version: 4.8.34 - Devart)
DISH Anywhere Video Player (HKLM-x32\...\{19A59152-3EA7-4631-9A11-5D2DBEF29780}) (Version: 2.29.3 - DISH Anywhere)
DIVA-GIS 7.5 (HKLM-x32\...\{45E46848-AD24-4E6C-9751-F5B5FD2C15FF}_is1) (Version:  - diva-gis.org)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition 5.19.0 (HKLM-x32\...\{4C5B1DD0-7E8E-4972-9247-818E6D030552}) (Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Dynamics 365 for Outlook Update 2.1 (KB4013759) (HKLM-x32\...\KB4013759_Client_1033) (Version: 8.2.0001.0176 - Microsoft Corporation)
Entity Framework 6.1.3 Tools  for Visual Studio 2013 (HKLM-x32\...\{D5170452-84D1-4725-AD9C-F9ECFD0A9E9F}) (Version: 12.0.40302.0 - Microsoft Corporation)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Ferramentas do Windows Phone 8.1 para Visual Studio 2015 - PTB (HKLM-x32\...\{0F89D312-C05F-45D8-945F-8276C66C1BC9}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.0.2 - Telerik)
Fiddler Syntax-Highlighting Addons (HKLM-x32\...\FiddlerSyntaxAddons) (Version:  - )
GDR 2254 for SQL Server 2014 (KB2977315) (64-bit) (HKLM\...\KB2977315) (Version: 12.0.2254.0 - Microsoft Corporation)
GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
GitHub (HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\5f7eb300e2ea4ebf) (Version: 3.0.11.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.7.0.7155 (HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\GoToMeeting) (Version: 8.7.0.7155 - CitrixOnline)
Herramientas de Windows Phone 8.1 para Visual Studio 2015 - ESN (HKLM-x32\...\{C1BDCD65-B499-43D5-9B6F-3716C4AD186A}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
hMailServer 5.6-B2145 (HKLM-x32\...\hMailServer_is1) (Version:  - )
Hotfix 2430 for SQL Server 2014 (KB2999197) (HKLM-x32\...\KB2999197) (Version: 12.0.2430.0 - Microsoft Corporation)
Hotfix 2569 for SQL Server 2014 (KB3158271) (64-bit) (HKLM\...\KB3158271) (Version: 12.0.2569.0 - Microsoft Corporation)
Hotfix 2569 for SQL Server 2014 (KB3158271) (HKLM-x32\...\KB3158271) (Version: 12.0.2569.0 - Microsoft Corporation)
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.26.54 - Hewlett-Packard Company)
IDE Tools for Windows 10 - ENU (HKLM-x32\...\{AA992619-E0C7-4DA2-BB4F-00BF2D65F2F2}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 (HKLM-x32\...\{2D94665F-1C31-4498-8CD9-3C402590EB95}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Install Finalizer (HKLM-x32\...\{B29EBEDD-4856-4056-B123-E10F66E971DD}) (Version: 2.6.30508.1601 - Microsoft Corporation) Hidden
Install Finalizer (HKLM-x32\...\{FF61A451-47E1-4AAC-A003-9CB2A048B351}) (Version: 2.6.30508.1601 - Microsoft Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.10586.0 (HKLM-x32\...\{C06E0800-9459-4A6B-835C-F7AB6DF6032A}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
JetBrains dotPeek 1.4.3 (HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\{a98a9190-ba32-502f-b65a-9e5cb2e1d61e}) (Version: 2015.1.3 - JetBrains s.r.o.)
JetBrains PyCharm Community Edition 2016.1.1 (HKLM-x32\...\PyCharm Community Edition 2016.1.1) (Version: 145.598.1 - JetBrains s.r.o.)
JetBrains ReSharper 9 (HKLM-x32\...\{2663211F-9CB2-4881-9BA0-EBE2F41438D3}) (Version: 9.0.0.0 - JetBrains Inc) Hidden
JetBrains ReSharper Ultimate in Visual Studio 2010 (HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\{3c5e89e2-1ac3-59d3-bc96-499e1c070dea}) (Version: 2015.1.3 - JetBrains s.r.o.)
JetBrains ReSharper Ultimate in Visual Studio 2012 (HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\{494c3c2b-34d1-53e1-ba93-2344d42e0b79}) (Version: 2015.1.3 - JetBrains s.r.o.)
JetBrains ReSharper Ultimate in Visual Studio 2013 (HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\{bf70078c-5e98-52f6-af00-eba9a1c75eec}) (Version: 2015.1.3 - JetBrains s.r.o.)
Kit SDK de vérification de Visual Studio 2012 - fra (HKLM-x32\...\{8A3862F9-F587-3DFA-AAFC-C1F0E116F05C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Kits Configuration Installer (HKLM-x32\...\{E23C15B0-EFF9-D2A8-3316-951AF053DAF7}) (Version: 10.1.10586.15 - Microsoft) Hidden
LeapFrog Connect (HKLM-x32\...\{5B0F473D-7E18-477F-99DC-3745D5A711E9}) (Version: 7.0.6.19846 - LeapFrog) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog)
LeapFrog LeapPad Explorer Plugin (HKLM-x32\...\{50B93E1B-EBA1-46AE-909F-10F6F97E1505}) (Version: 7.0.6.19846 - LeapFrog) Hidden
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
Memory Profiler (HKLM-x32\...\{4522FE06-850C-4106-AB9E-B32C1462DF8B}) (Version: 12.0.40629 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{57960F45-EDBA-4EFA-94D8-0C6FB5CCF11E}) (Version: 12.0.40629 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta8 (HKLM\...\{4b27d789-01cb-33ae-933d-d18671ca6210}) (Version: 1.0.11013.0 - Microsoft Corporation)
Microsoft AS OLE DB Provider for SQL Server 2014 (HKLM\...\{B18D21B6-0056-4E35-896A-339E84D86897}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 (HKLM-x32\...\{037a3c70-cc6a-4ae2-aa0e-70eb68ea81d5}) (Version: 4.0.20714.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.Net Web Frameworks 5.1 Security Update (KB2994397) (HKLM-x32\...\{94F716A3-CBBA-4005-9516-1C4267DDB824}) (Version: 5.1.20821 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.6 (HKLM\...\{FCD738C5-E26D-4E62-A2DA-2F0C65F81729}) (Version: 2.6.6496.2 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.6) (Version: 2.6.6496.2 - Microsoft Corporation)
Microsoft Azure HDInsight Tools for Visual Studio 2013 (HKLM-x32\...\{2359FE6C-71F4-42A9-AA21-99226119836B}) (Version: 2.0.1000.0 - Microsoft Corporation)
Microsoft Azure HDInsight Tools for Visual Studio 2015 (HKLM-x32\...\{97C1B320-BB4F-4F4F-AF63-D8BC305D5B13}) (Version: 2.0.1000.0 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.6 (HKLM\...\{E083D718-4414-45A6-B25B-7ADE4D483FD4}) (Version: 2.6.0424.100 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V1.0 (HKLM-x32\...\{467BBA68-2F71-4E1A-BD96-4CEC44CE1664}) (Version: 1.0.30320.0 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V2.0 (HKLM-x32\...\{07A1D8E3-9FEF-45B9-8544-3D3A776A435D}) (Version: 2.0.30320.0 - Microsoft Corporation)
Microsoft Azure PowerShell - June 2015 (HKLM-x32\...\{FF527D3A-2146-46A3-8E38-410CE493C9C3}) (Version: 0.9.4 - Microsoft Corporation)
Microsoft Azure Quickstarts (HKLM-x32\...\{A6ACA586-9C39-3F57-82B6-9345FF1672F9}) (Version: 1.6 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v4.0 (HKLM-x32\...\Microsoft Azure Storage Emulator - v4.0) (Version: 4.0.6891.3 - Microsoft Corporation)
Microsoft Azure Storage Tools - v3.1.0 (HKLM-x32\...\{B24BC91A-09AF-4695-8CE5-D62582B57946}) (Version: 3.1.0.0 - Microsoft Corporation)
Microsoft Azure Tools for Microsoft Visual Studio 2013 - v2.6 (HKLM-x32\...\{38c05380-3bc1-4bcf-ac7b-ec18b7aa17c4}) (Version: 2.6.30508.1601 - Microsoft Corporation)
Microsoft Azure Tools for Microsoft Visual Studio 2015 - v2.6 (HKLM-x32\...\{e513ff32-ff78-4dab-8848-db45d60737bb}) (Version: 2.6.30508.1601 - Microsoft Corporation)
Microsoft Dynamics 365 for Microsoft Office Outlook (HKLM-x32\...\Microsoft CRM Client) (Version: 8.2.0001.0176 - Microsoft Corporation)
Microsoft Dynamics CRM Developer Toolkit 1.1 (HKLM-x32\...\{EC70E31F-5DB6-4CE1-9EA4-2D16FC067641}) (Version: 1.2.0 - Microsoft Corporation)
Microsoft Dynamics CRM Developer Toolkit for Visual Studio 2012 (HKLM-x32\...\{BACDFCA3-6A16-4195-AC18-2BE34E154329}) (Version: 1.2.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Hive ODBC Driver (HKLM\...\{AC9970E8-7F55-4F50-A6D3-2BC041589904}) (Version: 1.0.5.5 - Microsoft Corporation)
Microsoft Hive ODBC Driver (HKLM-x32\...\{7A580208-9E61-47FD-9AEB-DDDAA67CF0F6}) (Version: 1.0.5.5 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office Developer Tools for Visual Studio 2013 - April 2015 Update (HKLM-x32\...\{45ba782b-98e9-43b0-a967-eb040045ff09}) (Version: 12.0.40429.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Power Query for Excel (HKLM-x32\...\{7C93931D-300B-4D20-8F01-3710CA03E0AA}) (Version: 2.17.3850.242 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{C58378BC-0B7B-474E-855C-9D02E5E75D71}) (Version: 11.1.3452.0 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{E2D10175-7411-4EA5-8E32-FA21262B435D}) (Version: 11.2.5592.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 (HKLM-x32\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{3D7113D6-92B4-43B5-AFF9-D55145B0DEDF}) (Version: 12.0.2569.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 RS Add-in for SharePoint  (HKLM\...\{FCF3BEA6-401C-444E-8910-A1AE3F2EBA1D}) (Version: 12.0.2569.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{92FBD63F-918C-4465-A283-957B15042D80}) (Version: 12.0.2569.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM-x32\...\{B16DC92B-0579-4DE5-8ADA-2C1A657A1248}) (Version: 12.0.2569.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{E76CDA08-0F96-44FD-A0FD-C07F6CAF19E0}) (Version: 12.0.2569.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{2C8240B9-2142-4A0E-9678-7F3C678E34C6}) (Version: 12.0.2569.0 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{7FE9A69F-6D91-4E2E-86B5-E2EB27AE6041}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41025.0) (HKLM-x32\...\{6793668D-6A81-4DCC-8034-ACF44E84B1D0}) (Version: 12.0.41025.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools 2013 (HKLM-x32\...\{2768bca6-2ff2-4cb2-b6fc-654f7b5d6af0}) (Version: 12.0.41025.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x64) (HKLM\...\{8EEC46D2-8208-4799-8328-2AA00F96AB8A}) (Version: 12.0.1294.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{CCA90A36-FA50-42CF-BA7D-44AD6EC27F10}) (Version: 12.0.2569.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2012 Shell (Integrated) (HKLM-x32\...\{55b160d2-8221-45fd-ab30-4388c69c0f3b}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2012 Shell (Isolated) (HKLM-x32\...\{d2e0df0f-bf0a-4a89-9530-ebf93842c393}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2013 Shell (Isolated) (HKLM-x32\...\{dd77c2ff-db69-44f7-9e5c-63aa540dfe07}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM-x32\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 0.8.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{4f075c79-8ee3-4c85-9408-828736d1f7f3}) (Version: 14.0.23107.178 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 with Update 4 (HKLM-x32\...\{c96467b4-e480-4218-8fde-db83bf9d47d1}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{e20d88d6-6150-4602-b4ef-49e138467d4d}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 Language Support (HKLM-x32\...\{44774b10-3e2b-443c-899b-56c46b370aa7}) (Version: 11.0.50727.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
MongoChef (HKLM\...\{E9AF5DBA-7C36-41F2-903E-D3B77E7E7457}) (Version: 3.0.1 - 3T Software Labs GmbH)
MongoDB 3.2.1 2008R2Plus SSL (64 bit) (HKLM\...\{A76E690F-8337-4D96-80AB-B2B08DE15A0D}) (Version: 3.2.1 - MongoDB)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{FA0599C5-C083-41BE-8AEA-E8EB9070D128}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Nástroje Windows Phone 8.1 pro sadu Visual Studio 2015 – CSY (HKLM-x32\...\{95028785-9D95-4139-88F7-DF9540AA03A7}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Node.js (HKLM\...\{675D3F64-4E18-403C-9C46-57C7EEBD45D5}) (Version: 5.2.0 - Node.js Foundation)
Node.js Tools 1.0 for Visual Studio 2013 (HKLM-x32\...\{FE0EA25A-E4E8-401F-8254-842102E49C7B}) (Version: 1.0.30324.01 - Microsoft Corporation)
NoSQL Manager for MongoDB Professional 2.9 (HKLM-x32\...\NoSQL_Manager_for_MongoDB_is1) (Version: 2.9 - NoSQL Manager Group)
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.22 (HKLM\...\{8D5E4D4D-5E0C-4448-B018-5DDEF1E208D9}) (Version: 5.1.22 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outils Windows Phone 8.1 pour Visual Studio 2015 - FRA (HKLM-x32\...\{A15F7899-CC09-47CF-9E2E-F052C5F83B23}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 Design-Time - PTB (HKLM-x32\...\{75CAD500-A544-35A4-A741-C40F78D88966}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PowerShellIntegration.Notifications (HKLM-x32\...\{0B48F5AE-6A17-49C1-8C65-81C6F74E6CF2}) (Version: 2.6.0.0 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (HKLM-x32\...\{84742B76-C00B-4209-A02F-49D6F836802F}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Professionald 2015 - ENU (HKLM-x32\...\{E1F5DAB6-26DE-4241-8173-9B845A425361}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Python 3.5.1 (64-bit) (HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\{b8440650-9dbe-4b7d-8167-6e0e3dcdf5d0}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 (Anaconda3 4.0.0 64-bit) (HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\Python 3.5.1 (Anaconda3 4.0.0 64-bit)) (Version: 4.0.0 - Continuum Analytics, Inc.)
Python 3.5.1 Add to Path (64-bit) (HKLM\...\{495EFF61-4949-4304-872E-441B48022991}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (64-bit) (HKLM\...\{2690DE23-49CD-4973-AA74-F77C4C852189}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (64-bit) (HKLM\...\{70D9C8DA-F1A1-43B0-B325-6263CD21E535}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (64-bit) (HKLM\...\{5C8D887B-998A-4708-9120-CE040C4A5B47}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (64-bit) (HKLM\...\{39F30A3E-99D9-46E3-8582-7422FE54A1FB}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{EC00AEF9-6544-4FEC-8152-C8949CDDCC85}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (64-bit) (HKLM\...\{E98CFF92-01E0-4E30-8C72-3C82111091C2}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (64-bit) (HKLM\...\{0F774261-D55F-4180-B266-A9E1C6F4CD7A}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (64-bit) (HKLM\...\{A47BAF5B-53CC-4E60-847A-E13CAF26F467}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (64-bit) (HKLM\...\{A1B06412-F898-47C9-968F-D3B331ABB202}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (64-bit) (HKLM\...\{34E72E6D-77E8-4C17-99B8-42497B7308C8}) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python Tools 2.2.2 for Visual Studio 2015 (HKLM-x32\...\{811CBB11-A221-4AF8-9F69-937487DE6AAC}) (Version: 2.2.31124.00 - Microsoft Corporation)
Python Tools Redirection Template (HKLM-x32\...\{2881CFB4-71F9-40C7-8228-6395117C0EDA}) (Version: 1.3 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Robomongo (HKLM-x32\...\Robomongo) (Version: 0.8.5 - Paralect)
Roslyn Language Services - x86 (HKLM-x32\...\{3107684C-8011-3031-BD28-10CA30F58267}) (Version: 14.0.24730 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.7.5.114 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SDK de comprobación de Visual Studio 2012 - esn (HKLM-x32\...\{90EF884E-5253-324C-9C11-63C9DA16BF0C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95150004-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4711.1001 - Microsoft Corporation)
SharePoint Client Components (HKLM\...\{95160003-1163-0409-1000-0000000FF1CE}) (Version: 16.0.4002.1211 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
SpyRemover Pro (HKLM-x32\...\{2c4a7951-a844-4881-97a4-d58028b281b4}) (Version: 1.0.1.8 - Support King LLC)
SQL Search 2 (HKLM-x32\...\{CB432A0B-562C-43B7-94C2-481052C1D3B2}) (Version: 2.0.1.36 - Red Gate Software Ltd.)
SQL Server 2014 Analysis Services (HKLM\...\{5B58E617-A218-4574-B838-12F7A89B838B}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Analysis Services (HKLM\...\{7719CC19-87C5-4CCC-AF97-13AB9918828C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Analysis Services (HKLM\...\{A0BC3D94-FB5E-40E3-9881-3B308CC8346B}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Analysis Services (HKLM\...\{D38D89B7-B869-43F9-B643-3C8B2D1A9B42}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM-x32\...\{BFB3B874-8033-4F5E-BE47-0AED2541E57C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM-x32\...\{F78A23CD-E9A0-46E3-88E2-CF2CC93AE7BA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (HKLM\...\{1B61E3E0-7021-47ED-8733-927A31300AE4}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality client (HKLM\...\{DCE60088-65B7-4873-957A-08017D343E9A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (HKLM\...\{175C8B58-EDA6-4F24-9863-A8D4F58C290A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (HKLM\...\{69C59171-F1C0-4013-BDF7-01D98B51263E}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (HKLM\...\{958AE70F-496E-454B-932E-B218F9074AF0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data quality service (HKLM\...\{DEE226D7-D7DA-4413-918E-1E0398BB5125}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Data Tools - BI for Visual Studio 2013 (HKLM-x32\...\{FC6997B5-E23C-49AD-B9BF-BD0B7F4D8BA0}) (Version: 12.0.2430.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{C8511A82-E9FD-4B6D-B1B2-378589D2B48A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{D45C3EC4-282E-4798-98C7-E7BF2362F04E}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (HKLM\...\{2D77A365-F019-4EED-BA58-6389CFD73C9D}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (HKLM\...\{357D53BA-8B5D-4E72-9636-A82E0B1A72D4}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (HKLM\...\{3D327420-2E9F-4F56-8B15-C2FE5ADE85BF}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Distributed Replay (HKLM\...\{B5D457CD-3E1A-4D6C-8D16-6030E88DAF35}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{1D01EDF6-7E93-4FEE-AA09-C5669511100C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{5EACF47D-EB70-4FE0-83DE-9FD9693C24B9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Documentation Components (HKLM\...\{832D6A7D-13F7-42CB-9AC6-5859800269AE}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (HKLM\...\{1730CE17-D019-43A8-AB52-A4B8FF9A23B9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Full text search (HKLM\...\{B40B7A25-308B-4650-8B42-E51710CDD4D9}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (HKLM\...\{0FB14E21-7A42-4CD0-8D5C-028B2ACD29E6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Integration Services (HKLM\...\{327B1B40-2434-4DC5-9D4D-B9B24D4B2EDE}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (HKLM\...\{B0AE7D26-F924-4471-86D8-97286DCFDCFA}) (Version: 12.0.2569.0 - Microsoft Corporation) Hidden
SQL Server 2014 Master Data Services (HKLM\...\{FD0A0EA4-E80A-45C8-A7C1-FE35B5A50C32}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (HKLM\...\{026E123D-2160-46C7-A801-87D27D46835E}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (HKLM\...\{4CC3B4AF-9DDB-44F4-84FC-99F293F1EE4A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (HKLM\...\{700C00BA-E947-4B77-8EF1-588DF210E931}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Reporting Services (HKLM\...\{B2922C79-2BB2-4B6C-990F-012702035FAF}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 RS_SharePoint_SharedService (HKLM\...\{50663FF0-DF81-4DDC-BED0-F92E31488301}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 SQL Data Quality Common (HKLM\...\{2D95D8C0-0DC4-44A6-A729-1E2388D2C03E}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 SQL Data Quality Common (HKLM-x32\...\{1DB4F090-6E80-4DC8-9844-850316780073}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SSMS Integration Pack Framework 1 (HKLM-x32\...\{412D7D82-8495-496F-8B49-4DBF76327F6B}) (Version: 1.0.5.0 - Red Gate Software Ltd)
SSMS Tools Pack 3.2.2.0 (HKLM-x32\...\{6644B14C-BED8-4E74-AFDE-B62FFF7736DF}) (Version: 3.2.2.0 - Mladen Prajdic)
Stronghold AntiMalware (HKLM-x32\...\Stronghold AntiMalware_is1) (Version: 1.2 - Security Stronghold)
Strumenti di Windows Phone 8.1 per Visual Studio 2015 - ITA (HKLM-x32\...\{14AEEB17-6A3D-424F-8E18-2F20A5DCA9A8}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{48992F68-BEE6-35D8-89AC-6A81406F1096}) (Version: 14.0.24712 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{6098D454-CB7B-44C2-8615-D869FD9655C7}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{CF436B98-B0FE-447F-8E46-68E0B14FDDE0}) (Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{E51EAA08-F838-4CCE-B011-A82469BE6CC5}) (Version: 1.6.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{0E4A9B1A-12D2-4827-BE61-44DBD72797FB}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{F66F9C2A-E14B-4D30-82C5-A4E32B569286}) (Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.6.3.0 (HKLM-x32\...\{da31aa25-410a-4c1b-9ec0-114dd8dff786}) (Version: 1.6.23313.0 - Microsoft Corporation)
TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
Uninstall Finalizer (HKLM-x32\...\{59911D4A-571F-4749-B399-E88F6A148F20}) (Version: 2.6.30508.1601 - Microsoft Corporation) Hidden
Uninstall Finalizer (HKLM-x32\...\{5D4A4A84-D925-4CDF-A85A-19D843574CF4}) (Version: 2.6.30508.1601 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{284FA9A0-CEDD-81D3-5A19-5858E95FD0C4}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{8D873290-A237-C7A4-2553-ED69A6256A6C}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{ABD37F71-FC3F-F525-C7B3-BDD95F684C51}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CE3C30CC-6E2E-D207-15CD-6E79F3E5DE38}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{8E3ADB96-CF58-757C-ADBC-BD21D5061E51}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{4EE952FC-2888-39E8-75D5-E07FA9557985}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{5B513DDE-9CE5-386D-961E-9D3B9223F95C}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{6AFD985C-21B7-8F2D-86B2-19A0563A1195}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{92437DB1-9B7D-741B-02C3-354215DC1804}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3213574) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PRJPROR_{2178D653-A054-4A65-9726-A90664E92D9F}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3213574) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2178D653-A054-4A65-9726-A90664E92D9F}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3213574) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{2178D653-A054-4A65-9726-A90664E92D9F}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3213574) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2178D653-A054-4A65-9726-A90664E92D9F}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3213574) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{2178D653-A054-4A65-9726-A90664E92D9F}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2013 Update 5 (KB2829760) (HKLM-x32\...\{17551f85-1d1c-4142-a83f-bbd18a3522c2}) (Version: 12.0.40629 - Microsoft Corporation)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VS Update core components (HKLM-x32\...\{5F7870A1-0586-313E-A9FF-3249DCE9F63A}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
VS Update core components (HKLM-x32\...\{7CE8C6D0-6EA4-34C3-A4ED-8C28A1D67228}) (Version: 12.0.40629 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.12.577 - ASUS Cloud Corporation)
WinAppDeploy (HKLM-x32\...\{4E8B1900-34DE-E742-E6A7-606519AC19B7}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - ASUS (ATP) Mouse  (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 6.0.0.66) (HKLM\...\1EFB54678773735560B565BE7FA6F2BCC557EE21) (Version: 06/17/2015 6.0.0.66 - ASUS)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Phone 8.1 Emulators - ENU (HKLM-x32\...\{166a69f6-6512-47ea-a342-17d954fc059a}) (Version: 12.0.31010.0 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E65EDBCC-C437-45DF-96BE-46B672317F41}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.15 (HKLM-x32\...\{28a123e5-1799-4f20-9bd8-7c46f30eb7bf}) (Version: 10.1.10586.15 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.26624 (HKLM-x32\...\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}) (Version: 10.0.26624 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{F966F316-03C5-483F-9728-6F5544CBE056}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{34305F86-441E-EA27-4A63-0A61AB6633A2}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{E34671C0-A376-3ABA-B4DC-2ED5A198D474}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{11BCC658-31EF-57DB-C947-73769B831F73}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{E8986F9D-CA5E-578D-BC2C-A85D9FAE1775}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F01524B0-3608-66D0-C3F0-3CA5476AA049}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{7225B7A2-CC49-1963-1362-D2EB1E5F0926}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{789F1018-8699-4A63-F00E-91E5E0521E87}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (HKLM-x32\...\{BED500B4-099B-7B0A-64E8-D3AF5FDACB2F}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (HKLM-x32\...\{97391170-DA69-41A3-3482-D849F0F9728C}) (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinSCP 5.9.5 (HKLM-x32\...\winscp3_is1) (Version: 5.9.5 - Martin Prikryl)
Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
Пакет Visual Studio 2012 Verification SDK - rus (HKLM-x32\...\{977CABC5-7B4B-3AE4-8E1B-56C673C1D638}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Средства Windows Phone 8.1 для Visual Studio 2015 — RUS (HKLM-x32\...\{31F83DBE-5EC4-4FA7-B2F0-C4B8CADAD519}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для среды разработки набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 - RUS (HKLM-x32\...\{5268600F-1B2F-3273-A335-EFD9D1698385}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
用于 Visual Studio 2015 的 Windows Phone 8.1 工具 - 简体中文 (HKLM-x32\...\{DE365C94-10EE-48DC-8F32-8C0E73B8DB2D}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
適用於 Visual Studio 2015 的 Windows Phone 8.1 工具 - 繁體中文 (HKLM-x32\...\{D81794C0-C8A0-4765-9193-7C84306B9024}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3882979512-183718844-2655391270-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Nkem\AppData\Local\Citrix\GoToMeeting\4800\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.12.577\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.12.577\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.12.577\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-06] ()
ContextMenuHandlers1-x32: [SAContextMenu] -> {ED16353A-533D-460E-9F02-6301D72B88D6} => C:\Program Files (x86)\Stronghold AntiMalware\saShell.dll [2017-07-07] ()
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-06] ()
ContextMenuHandlers6-x32: [SAContextMenu] -> {ED16353A-533D-460E-9F02-6301D72B88D6} => C:\Program Files (x86)\Stronghold AntiMalware\saShell.dll [2017-07-07] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {099227FB-61F4-4758-9551-3016236ACFA1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {174F2FC0-654B-491D-86C4-09ADA99176DB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {182D6B2E-A001-44A0-BF0B-3BBD781DD9CC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {21D0756F-1E84-4FE8-B600-85E6D093E554} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION
Task: {22F35FC3-6A99-4615-BA5A-9F4271C07998} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {35A7E660-7B0C-42FC-8861-4B6D8E36FF7B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {4144D483-5F9D-48A1-A071-BF53D8874BC8} - System32\Tasks\G2MUploadTask-S-1-5-21-3882979512-183718844-2655391270-1001 => C:\Users\Nkem\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe [2016-09-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {585A3283-3F48-4767-9CC8-BCD6EE5464E1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-20] (Adobe Systems Incorporated)
Task: {58C4A45B-0BB5-4178-853E-928AEEC85230} - \WPD\SqmUpload_S-1-5-21-3882979512-183718844-2655391270-1001 -> No File <==== ATTENTION
Task: {5DF4342A-8192-43B3-863D-E1C5B616923F} - \System\SystemCheck -> No File <==== ATTENTION
Task: {60C4E171-92F4-497F-A0FF-A4EACB9C9E97} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {620BDBE9-5B18-4D62-BF42-46FA3C08F115} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {651FC044-9590-408F-8533-3E97CBF4F43B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)
Task: {73C273CE-570E-4116-BFE3-0DFBC803EF8B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {760307F7-3B99-43E4-98FD-BE26948176B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {76B9ACED-FEDB-4731-9B0C-10BCC5BC7C95} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-06-03] ()
Task: {79626329-F03E-4552-8EFB-931E129ACD7F} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-24] (Realtek Semiconductor)
Task: {7BD1136A-FAE1-4D04-93F1-10F508874949} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8FA6CA47-1C8D-4FC4-B7A4-4B866FEF47F2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-14] (AVAST Software)
Task: {923F6443-4D2D-489D-8AE7-DE8518CA543B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {92FC0DF5-E214-467A-B2AC-104E641306C6} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {933E9549-A1E9-4939-92E0-DD58078E3255} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {ABFE6EC7-B23C-4E1F-8B2D-B0A3CF7459DB} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3882979512-183718844-2655391270-1001 -> No File <==== ATTENTION
Task: {AEC752D1-107D-466D-9FF7-FFB48D6E74DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-14] (Google Inc.)
Task: {B5BA476A-F6C6-4C93-9120-A15C6F863D20} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-27] (Microsoft Corporation)
Task: {B909B964-311E-4E68-9BDE-7DD88D1C43C8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BCF3402D-4159-4D1A-A980-FABD9D705321} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {C6DB3BD9-6689-4D60-9D4C-957B30025A02} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CAAE1752-3C7D-4D39-80F1-9CD0687E245B} - System32\Tasks\G2MUpdateTask-S-1-5-21-3882979512-183718844-2655391270-1001 => C:\Users\Nkem\AppData\Local\Citrix\GoToMeeting\5530\g2mupdate.exe [2016-09-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D50AD79D-7BCC-4426-BFC3-42F4D6C72BE3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {E172BCA3-7102-4EF5-9938-3B7986E777BF} - System32\Tasks\4ce5892c7d79fd0b98764900dc0ace49 => sc start 4ce5892c7d79fd0b98764900dc0ace49 <==== ATTENTION
Task: {E535CE62-BD3E-4C96-81B0-B50B6238C451} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E68ED047-A80E-480F-98B3-A8392C612794} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E8D72867-DD35-4C72-9F31-FA6763DDA430} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {F3A2E21B-7840-4DB6-8BBA-AB3C9CDE3F4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-14] (Google Inc.)
Task: {F89C9EB3-B7D3-4636-8F9A-47B31DE9273E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3882979512-183718844-2655391270-1001.job => C:\Users\Nkem\AppData\Local\Citrix\GoToMeeting\7155\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3882979512-183718844-2655391270-1001.job => C:\Users\Nkem\AppData\Local\Citrix\GoToMeeting\7155\g2mupload.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2016-07-16 07:42 - 2016-07-16 07:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-13 14:40 - 2017-06-21 03:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-22 02:42 - 2017-07-07 15:31 - 003657312 _____ () C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalwareService.exe
2016-02-22 17:55 - 2016-01-11 19:59 - 019124736 _____ () C:\mongodb\Server\3.0\bin\mongod.exe
2016-05-27 15:50 - 2016-11-30 22:57 - 000401888 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-07-06 16:45 - 2017-07-06 16:46 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-05-03 17:11 - 2017-05-03 17:11 - 000619008 ____N () C:\windows\system32\tprdpw64.exe
2016-09-15 18:10 - 2016-09-07 00:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 12:12 - 2017-03-04 02:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 12:10 - 2017-03-04 02:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 12:10 - 2017-03-04 02:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 12:10 - 2017-03-04 02:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-13 14:39 - 2017-06-21 02:36 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-07-13 14:40 - 2017-06-21 02:35 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-13 14:40 - 2017-06-21 02:37 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-21 15:37 - 2017-04-21 15:37 - 000884224 _____ () C:\Users\Nkem\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-04-21 16:28 - 2017-04-21 16:28 - 001080832 _____ () C:\Users\Nkem\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2014-04-02 17:46 - 2014-04-02 17:46 - 000018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-02 17:46 - 2014-04-02 17:46 - 000117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-02 17:46 - 2014-04-02 17:46 - 000037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-02 17:46 - 2014-04-02 17:46 - 000020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2014-08-31 10:47 - 2013-10-23 16:44 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-01-14 19:40 - 2017-01-14 19:40 - 053460992 _____ () C:\Users\Nkem\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\Nkem\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\Nkem\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\Nkem\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\.exe: exe =>  <==== ATTENTION
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\dynamics.com -> hxxps://attainanalytics.crm.dynamics.com
IE trusted site: HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\hillfocus-nkem -> hxxp://hillfocus-nkem
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-07-22 02:15 - 2017-07-26 14:16 - 000795407 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 24hwebsex.com
0.0.0.0 ads.xxxad.net
0.0.0.0 hhbekxxw5d9e.pflexads.com
0.0.0.0 img.ads.mojiva.com
0.0.0.0 adcontent.saymedia.com
0.0.0.0 ads.saymedia.com
0.0.0.0 ftpcontent.worldnow.com
0.0.0.0 s0.2mdn.net
0.0.0.0 img.ads.mocean.mobi
0.0.0.0 bigmobileads.com
0.0.0.0 banners.bigmobileads.com
0.0.0.0 ads.mopub.com
0.0.0.0 images.mpression.net
0.0.0.0 images.millennialmedia.com
0.0.0.0 oasc04012.247realmedia.com
0.0.0.0 assets.cntdy.mobi
0.0.0.0 ad.leadboltapps.net
0.0.0.0 api.airpush.com
0.0.0.0 ad.where.com
0.0.0.0 i.tapit.com
0.0.0.0 cdn1.crispadvertising.com
0.0.0.0 cdn2.crispadvertising.com
0.0.0.0 medrx.sensis.com.au
0.0.0.0 rs-staticart.ybcdn.net
0.0.0.0 img.ads.taptapnetworks.com
0.0.0.0 adserver.ubiyoo.com
0.0.0.0 c753738.r38.cf2.rackcdn.com
0.0.0.0 edge.reporo.net
0.0.0.0 ads.n-ws.org
0.0.0.0 adultmoda.com
There are 27040 more lines.

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3882979512-183718844-2655391270-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nkem\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{4a9bd607-07aa-4ec1-bc34-651c8ec1c74f}.jpg
HKU\S-1-5-80-3601417626-1787677323-2746304910-1752982994-1612513421\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-80-4172529921-2013222826-1004157458-3856387818-1685295101\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\StartupApproved\StartupFolder: => "importantupdates.vbs"
HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_2023E4D806469AC12C16E5120AD9FFFA"
HKU\S-1-5-21-3882979512-183718844-2655391270-1001\...\StartupApproved\Run: => "EuMq0wPZLA.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9DD200BE-8AC8-4315-95D7-262D7DEF3CD2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AB3F51EB-D2E9-45DD-B057-7E4CE8DBF0C8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{252D9CBB-F64D-4F2B-9299-4BAB8305F5A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5F86B980-AAE0-41C9-A54B-FCB3DFE02D25}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5671014D-C71F-4E4F-87ED-E6E16A367476}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{FEB2D7E5-010B-4632-B5F3-ABC6C4195B18}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [UDP Query User{7B82EBFB-FB9D-4BFD-8615-6A5ADB7666C8}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [TCP Query User{ABBFF04E-A6D6-44AB-97D1-13C704B77F1E}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [UDP Query User{EEA4107F-EA44-4797-867D-C164B82EAD45}C:\program files (x86)\jetbrains\pycharm community edition 2016.1.1\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 2016.1.1\bin\pycharm.exe
FirewallRules: [TCP Query User{80340019-83D8-42DF-9EC8-6CC6745CEF0D}C:\program files (x86)\jetbrains\pycharm community edition 2016.1.1\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 2016.1.1\bin\pycharm.exe
FirewallRules: [UDP Query User{797D23CD-9DD6-406F-9099-2170FEB77F7B}C:\mongodb\server\3.0\bin\mongos.exe] => (Allow) C:\mongodb\server\3.0\bin\mongos.exe
FirewallRules: [TCP Query User{A92B5A8C-F338-4982-8474-30BEBA6404DC}C:\mongodb\server\3.0\bin\mongos.exe] => (Allow) C:\mongodb\server\3.0\bin\mongos.exe
FirewallRules: [UDP Query User{BD730684-AA98-465A-B6DF-AB457BC91618}C:\nodejs\node.exe] => (Allow) C:\nodejs\node.exe
FirewallRules: [TCP Query User{BA47EDED-B95E-413B-80EE-EC87D64D19B8}C:\nodejs\node.exe] => (Allow) C:\nodejs\node.exe
FirewallRules: [TCP Query User{D6CBF86A-5D98-4CFC-9D7E-C20752C6C62F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{9D5719E9-9597-45D7-B65C-01C803115072}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E2E08099-4352-4768-9DEA-2410B1E878DC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [UDP Query User{BAF2AD5E-9F6D-444D-88C8-6F6EA5C249E3}C:\nodejs\node.exe] => (Allow) C:\nodejs\node.exe
FirewallRules: [TCP Query User{4C7ABF81-1633-4E12-B722-E22387E03698}C:\nodejs\node.exe] => (Allow) C:\nodejs\node.exe
FirewallRules: [UDP Query User{6073BF0A-0B9B-409D-9A19-915F820C7523}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
FirewallRules: [TCP Query User{A51D8BE7-F1AD-4FC7-89AF-5B060B05E9D4}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
FirewallRules: [{E317005A-8667-4460-91D3-6481C31715B9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{A6355E2A-4CB6-45BD-9E91-024C2F50347A}C:\program files (x86)\jetbrains\webstorm 10.0.2\bin\webstorm.exe] => (Allow) C:\program files (x86)\jetbrains\webstorm 10.0.2\bin\webstorm.exe
FirewallRules: [TCP Query User{6B89733A-9C2F-445D-B008-FDE90ADEE532}C:\program files (x86)\jetbrains\webstorm 10.0.2\bin\webstorm.exe] => (Allow) C:\program files (x86)\jetbrains\webstorm 10.0.2\bin\webstorm.exe
FirewallRules: [UDP Query User{AFBD641C-E4D8-4AD6-A693-DC22E10070E9}C:\program files\mongodb\server\3.0\bin\mongod.exe] => (Allow) C:\program files\mongodb\server\3.0\bin\mongod.exe
FirewallRules: [TCP Query User{E14DDFD5-D94F-4402-9655-478E869B0445}C:\program files\mongodb\server\3.0\bin\mongod.exe] => (Allow) C:\program files\mongodb\server\3.0\bin\mongod.exe
FirewallRules: [{23262C3B-30C1-4429-91BA-A953946A2B16}] => (Allow) C:\Windows\system32\mstsc.exe
FirewallRules: [{5D1BA1D6-C440-44A5-A3E5-42DDB7FC704D}] => (Allow) C:\Windows\system32\mstsc.exe
FirewallRules: [{BB17E86B-5ECB-4E3A-8D5D-BC92DD5B6C01}] => (Allow) C:\Windows\system32\mstsc.exe
FirewallRules: [{26B10451-D9D8-441E-AECE-28A378C7D507}] => (Allow) C:\Windows\system32\mstsc.exe
FirewallRules: [{0AB0AD36-0A02-4408-AE94-01FF928D205B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{46A5A91B-69C7-493C-AA09-7DF59BDA6437}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{2119509E-B10B-4011-92A9-F09274A02752}] => (Allow) LPort=12292
FirewallRules: [TCP Query User{33FA751A-A922-4C25-AAA6-280298F320DE}C:\mongodb\server\3.0\bin\mongod.exe] => (Allow) C:\mongodb\server\3.0\bin\mongod.exe
FirewallRules: [UDP Query User{80BAE8A4-B23A-4F2F-8445-4FAF778ACD2C}C:\mongodb\server\3.0\bin\mongod.exe] => (Allow) C:\mongodb\server\3.0\bin\mongod.exe
FirewallRules: [{A3F662AD-243F-4C60-A9A6-8A0F4A8D94DF}] => (Allow) C:\mongodb\server\3.0\bin\mongod.exe
FirewallRules: [{EEF3BAF2-A2A5-431B-8C79-B000E4B8EAF9}] => (Allow) C:\mongodb\server\3.0\bin\mongod.exe
FirewallRules: [{2BCF545C-E18B-4966-AFC2-915F71D8A7B1}] => (Allow) C:\mongodb\server\3.0\bin\mongod.exe
FirewallRules: [{46E3F598-3B7B-478A-A11D-E99644AFBDF9}] => (Allow) C:\mongodb\server\3.0\bin\mongod.exe
FirewallRules: [TCP Query User{ADD0206D-E463-4C81-AFD4-F16CB47C5A04}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2AAE81EE-4DA9-44E8-96EA-AF3B1189B8C9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E6EC0848-FFAC-49A2-A289-2179FD5D45F4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{CB291AA9-1EC3-456F-BB01-5AA8129F22D5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A8D936F6-FB3F-45EC-8E81-C2EDDFA8FFE3}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [TCP Query User{2AB61DF5-56F6-4A07-9465-B5EBE29A6D93}C:\program files (x86)\jetbrains\webstorm 10.0.2\bin\webstorm.exe] => (Block) C:\program files (x86)\jetbrains\webstorm 10.0.2\bin\webstorm.exe
FirewallRules: [UDP Query User{CAF48530-BB27-4000-BE40-B56D5AC4ED5C}C:\program files (x86)\jetbrains\webstorm 10.0.2\bin\webstorm.exe] => (Block) C:\program files (x86)\jetbrains\webstorm 10.0.2\bin\webstorm.exe
FirewallRules: [{7DD5CECF-6DA1-44C3-B71A-2BB56F59F8E0}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{ABFDB905-3A89-40AB-B054-300FB6C2136E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC587531-8065-4216-84A9-61D2C3531A38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C72B41DB-7C7E-47AE-8E21-865175C074F1}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [UDP Query User{C6553EAF-001A-4B84-A216-6584381FD8A4}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [{DA304B5E-A852-4020-BA63-44F93CEA2BF2}] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [{FA3BE17B-D43A-4D18-9429-BDE5A621CD3A}] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [{B254FB01-A34B-4B72-BE88-8B7C34C65F1E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{20DCF4CC-A977-4454-85AC-B86537937D09}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5BCB1E0B-596E-4735-A017-C013F1FE602D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5E04BE5D-86F7-4FFB-8D6B-E44202EB21FB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F715D2EC-70F3-4D53-AB63-D67AAB02B454}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe
FirewallRules: [{E914D912-93F8-43DC-B7FB-EB31EB18FE23}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe
FirewallRules: [{693DD7A1-8316-480C-AB03-9CE6CE9601A7}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe
FirewallRules: [{90A058EA-3896-46DB-85B6-94122E093EA2}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe
FirewallRules: [TCP Query User{C5FF0FA1-B178-4296-99F1-309D5CEC7344}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{C2D19BB0-153A-40C2-9A2E-FA9B43E98EC8}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe
FirewallRules: [{88AFC8E4-52B8-4142-B2BC-4C8C969F7548}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䝜湥呬批潲屳敇汮祔牢獯攮數
FirewallRules: [{3FCFB051-25E7-4A2A-BE85-DC7AFAB1E7E2}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䝜湥呬批潲屳敇汮祔牢獯⹟硥e
FirewallRules: [{60267A8E-33AE-49EA-BF33-CDCFE44F4BAD}] => (Allow) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
FirewallRules: [{BF9B3800-4F99-4B42-B695-2B235FAD8A5E}] => (Allow) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
FirewallRules: [{716A5D75-037B-4EA5-95D5-AA78FDBD0C7B}] => (Allow) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
FirewallRules: [{27F04A57-04BB-4489-A327-F353D58FD33F}] => (Allow) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
FirewallRules: [{D1FBC58D-070D-46B0-B3F4-484B4D7A39B7}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䝜湥呬批潲屳敇汮祔牢獯攮數
FirewallRules: [{FF7EB9EC-D8B5-4F50-8F17-AE2B7E204976}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䝜湥呬批潲屳敇汮祔牢獯⹟硥e
FirewallRules: [{CFE2E71A-EEC8-4401-B025-3EE1FB4110B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{65CBC8DB-0819-4274-A8D3-75B47EA86D69}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{189B149C-8D91-4673-8653-88BC201826BD}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{3FCFDAF5-8C95-4042-9C2C-53E1312AB2EE}] => (Allow) C:\Program Files (x86)\UnHackMe\GWebUpdate.exe
FirewallRules: [{89B9230A-1DBC-4631-85FC-57B5FA5439E2}] => (Allow) C:\Program Files (x86)\UnHackMe\GWebUpdate.exe
==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (08/18/2017 02:08:15 PM) (Source: Report Server Windows Service (MSSQLSERVERPROD)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVERPROD) cannot connect to the report server database.
Error: (08/18/2017 02:06:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (08/18/2017 02:05:24 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfParticipantDisplayService
GetDisplayBrightnessFromPowerSettings:  Could not inform driver of current brightness value.
Error: (08/18/2017 02:05:24 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfParticipantDisplayService
SetBrightnessSettingInDriver:  p_handle is NULL.
Error: (08/18/2017 02:05:24 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfParticipantDisplayService
SetDisplayBrightnessViaPowerSettings:  Could not obtain brightness value to set from driver.
Error: (08/18/2017 02:05:24 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfParticipantDisplayService
GetBrightnessSettingFromDriver:  p_handle is NULL.
Error: (08/18/2017 02:05:24 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfParticipantDisplayService
ConnectToDptfDisplayDriver:  SetupDiEnumDeviceInterfaces() failed.
Last error = [0x00000103]
Error: (08/06/2017 03:42:01 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
Error: (08/06/2017 03:40:55 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (08/06/2017 03:40:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.14393.1378, time stamp: 0x594a1517
Faulting module name: windows.immersiveshell.serviceprovider.dll, version: 10.0.14393.0, time stamp: 0x57899873
Exception code: 0x80270233
Fault offset: 0x0000000000033c25
Faulting process id: 0x1570
Faulting application start time: 0x01d30e8732b39967
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
Report Id: 5cde0b97-fdc3-440c-ad05-649aa111644c
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (08/18/2017 02:31:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.249.1225.0).
Error: (08/18/2017 02:31:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
The requested resource is in use.
Error: (08/18/2017 02:13:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dataup Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (08/18/2017 02:10:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (08/18/2017 02:10:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
The requested resource is in use.
Error: (08/18/2017 02:09:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Management Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (08/18/2017 02:08:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The requested resource is in use.
Error: (08/18/2017 02:07:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/18/2017 02:07:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The SQL Server Reporting Services (MSSQLSERVERPROD) service hung on starting.
Error: (08/18/2017 02:07:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The SQL Server Reporting Services (MSSQLSERVERPROD) service hung on starting.

CodeIntegrity:
===================================
  Date: 2017-07-21 11:22:20.046
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-20 15:25:55.293
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-14 20:22:37.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-14 17:56:20.727
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-13 13:57:59.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-06 21:33:49.850
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-07-05 15:14:53.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\WinSCP\DragExt64.dll that did not meet the Store signing level requirements.
  Date: 2017-07-05 00:16:35.063
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-06-30 13:31:08.540
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 44%
Total physical RAM: 8075.52 MB
Available physical RAM: 4485.97 MB
Total Virtual: 11275.52 MB
Available Virtual: 7089.72 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:6.27 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:524.37 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 581D85B2)
Partition: GPT.
==================== End of Addition.txt ============================


#8 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:20 PM

Posted 19 August 2017 - 04:26 AM

Hello again DB, and welcome to Bleeping Computer.

Please call me "Ray". Do you have a short nickname I can use? If not, do you mind my calling you DB?

I will be helping you with your computer problem.
 

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate consecutive posts if that's easier for you.
  • Please do not try to fix anything or run (or re-run) any tools without being advised to do so.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Click More Reply Options and then Preview Post before you post a reply. Be sure your message addresses all the issues I raise.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.



Extended absence

 

I have haven't responded since because I have been swamped by many issues...

 

That is entirely understandable, and you can take as much time as you need, however, I very much appreciate your telling me in advance when you will be away. In your absence, I have taken up the request for help from another user. That limits the amount of time I can devote to your PC.



Status of Notepad?

Thank you for the FRST logs, however, you didn't reply to my question about Notepad. Here it is again for your convenience:

Please also confirm whether Notepad will open. Press the Start key and type Notepad. Then click on "Notepad" in the search results. No need to actually create any document. Just tell me whether Notepad opens normally.

If you encounter any problems, please give me a complete description of what you see, including verbatim copy of all error messages (if any).

 


Please answer that question and also note that I include a summary at the bottom of every post. Before you send me your replies, be sure you review my posts and address every issue I raise.


Summary

  • Confirm you have backed up all your important files. If not, I will help you to do so.
  • Tell me whether Notepad operates normally.
  • Give me any other info about your PC that you think is relevant to this problem.

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#9 Databuff

Databuff
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 19 August 2017 - 05:23 AM

Hi Ray,

          Thanks for responding.

           I haven't backed up my data

           can't open notepad

           Can't turn windows defender on

           My system was infected after visiting a site for free software key

By the way, it's ok to call me DB



#10 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:20 PM

Posted 20 August 2017 - 04:12 AM

Hi DB,

 

 

Let's clean out likely rootkits from your PC and get a fresh set of FRST logs. Also tell me about possible storage media for backups which we will do later.

 

 

Download and run Malwarebytes Anti-Rootkit (MBAR)
Note: Print these instructions to have them available when your PC is rebooted.

  • Download Malwarebytes Anti-Rootkit (MBAR) from here.
  • Save all your work and close all programs because MBAR will need to reboot your computer.
  • The file you have downloaded has a name similar to mbar-1.09.3.1001.exe
  • Change the file name to mbar-1.09.3.1001.com. If you get a warning, click Yes.
  • Double-click the renamed file and follow the onscreen instructions to extract it (to your desktop by default).
  • MBAR will attempt to open.
  • If a rootkit is interfering with the installation of the drivers, you will see a pop-up window: Could not load DDA driver. If you see that pop-up, click Yes.
  • Follow the instruction in the wizard and click Update.
  • When update is complete, click Next.
  • On the Scan System: screen, be sure checkmarks are in boxes next to Drivers, Sectors, and System.
  • Click Scan. This is a lengthy process. Please be patient.
  • If threats are detected, you will see a Cleanup: screen. Be sure all threats are checkmarked and add a checkmark to the Create Restore point option.
  • Click Cleanup to remove any threats.
  • Reboot, if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with MBAR to verify that no threats remain. If they do, click Cleanup once more and repeat the process as necessary.
  • If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional: Internet access, Windows Update, Windows Firewall.
  • If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool located within the Plugins sub-folder inside the mbar folder on your desktop. Then reboot. Note: Don't run fixdamage unless you have problems with Internet access, Windows Update, or Windows Firewall.
  • Verify that your system is now functioning normally.
  • Open the mbar folder on your desktop and find two log files. One is named system-log.txt and the other is named similar to mbar-log-2017-08-18 (21-21-36) (Your time stamp in the name will be different.)
  • Copy and paste the entire contents of both logs into the body of your reply.



Re-scan with Farbar Recovery Scan Tool
This tool is frequently updated. Please download a fresh copy of the 64-bit version of Farbar Recovery Scan Tool and save it to your Desktop.


  • Right-click FRST then click Run as administrator.
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory where the tool was run from.
  • Please copy and paste both logs into your next reply.



Retest Notepad


  • Press the Start key and type Notepad
  • Double-click Notepad (desktop application) in the search results.
  • If Notepad does not open, tell me what you see when you double-click Notepad in the search results.



Prepare for making backups


  1. Do you have another computer with adequate free space on which you can store your important files for backup (photos, spreadsheets, documents, etc)?
  2. Is your second computer connected to the sick PC via network?
  3. Do you have a USB thumb drive with free space which can be used for transferring files?


Summary


  • Copy and paste the entire contents of the MBAR logs into the body of your reply.
  • Was it necessary to run the fixdamage tool?
  • Are the following items all functional: Internet access, Windows Update, and Windows Firewall? If not, fully describe the symptoms.
  • Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your reply.
  • Is Notepad functioning normally? If not, describe all symptoms you see when you try to launch it.
  • Please answer the numbered questions about possible backup media.
  • Give me any other info relevant to this problem.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#11 Databuff

Databuff
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 21 August 2017 - 06:21 PM

Hi Ray,

           Downloaded the Mbar and renamed it as per above instruction, but when I tried to run it I got the response "requested resource is in use"

           Please note, I had downloaded Mbar previously whilst trying to resolve this issue on my own following one of the guides on this site.

 

Thanks

DB



#12 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:20 PM

Posted 22 August 2017 - 02:17 AM

Hi DB,
 

Downloaded the Mbar and renamed it as per above instruction, but when I tried to run it I got the response "requested resource is in use"


When a tool fails to run, I appreciate the fact that you didn't try to run some other tool on your own. In this case, the tool's failure didn't prevent you from answering my questions about backup. For your convenience, I am repeating the questions here:

 

Prepare for making backups

  • Do you have another computer with adequate free space on which you can store your important files for backup (photos, spreadsheets, documents, etc)?
  • Is your second computer connected to the sick PC via network?
  • Do you have a USB thumb drive with free space which can be used for transferring files?

Now, let's try to disable the malware temporarily so we can get the MBAR tool to run.


Download and run RKill

RKill is a tool that terminates malicious processes that may interfere with normal operations.

Please download RKill 2.9.1.0 by Grinler from here and save it to your desktop. Note that the page has four download links. If the first version you download is blocked by malware, try each of the other links one-at-a-time. Note that the fourth download link is for a .ZIP file that uses the password clean (all lower case) for the extraction. See here for illustrated guide showing how to uncompress (extract) files from a .ZIP archive.
 
If no version of RKill will launch, fully describe all symptoms you see including verbatim copies of any error messages and stop here. If any version of RKill does run, continue with the following instructions.

  • When a version of RKill runs, a black DOS box will briefly flash and then disappear. This is normal and it indicates that the tool ran successfully.
  • After RKill completes, do not reboot the computer. (If you reboot, that will make the next tool less effective.)
  • Rkill will produce a log. Please copy and paste the contents of Rkill.txt into your reply.

 

 

Rerun Malwarebytes Anti-Rootkit (MBAR)
Note: Print these instructions to have them available when your PC is rebooted.

  • Double-click the same renamed mbar-1.09.3.1001.com file and follow the onscreen instructions to extract it (to your desktop by default).
  • MBAR will attempt to open.
  • If a rootkit is interfering with the installation of the drivers, you will see a pop-up window: Could not load DDA driver. If you see that pop-up, click Yes.
  • Follow the instruction in the wizard and click Update.
  • When update is complete, click Next.
  • On the Scan System: screen, be sure checkmarks are in boxes next to Drivers, Sectors, and System.
  • Click Scan. This is a lengthy process. Please be patient.
  • If threats are detected, you will see a Cleanup: screen. Be sure all threats are checkmarked and add a checkmark to the Create Restore point option.
  • Click Cleanup to remove any threats.
  • Reboot, if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with MBAR to verify that no threats remain. If they do, click Cleanup once more and repeat the process as necessary.
  • If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional: Internet access, Windows Update, Windows Firewall.
  • If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool located within the Plugins sub-folder inside the mbar folder on your desktop. Then reboot. Note: Don't run fixdamage unless you have problems with Internet access, Windows Update, or Windows Firewall.
  • Verify that your system is now functioning normally.
  • Open the mbar folder on your desktop and find two log files. One is named system-log.txt and the other is named similar to mbar-log-2017-08-18 (21-21-36) (Your time stamp in the name will be different.)
  • Copy and paste the entire contents of both logs into the body of your reply.

 

 

Re-scan with Farbar Recovery Scan Tool
This tool is frequently updated. Please download a fresh copy of the 64-bit version of Farbar Recovery Scan Tool and save it to your Desktop.

  • Right-click FRST then click Run as administrator.
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory where the tool was run from.
  • Please copy and paste both logs into your next reply.

 

Retest Notepad

  • Press the Start key and type Notepad
  • Double-click Notepad (desktop application) in the search results.
  • If Notepad does not open, tell me what you see when you double-click Notepad in the search results.

 

Summary

  • Please answer the numbered questions about possible backup media.
  • If no version of RKill will run, fully describe your entire experience including verbatim copies of any error messages.
  • If RKill did run, copy and paste Rkill.txt into the body of your message.
  • If MBAR runs, copy and paste both logs it produced into the body of your message.
  • If MBAR runs, copy and paste FRST.txt and Addition.txt into the body of your message.
  • Is Notepad functioning normally? If not, describe all symptoms you see when you try to launch it.
  • Give me any other info relevant to this problem.

Before you press Post, be sure you have addressed every issue in the summary above.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#13 Databuff

Databuff
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 PM

Posted 22 August 2017 - 09:49 AM

Hi Ray,

            No version of RKill ran.

            On execution the Microsoft windows appstore icon pop-up asking to choose which app to open the program with.

            On your questions on backup:

            I don't have another pc with usable space.

            I do have empty dvd I could store stuff on.

          

           By the way, the frst tool still runs.

 

Thanks for your help.

DB



#14 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:20 PM

Posted 23 August 2017 - 09:21 AM

Hi DB,

Backup your important folders and files
 

I do have empty dvd I could store stuff on.

DVDs may not have sufficient capacity to hold all of your important folders and files. DVD-R (General), DVD-R (Authoring), DVD+R, DVD+RW and DVD-RAM discs come in 4.7 GB single and 9.4 GB double-sided (12 cm) and 1.46 GB single and 2.92 GB double-sided (8 cm) sizes. Your DVD burner may or may not have double-sided burning functionality.

You didn't answer my question about whether you have a USB thumb drive with adequate space for storing your important data. Please consider buying several USB thumb drives for off-line backups. 32 GB or 64 GB thumb drives cost about $11 or $16, respectively. You can get a pack of five 32 GB drives for about $40. These are prices for USB 2.0 drives. USB 3.0 drives will read and write faster, but your PC must be equipped with a USB 3 port. Otherwise the USB 3.0 drives will operate at USB 2.0 speed.

We will be doing some extensive deletions of malware from your file system and from your Registry. You really need to make backups of all your important data before we clean your PC. Offline storage is best because ransomware will corrupt not only your main data files but also all your backups if they are accessible online.

Please tell me whether you have backed up all your important data and which type of storage device you used.



Multiple user accounts
 

Loaded Profiles: Nkem & ReportServer$MSSQLSERVERPROD & MSOLAP$MSSQLSERVERPROD & DefaultAppPool (Available Profiles: Nkem & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & ReportServer$MSSQLSERVERPROD & MsDtsServer120 & MSSQLSERVER & MSOLAP$MSSQLSERVERPROD & MSSQLFDLauncher$MSSQLSERVERPROD & MSSQL$MSSQLSERVERPROD & DemoApp & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)

Did you intentionally create all fourteen of these accounts on your PC? If not, which ones do you want to keep?



Summary

  • Did you back up all your data?
  • On what storage medium did you back up?
  • Which user accounts do you want to keep?
  • Any additional relevant info?

Please don't skip any of my questions.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#15 RayS

RayS

  • Malware Study Hall Senior
  • 2,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:20 PM

Posted 27 August 2017 - 04:33 PM

Hi DB,

3 Day Bump

It has been 3 days since my last post.

  • Do you still need help with this? If not, please let me know as soon as possible. Other people are requesting my help.
  • If you will be away for an extended period, please let me know in advance.
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Thank you,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users