Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Get Rid of YeahDesktopbr browser hijacks


  • This topic is locked This topic is locked
13 replies to this topic

#1 NXS

NXS

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 13 August 2017 - 02:35 PM

Guys, I've ran MBAM, Avira, Adaware, JRT, TDSSKiller, Kapersky System Check, Farbar, etc. and I simply cannot get rid of the redirects.  Would REALLY appreciate some help. 

Running Windows 10 Home Premium 64



BC AdBot (Login to Remove)

 


#2 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:20 AM

Posted 13 August 2017 - 02:46 PM

Hi NXS!
 
Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:
[list]

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and that may have been the route the malware used to infect your computer. Do not use any P2P software until we conclude your topic.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

Let's begin!
 
 
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the logs back here.

 
 
Is the issue happening on every browser or is this limited to a particular browser?
 
 
-Pranav


Edited by blueelvis, 13 August 2017 - 02:47 PM.
It's always the formatting

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#3 NXS

NXS
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 13 August 2017 - 08:28 PM

blueelvis - Here are the scans you requested!  Thanks for your help!!!



FRST Log - 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
Ran by jessi (administrator) on LAPTOP-EF4R8GB6 (13-08-2017 12:47:59)
Running from C:\Users\jessi\Desktop
Loaded Profiles: jessi &  (Available Profiles: jessi)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
(Copyright 2017.) C:\Users\jessi\Downloads\Zemana.AntiMalware.Portable.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-25] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => c:\Program Files\AMD\CNext\CNext\cnext.exe [4998856 2016-03-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [258600 2016-01-05] (HP)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Adware Agent] => "C:\Program Files (x86)\Adware Agent\Adware Agent.exe"
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-08-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [919032 2017-08-01] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\Run: [gunfights] => "C:\Program Files (x86)\newland\gunfights.exe"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\Run: [gunfights] => "C:\Program Files (x86)\newland\gunfights.exe"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\Run: [gunfights] => "C:\Program Files (x86)\newland\gunfights.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyEnable: [S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115330787] => Proxy is enabled.
ProxyEnable: [S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123021766] => Proxy is enabled.
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyEnable: [S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331062] => Proxy is enabled.
ProxyEnable: [S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123021950] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1c14e2b2-e23d-45d4-bb50-fcc1e776b8d3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{1c14e2b2-e23d-45d4-bb50-fcc1e776b8d3}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{75694e29-0740-4484-aed5-d1a4ae278869}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{75694e29-0740-4484-aed5-d1a4ae278869}: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{bd98e4c2-b7f1-4417-9e87-cdf28864aa88}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{dbec7596-8f1e-4658-a2b1-d6b402f5ef72}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{dbec7596-8f1e-4658-a2b1-d6b402f5ef72}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{dde618cb-d816-11e6-84c9-806e6f6e6963}: [NameServer] 8.8.8.8
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3108641991-1499424543-81190280-1001 -> DefaultScope {633AE7E7-560D-49A1-A771-8A4BA6F9F10B} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3108641991-1499424543-81190280-1001 -> {633AE7E7-560D-49A1-A771-8A4BA6F9F10B} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446 -> DefaultScope {633AE7E7-560D-49A1-A771-8A4BA6F9F10B} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446 -> {633AE7E7-560D-49A1-A771-8A4BA6F9F10B} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179 -> DefaultScope {633AE7E7-560D-49A1-A771-8A4BA6F9F10B} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179 -> {633AE7E7-560D-49A1-A771-8A4BA6F9F10B} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: bwcz0yzt.default-1502587014310
FF ProfilePath: C:\Users\jessi\AppData\Roaming\Mozilla\Firefox\Profiles\bwcz0yzt.default-1502587014310 [2017-08-13]
FF Extension: (Adblock Plus) - C:\Users\jessi\AppData\Roaming\Mozilla\Firefox\Profiles\bwcz0yzt.default-1502587014310\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-12]
FF Extension: (Click-to-Play staged rollout) - C:\Program Files\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-08-09] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-08-09] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-08-09] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3108641991-1499424543-81190280-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-03-26] () [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-08-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-08-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-08-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-08-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [389312 2017-08-02] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-25] (Realtek Semiconductor)
S2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [54808 2016-04-02] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27384 2016-04-02] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101112 2016-04-02] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2016-04-02] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [277240 2016-04-02] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-04-02] (Advanced Micro Devices)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-08-01] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [173784 2017-08-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-08-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-08-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-08-01] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-08-01] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [40224 2014-12-25] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-08-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-08-13] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-13] (Malwarebytes)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-08-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-13] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-08-13] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-02-25] (Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-02-25] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6294016 2017-02-01] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-08-13] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-08-13] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-13 12:33 - 2017-08-13 12:48 - 000001348 _____ C:\Users\jessi\Desktop\Internet Explorer.lnk
2017-08-13 11:42 - 2017-08-13 11:42 - 000046198 _____ C:\Users\jessi\Desktop\Shortcut.txt
2017-08-13 11:29 - 2017-08-13 11:29 - 000000242 _____ C:\Users\jessi\Desktop\SearchReg.txt
2017-08-13 11:15 - 2017-08-13 11:21 - 000000243 _____ C:\Users\jessi\Desktop\Search.txt
2017-08-13 10:52 - 2017-08-13 11:42 - 000048516 _____ C:\Users\jessi\Desktop\Addition.txt
2017-08-13 10:50 - 2017-08-13 12:48 - 000019634 _____ C:\Users\jessi\Desktop\FRST.txt
2017-08-13 10:48 - 2017-08-13 10:48 - 000000000 ____D C:\Users\jessi\Desktop\FRST-OlderVersion
2017-08-13 10:47 - 2017-08-13 12:47 - 000000000 ____D C:\FRST
2017-08-13 10:47 - 2017-08-13 10:48 - 002395648 _____ (Farbar) C:\Users\jessi\Desktop\FRST64.exe
2017-08-13 10:43 - 2017-08-13 12:48 - 000045126 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-08-13 10:43 - 2017-08-13 12:48 - 000044180 _____ C:\WINDOWS\ZAM.krnl.trace
2017-08-13 10:43 - 2017-08-13 10:43 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-08-13 10:43 - 2017-08-13 10:43 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-08-13 10:43 - 2017-08-13 10:43 - 000000000 ____D C:\Users\jessi\AppData\Local\Zemana
2017-08-13 10:41 - 2017-08-13 10:43 - 015579280 _____ (Copyright 2017.) C:\Users\jessi\Downloads\Zemana.AntiMalware.Portable.exe
2017-08-13 10:19 - 2017-08-13 10:25 - 000003994 _____ C:\Users\jessi\Desktop\Rkill.txt
2017-08-13 10:09 - 2017-08-13 10:09 - 000000760 _____ C:\Users\jessi\Desktop\JRT.txt
2017-08-13 10:05 - 2017-08-13 10:05 - 005660059 _____ (Swearware) C:\Users\jessi\Downloads\ComboFix.exe
2017-08-13 03:54 - 2017-08-13 11:52 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-08-13 03:54 - 2017-08-13 11:52 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-08-13 03:53 - 2017-08-13 11:52 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-13 03:51 - 2017-08-13 03:53 - 000001879 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-13 03:51 - 2017-08-13 03:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-13 03:51 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-13 03:50 - 2017-08-13 03:50 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-13 03:50 - 2017-08-13 03:08 - 065033984 _____ (Malwarebytes ) C:\Users\jessi\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-13 02:37 - 2017-08-13 02:43 - 000000000 ____D C:\Users\jessi\AppData\LocalLow\Adblock Plus for IE
2017-08-13 02:37 - 2017-08-13 02:37 - 000000000 ____D C:\Program Files\Adblock Plus for IE
2017-08-13 02:32 - 2017-08-13 02:33 - 006263976 _____ ( ) C:\Users\jessi\Desktop\adblockplusie-1.6.exe
2017-08-13 00:26 - 2017-08-13 01:06 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-08-13 00:23 - 2017-08-13 01:08 - 000000000 ____D C:\Users\jessi\Desktop\ksc
2017-08-13 00:22 - 2017-08-13 00:23 - 044004224 _____ (Kaspersky Lab ZAO) C:\Users\jessi\Desktop\ksyschk.exe
2017-08-12 21:57 - 2017-08-12 21:57 - 000851923 _____ C:\Users\jessi\Desktop\AdBlock-MS-Edge-v0.9.6.0.zip
2017-08-12 21:57 - 2017-08-12 21:57 - 000000000 ____D C:\Users\jessi\Desktop\AdBlock-MS-Edge-v0.9.6.0
2017-08-12 21:23 - 2017-08-12 21:25 - 000001815 _____ C:\Users\jessi\Desktop\Microsoft Edge.lnk
2017-08-12 20:31 - 2017-08-13 12:48 - 000000996 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-12 20:31 - 2017-08-12 20:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-12 20:31 - 2017-08-12 20:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-12 19:49 - 2017-08-12 19:49 - 000000000 ____D C:\Users\jessi\AppData\Roaming\WildTangent
2017-08-12 19:13 - 2017-08-12 19:13 - 000001046 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-08-12 19:13 - 2017-08-12 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-08-12 19:13 - 2017-08-12 19:13 - 000000000 ____D C:\Program Files\VS Revo Group
2017-08-12 19:08 - 2017-08-12 19:11 - 007178424 _____ (VS Revo Group ) C:\Users\jessi\Downloads\revosetup.exe
2017-08-12 18:24 - 2017-08-12 18:24 - 000000000 ____D C:\Users\jessi\AppData\Roaming\Avira
2017-08-12 18:16 - 2017-08-12 18:16 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-08-12 18:16 - 2017-08-01 15:23 - 000173784 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-08-12 18:16 - 2017-08-01 15:23 - 000167464 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-08-12 18:16 - 2017-08-01 15:23 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2017-08-12 18:16 - 2017-08-01 15:23 - 000060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2017-08-12 18:16 - 2017-08-01 15:23 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2017-08-12 18:16 - 2017-08-01 15:23 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-08-12 18:12 - 2017-08-12 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-08-12 18:12 - 2017-08-12 18:12 - 000001244 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-08-12 18:11 - 2017-08-12 19:50 - 000000000 ____D C:\ProgramData\Avira
2017-08-12 18:11 - 2017-08-12 18:16 - 000000000 ____D C:\Program Files (x86)\Avira
2017-08-12 18:05 - 2017-08-12 18:05 - 001130328 _____ (Google Inc.) C:\Users\jessi\Desktop\ChromeSetup.exe
2017-08-12 17:57 - 2017-08-12 17:58 - 020730615 _____ C:\Users\jessi\Downloads\SriLankaSurangaWeeratunga.themepack
2017-08-12 17:48 - 2017-08-12 17:48 - 000000000 ____D C:\Users\jessi\AppData\Local\TempOfficeC2R77DFD85A-380A-4DEF-A7AF-5115DC4FD4E3
2017-08-12 17:17 - 2017-08-12 17:17 - 000006762 _____ C:\TDSSKiller.3.1.0.15_12.08.2017_17.17.11_log.txt
2017-08-12 17:14 - 2017-08-12 17:16 - 000786312 _____ C:\TDSSKiller.3.1.0.15_12.08.2017_17.14.42_log.txt
2017-08-12 17:09 - 2017-08-12 17:09 - 000006804 _____ C:\TDSSKiller.3.1.0.15_12.08.2017_17.09.12_log.txt
2017-08-12 09:48 - 2017-08-12 17:06 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-12 09:47 - 2017-08-13 11:52 - 000188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-08-11 16:21 - 2017-08-13 11:52 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-08-11 16:21 - 2017-08-13 03:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-11 16:21 - 2017-08-11 16:21 - 000001145 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-08-11 16:21 - 2017-08-11 16:21 - 000000000 ____D C:\Users\jessi\AppData\Roaming\Malwarebytes
2017-08-11 16:21 - 2017-08-11 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2017-08-11 16:21 - 2017-08-11 16:21 - 000000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2017-08-11 16:14 - 2017-08-12 17:29 - 000078451 ____H C:\Users\jessi\AppData\Local\IconCache.db.backup
2017-08-11 16:01 - 2017-08-13 10:14 - 000000000 ____D C:\AdwCleaner
2017-08-11 15:43 - 2017-08-11 15:43 - 000000000 ____D C:\Users\jessi\Desktop\Ccleaner Professional v5.12.5431 FINAL + Serials [TechTools.net]
2017-08-11 15:41 - 2017-08-13 10:25 - 000000000 ____D C:\Users\jessi\Desktop\rkill
2017-08-11 15:41 - 2017-08-11 15:41 - 000000000 ____D C:\Users\jessi\AppData\Roaming\WinRAR
2017-08-11 15:41 - 2017-08-11 15:41 - 000000000 ____D C:\Users\jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-11 15:41 - 2017-08-11 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-08-11 15:41 - 2017-08-11 15:41 - 000000000 ____D C:\Program Files (x86)\WinRAR
2017-08-11 15:41 - 2012-09-29 02:28 - 000000000 ____D C:\Users\jessi\Adobe.Photoshop.CS6.Extended.13.0.1.1.Portable
2017-08-11 15:38 - 2017-08-05 07:40 - 004922400 _____ (AO Kaspersky Lab) C:\Users\jessi\Desktop\tdsskiller.exe
2017-08-11 15:37 - 2017-08-05 07:40 - 001790024 _____ (Malwarebytes) C:\Users\jessi\Desktop\JRT.exe
2017-08-11 15:37 - 2017-08-05 07:37 - 008185288 _____ (Malwarebytes) C:\Users\jessi\Desktop\AdwCleaner.exe
2017-08-11 15:15 - 2017-08-11 15:15 - 000003270 _____ C:\WINDOWS\System32\Tasks\{4E341417-84F9-4975-B541-D069F38071FD}
2017-08-11 13:00 - 2017-08-12 23:02 - 000000000 ___RD C:\Users\jessi\Desktop\Desktop Stuff
2017-08-11 13:00 - 2017-08-11 13:00 - 000000005 ____H C:\WINDOWS\TS2.DAT
2017-08-11 12:59 - 2017-08-11 14:55 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-11 12:56 - 2017-08-11 12:56 - 000000000 ____D C:\WINDOWS\pss
2017-08-11 12:45 - 2017-08-11 12:45 - 000414108 _____ C:\WINDOWS\Minidump\081117-43562-01.dmp
2017-08-08 20:25 - 2017-08-08 20:27 - 002356788 _____ C:\WINDOWS\Minidump\080817-43156-01.dmp
2017-08-07 23:04 - 2017-08-07 23:04 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-07 17:59 - 2017-08-07 17:32 - 000001321 _____ C:\Users\jessi\Documents\VMware Workstation 12 Player.lnk
2017-08-06 22:38 - 2017-08-06 22:40 - 000414036 _____ C:\WINDOWS\Minidump\080617-35562-01.dmp
2017-08-06 14:03 - 2017-08-06 14:05 - 000414236 _____ C:\WINDOWS\Minidump\080617-30984-01.dmp
2017-08-06 13:02 - 2017-08-06 13:04 - 000414116 _____ C:\WINDOWS\Minidump\080617-39781-01.dmp
2017-08-05 22:00 - 2017-08-05 22:01 - 000414092 _____ C:\WINDOWS\Minidump\080517-50031-01.dmp
2017-08-05 21:09 - 2017-08-05 21:10 - 000414156 _____ C:\WINDOWS\Minidump\080517-50750-01.dmp
2017-08-04 22:47 - 2017-08-04 22:48 - 000414268 _____ C:\WINDOWS\Minidump\080417-49140-01.dmp
2017-08-04 21:40 - 2017-08-04 21:41 - 000414268 _____ C:\WINDOWS\Minidump\080417-43093-01.dmp
2017-08-04 08:09 - 2017-08-04 08:10 - 000414140 _____ C:\WINDOWS\Minidump\080417-45984-01.dmp
2017-08-03 21:34 - 2017-08-07 17:53 - 000000000 ____D C:\Users\jessi\Documents\Windows Me
2017-08-03 21:24 - 2017-08-03 22:34 - 000000000 ____D C:\Users\Default\AppData\Roaming\VMware
2017-08-03 21:24 - 2017-08-03 22:34 - 000000000 ____D C:\Users\Default User\AppData\Roaming\VMware
2017-08-03 21:22 - 2017-08-03 22:33 - 000000000 ____D C:\Users\jessi\Documents\Virtual Machines
2017-08-02 23:59 - 2017-06-19 19:58 - 000088504 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2017-08-02 23:02 - 2017-08-02 23:02 - 000000000 ____D C:\UTOPIAWA
2017-08-02 23:02 - 2017-08-02 23:02 - 000000000 ____D C:\SAFARI
2017-08-02 23:02 - 2017-08-02 23:02 - 000000000 ____D C:\NOTEBOOK
2017-08-02 23:02 - 2017-08-02 23:02 - 000000000 ____D C:\MAILROOM
2017-08-02 23:02 - 2017-08-02 23:02 - 000000000 ____D C:\LETTER
2017-08-02 23:02 - 2017-08-02 23:02 - 000000000 ____D C:\HOME
2017-08-02 23:02 - 2017-08-02 23:02 - 000000000 ____D C:\CHKBOOK
2017-08-02 23:02 - 2017-08-02 23:02 - 000000000 ____D C:\CALENDAR
2017-08-02 23:02 - 2017-08-02 23:02 - 000000000 ____D C:\ADDRESS
2017-08-02 23:02 - 2017-08-02 23:02 - 000000000 ____D C:\ACTORS
2017-08-02 21:56 - 2017-02-20 08:02 - 000083008 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2017-08-02 21:55 - 2017-08-02 21:55 - 000001024 _____ C:\WINDOWS\SysWOW64\%TMP%
2017-08-02 20:47 - 2017-08-02 20:47 - 000000279 _____ C:\Users\jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2017-08-02 02:11 - 2017-08-02 02:12 - 000414212 _____ C:\WINDOWS\Minidump\080217-48375-01.dmp
2017-08-02 01:11 - 2017-08-02 01:11 - 000003248 _____ C:\WINDOWS\System32\Tasks\{4C04E76C-1679-4882-9A1D-464DB2170F1A}
2017-08-01 22:14 - 2017-08-01 22:15 - 000414076 _____ C:\WINDOWS\Minidump\080117-42640-01.dmp
2017-08-01 21:58 - 2017-08-01 21:58 - 000000133 _____ C:\Users\jessi\Documents\Character1.acf
2017-08-01 21:58 - 2017-08-01 21:58 - 000000029 _____ C:\Users\jessi\Documents\Animation 1.aca
2017-08-01 21:56 - 2017-08-01 21:56 - 000000188 _____ C:\Users\jessi\Documents\robot.acs
2017-07-31 21:00 - 2017-07-31 21:01 - 000414156 _____ C:\WINDOWS\Minidump\073117-52375-01.dmp
2017-07-31 19:49 - 2017-07-31 19:50 - 000414180 _____ C:\WINDOWS\Minidump\073117-58578-01.dmp
2017-07-31 18:28 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\5shp3iekiar
2017-07-31 18:20 - 2017-08-11 14:35 - 000000000 ____D C:\Program Files (x86)\MagicISO
2017-07-31 08:44 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\w23bfhvsx5p
2017-07-31 06:43 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\u0iuptnhy0y
2017-07-31 06:32 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\auur3n42c1n
2017-07-31 06:04 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\s4dr2uuwvz2
2017-07-31 05:55 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\enb2njx1kbu
2017-07-31 04:04 - 2017-07-31 04:04 - 000000000 ____D C:\Program Files\5QI0YYKSPI
2017-07-31 04:03 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\fuyr1f5dnkz
2017-07-31 02:03 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\lbux0wvvuua
2017-07-31 00:27 - 2017-06-19 19:58 - 000052288 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmkbd.sys
2017-07-31 00:02 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\dxrhl0shn30
2017-07-30 23:27 - 2017-08-07 17:57 - 000000000 ____D C:\Users\jessi\AppData\Roaming\VMware
2017-07-30 23:27 - 2017-08-07 17:57 - 000000000 ____D C:\Users\jessi\AppData\Local\VMware
2017-07-30 23:16 - 2017-08-02 21:53 - 000000000 ____D C:\Program Files (x86)\VMware
2017-07-30 23:14 - 2017-08-11 15:33 - 000000000 ____D C:\ProgramData\VMware
2017-07-30 23:04 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\erifst4rojf
2017-07-30 22:32 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\wk30ymelvjy
2017-07-30 22:31 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\cn1oh12n13g
2017-07-30 22:00 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\zukz1p2511l
2017-07-30 21:59 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\bpyoaq2x3dd
2017-07-30 21:59 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\0ntzcwscns4
2017-07-30 21:28 - 2017-08-12 23:34 - 000000000 ___HD C:\Program Files (x86)\Knoll
2017-07-30 21:28 - 2017-07-30 21:28 - 000000000 ____D C:\Program Files (x86)\bearings
2017-07-30 21:27 - 2017-08-12 23:37 - 000000000 ____D C:\Program Files (x86)\Mispronouncing
2017-07-30 21:27 - 2017-07-30 21:27 - 000003720 _____ C:\WINDOWS\System32\Tasks\ba107646107646
2017-07-30 21:26 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\yy2n1yeyi3y
2017-07-30 21:26 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\xuc5s323bom
2017-07-30 21:25 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\bvmiulh5zv1
2017-07-24 16:33 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\nnhbtyioga3
2017-07-24 16:32 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\wpy1yayrzza
2017-07-24 16:31 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\jzfwbaebzmd
2017-07-24 16:30 - 2017-08-12 17:28 - 000000008 __RSH C:\Users\jessi\ntuser.pol
2017-07-20 14:04 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\00nwgq1kjf2
2017-07-20 14:03 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\0octicmif5g
2017-07-20 14:02 - 2017-08-12 14:22 - 000000000 ____D C:\Users\jessi\AppData\Roaming\lmhvmihnkv4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-13 12:48 - 2017-01-29 19:51 - 000001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-13 12:46 - 2017-01-29 19:56 - 000000000 ____D C:\Users\jessi\AppData\LocalLow\Mozilla
2017-08-13 10:34 - 2016-07-28 01:03 - 000000000 ____D C:\Program Files (x86)\Cisco
2017-08-13 10:17 - 2017-01-11 12:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-13 10:17 - 2016-07-28 02:13 - 005105680 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2017-08-13 10:16 - 2017-01-11 12:03 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-08-13 10:16 - 2016-07-16 02:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-13 02:46 - 2016-12-13 09:19 - 000000000 ___RD C:\Users\jessi\OneDrive
2017-08-13 02:46 - 2016-07-16 07:45 - 000000000 ____D C:\WINDOWS\INF
2017-08-13 01:03 - 2017-01-11 12:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-13 00:34 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-08-13 00:34 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-12 21:44 - 2017-01-14 11:21 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-12 21:40 - 2017-01-14 11:20 - 000000000 ____D C:\Users\jessi\AppData\Local\Google
2017-08-12 20:32 - 2017-01-29 19:52 - 000000000 ____D C:\Users\jessi\AppData\Roaming\Mozilla
2017-08-12 20:32 - 2017-01-29 19:52 - 000000000 ____D C:\Users\jessi\AppData\Local\Mozilla
2017-08-12 19:59 - 2016-07-28 02:16 - 000000000 ____D C:\ProgramData\WildTangent
2017-08-12 19:53 - 2016-07-28 02:17 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-08-12 19:51 - 2016-07-28 02:16 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2017-08-12 19:40 - 2017-01-30 19:30 - 000000000 ____D C:\Users\jessi\AppData\Local\Opera Software
2017-08-12 19:40 - 2017-01-30 19:29 - 000000000 ____D C:\Users\jessi\AppData\Roaming\Opera Software
2017-08-12 18:30 - 2016-07-28 02:14 - 000000000 ____D C:\ProgramData\HP
2017-08-12 18:30 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\Help
2017-08-12 18:11 - 2016-04-15 14:17 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-12 17:28 - 2017-01-20 22:02 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-08-12 17:28 - 2017-01-11 12:09 - 000000000 ____D C:\Users\jessi
2017-08-12 14:46 - 2017-01-20 21:54 - 000000000 ____D C:\WINDOWS\Running Clock 3D Screensaver
2017-08-12 14:22 - 2017-07-09 21:44 - 000000000 ____D C:\Users\jessi\AppData\Roaming\lc4dpchyguy
2017-08-12 14:22 - 2017-07-09 21:43 - 000000000 ____D C:\Users\jessi\AppData\Roaming\3adafiilwro
2017-08-12 14:22 - 2017-07-09 21:43 - 000000000 ____D C:\Users\jessi\AppData\Roaming\1g0dlw2bwq4
2017-08-12 14:22 - 2017-07-09 21:03 - 000000000 ____D C:\Users\jessi\AppData\Roaming\kj25m4d5qmr
2017-08-12 14:22 - 2017-07-09 21:03 - 000000000 ____D C:\Users\jessi\AppData\Roaming\hva1r0gi2kl
2017-08-12 14:22 - 2017-07-09 21:02 - 000000000 ____D C:\Users\jessi\AppData\Roaming\ukvzxwvmbgg
2017-08-12 14:22 - 2017-07-09 20:38 - 000000000 ____D C:\Users\jessi\AppData\Roaming\y5yb0pjy1eh
2017-08-12 14:22 - 2017-07-09 20:38 - 000000000 ____D C:\Users\jessi\AppData\Roaming\a4avzlm2pmb
2017-08-12 14:22 - 2017-07-09 20:37 - 000000000 ____D C:\Users\jessi\AppData\Roaming\chxesxmcvtj
2017-08-12 14:22 - 2017-07-09 20:21 - 000000000 ____D C:\Users\jessi\AppData\Roaming\52squkv4fjq
2017-08-12 14:22 - 2017-07-09 20:20 - 000000000 ____D C:\Users\jessi\AppData\Roaming\pxnrygof20y
2017-08-12 14:22 - 2017-07-09 20:19 - 000000000 ____D C:\Users\jessi\AppData\Roaming\jubli2j3lrz
2017-08-12 14:22 - 2017-07-04 15:51 - 000000000 ____D C:\Users\jessi\AppData\Roaming\h4j1nbq3owl
2017-08-12 14:22 - 2017-07-04 15:51 - 000000000 ____D C:\Users\jessi\AppData\Roaming\d3qevvtgqdt
2017-08-12 14:22 - 2017-07-04 15:50 - 000000000 ____D C:\Users\jessi\AppData\Roaming\atchmnokavh
2017-08-12 14:22 - 2017-07-04 15:37 - 000000000 ____D C:\Users\jessi\AppData\Roaming\gqpefa5glwh
2017-08-12 14:22 - 2017-07-04 14:45 - 000000000 ____D C:\Users\jessi\AppData\Roaming\xvpbp3blgrz
2017-08-12 14:22 - 2017-07-04 14:44 - 000000000 ____D C:\Users\jessi\AppData\Roaming\jnbna0kqzma
2017-08-12 14:22 - 2017-06-29 15:39 - 000000000 ____D C:\Users\jessi\AppData\Roaming\bqyutzmm13j
2017-08-12 14:22 - 2017-06-28 19:45 - 000000000 ____D C:\Program Files\NG8PZ1EGLZ
2017-08-12 14:22 - 2017-06-28 18:36 - 000000000 ____D C:\Users\jessi\AppData\Roaming\q4afphhs5mi
2017-08-12 14:22 - 2017-06-28 18:36 - 000000000 ____D C:\Program Files\UQ3X03C5KE
2017-08-12 14:22 - 2017-06-28 15:47 - 000000000 ____D C:\Users\jessi\AppData\Local\fetna
2017-08-12 14:22 - 2017-06-28 15:46 - 000000000 ____D C:\Users\jessi\AppData\Roaming\hpu4wlb2du2
2017-08-12 14:22 - 2017-06-28 15:40 - 000000000 ____D C:\Users\jessi\AppData\Roaming\l43cefkf3fb
2017-08-12 13:00 - 2017-07-04 15:38 - 000000000 ____D C:\Users\jessi\AppData\Roaming\j3rl1xsyi1k
2017-08-12 13:00 - 2017-07-04 15:38 - 000000000 ____D C:\Users\jessi\AppData\Roaming\2mlinhi1tqu
2017-08-12 13:00 - 2017-07-04 14:46 - 000000000 ____D C:\Users\jessi\AppData\Roaming\jlgtjznngid
2017-08-12 13:00 - 2017-06-29 15:39 - 000000000 ____D C:\Users\jessi\AppData\Roaming\myb545gpz54
2017-08-12 13:00 - 2017-06-29 15:38 - 000000000 ____D C:\Users\jessi\AppData\Roaming\k4en2vuv5ny
2017-08-12 13:00 - 2017-06-28 22:29 - 000000000 ____D C:\Users\jessi\AppData\Roaming\t55zhpf21tw
2017-08-12 13:00 - 2017-06-28 22:29 - 000000000 ____D C:\Users\jessi\AppData\Roaming\ionupq53ftp
2017-08-12 13:00 - 2017-06-28 22:27 - 000000000 ____D C:\Users\jessi\AppData\Roaming\xmxpcokbca2
2017-08-12 13:00 - 2017-06-28 19:44 - 000000000 ____D C:\Users\jessi\AppData\Roaming\ua5vtllxgso
2017-08-12 13:00 - 2017-06-28 19:44 - 000000000 ____D C:\Users\jessi\AppData\Roaming\mbnbdkqpii0
2017-08-12 12:59 - 2017-06-28 19:43 - 000000000 ____D C:\Users\jessi\AppData\Roaming\rxt01p15cl0
2017-08-12 12:59 - 2017-06-28 18:35 - 000000000 ____D C:\Users\jessi\AppData\Roaming\ekop5jbi115
2017-08-12 12:59 - 2017-06-28 18:34 - 000000000 ____D C:\Users\jessi\AppData\Roaming\mx2luvwsi0a
2017-08-12 12:59 - 2017-06-28 15:44 - 000000000 ____D C:\Users\jessi\AppData\Roaming\eejh5wnmrnh
2017-08-12 12:59 - 2017-06-28 15:42 - 000000000 ____D C:\Users\jessi\AppData\Roaming\vgnq3ve2ai5
2017-08-12 12:34 - 2017-04-22 22:53 - 000000000 ____D C:\Users\jessi\AppData\Local\CrashDumps
2017-08-12 09:35 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-12 09:20 - 2017-05-10 21:08 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjessi.job
2017-08-11 17:48 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\rescache
2017-08-11 17:15 - 2017-05-10 21:08 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjessi
2017-08-11 16:16 - 2017-02-12 15:27 - 000000000 ____D C:\Program Files\TrueKey
2017-08-11 16:16 - 2016-07-28 02:38 - 000000000 ____D C:\ProgramData\McAfee
2017-08-11 16:16 - 2016-07-28 02:38 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-08-11 15:49 - 2017-01-20 23:00 - 000000000 ____D C:\Program Files\COMODO
2017-08-11 15:30 - 2017-01-29 20:09 - 000000000 ____D C:\Users\jessi\AppData\LocalLow\Unity
2017-08-11 15:30 - 2017-01-29 20:09 - 000000000 ____D C:\Users\jessi\AppData\Local\Unity
2017-08-11 15:26 - 2016-07-16 07:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-08-11 15:26 - 2016-07-16 02:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-11 15:24 - 2015-10-30 02:28 - 000000000 ____D C:\Users\Default.migrated
2017-08-11 15:14 - 2016-07-28 02:16 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-11 14:53 - 2016-12-13 09:13 - 000000000 ____D C:\Users\jessi\AppData\Roaming\AVAST Software
2017-08-11 14:53 - 2016-07-28 02:38 - 000000000 ____D C:\Program Files\Common Files\AV
2017-08-11 14:36 - 2017-01-07 18:55 - 000000000 ____D C:\Program Files (x86)\Nintendo DS Easy Music Transfer
2017-08-11 14:35 - 2017-06-25 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Talking Translator Pro
2017-08-11 14:29 - 2017-06-22 15:48 - 000000000 ____D C:\Program Files (x86)\Movavi Video Editor 12
2017-08-11 14:28 - 2017-01-20 22:04 - 000000000 ____D C:\Program Files (x86)\NewFreeScreensavers
2017-08-11 14:20 - 2016-12-13 09:11 - 000000000 ____D C:\Users\jessi\AppData\Roaming\Synaptics
2017-08-11 14:18 - 2017-01-14 13:34 - 000000000 ____D C:\Program Files\Unity
2017-08-11 13:30 - 2017-06-22 15:07 - 000000000 ____D C:\Users\jessi\AppData\Roaming\DVDVideoSoft
2017-08-11 13:28 - 2017-06-25 23:08 - 000000000 ____D C:\Program Files (x86)\BellCraft.com
2017-08-11 13:22 - 2017-06-25 09:25 - 000000000 ____D C:\Program Files (x86)\BonziBuddy432
2017-08-11 13:17 - 2017-01-20 23:03 - 000000000 ____D C:\Program Files (x86)\Screensavers
2017-08-11 13:16 - 2017-06-27 04:16 - 000000000 ____D C:\Program Files (x86)\Adware Agent
2017-08-11 12:45 - 2017-06-28 16:44 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-11 12:44 - 2017-06-28 16:43 - 745353211 _____ C:\WINDOWS\MEMORY.DMP
2017-08-11 12:29 - 2017-02-07 18:31 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-08-06 12:18 - 2015-10-30 03:24 - 000000187 _____ C:\WINDOWS\win.ini
2017-08-05 19:30 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-04 08:06 - 2017-01-20 22:32 - 000000000 ____D C:\Users\jessi\AppData\Roaming\PlutoTV
2017-08-02 23:47 - 2015-11-03 02:05 - 001188712 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-08-02 23:46 - 2017-06-26 22:44 - 000000225 _____ C:\Users\jessi\Documents\Character1.acs
2017-08-02 23:11 - 2017-06-28 14:45 - 000000000 ____D C:\Users\jessi\AppData\Local\Deployment
2017-08-02 01:13 - 2017-06-25 19:34 - 000000000 ____D C:\Program Files (x86)\Talking Translator Pro
2017-08-01 22:18 - 2016-12-13 09:17 - 000000000 ____D C:\Users\jessi\AppData\Local\MicrosoftEdge
2017-08-01 21:58 - 2017-06-26 22:44 - 000000967 _____ C:\Users\jessi\Documents\Character1.acd
2017-07-30 23:25 - 2016-12-13 09:11 - 000000000 ____D C:\Users\jessi\AppData\Local\VirtualStore
2017-07-25 00:11 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-07-20 14:01 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-07-20 14:00 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
 
==================== Files in the root of some directories =======
 
2017-06-28 15:44 - 2017-06-28 15:44 - 000140800 _____ () C:\Users\jessi\AppData\Local\installer.dat
2017-06-22 15:48 - 2017-06-22 15:48 - 000004865 _____ () C:\ProgramData\czchsjpj.srw
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-11 16:39
 
==================== End of FRST.txt ============================






Addition Log - 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by jessi (13-08-2017 12:49:50)
Running from C:\Users\jessi\Desktop
Windows 10 Home Version 1607 (X64) (2017-01-11 16:40:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3108641991-1499424543-81190280-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3108641991-1499424543-81190280-503 - Limited - Disabled)
Guest (S-1-5-21-3108641991-1499424543-81190280-501 - Limited - Disabled)
jessi (S-1-5-21-3108641991-1499424543-81190280-1001 - Administrator - Enabled) => C:\Users\jessi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Disabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Disabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.29.32 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{7990b9d3-2da3-4eef-bf20-73a05086fd12}) (Version: 1.2.92.32157 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{E972AE5C-71B3-4D35-8193-BC4CC2F1FA20}) (Version: 1.2.92.32157 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{020D236C-0860-8700-6645-A8D7DF7D1219}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{B8D846ED-A061-FC73-1A80-E45A70FC8BE1}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{05B3192F-37A6-D1F0-365B-476D69C3F0D2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{5FBFEC71-C194-6D96-21D9-80C183E25878}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{9A841032-8472-D1CE-0ACB-E399AC7A2199}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9DF52711-9C0C-5B80-6304-49CE67D2824D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{7516F9DE-6B63-B709-84CE-3098F06DD318}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{AF5429E4-27FD-3F52-A54D-6BD8F4A68963}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{5BA23300-0626-7146-471A-5BF56F8B5CBD}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{3FF26615-BB9E-2C89-6532-4B6215A20BB5}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{58EB8CBE-C35C-ADE2-1F58-0F9D453976D4}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B84C4DE7-F6A1-CC2A-9EE3-781DC5D600C2}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{401E894B-7172-98C5-0DA6-A05F78EE79B9}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{A3A601FE-245E-B0EE-F0B1-DDACCBBFDF7B}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6332ED4-35E5-CC2A-4E37-612FC1985994}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{89551DFD-EC10-8C4C-E127-9EEB614346FA}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{9E3D8484-056C-E087-D6F4-FCCD5EF6FABB}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{ADC3E089-7CA6-E182-26B3-A7DA6438636D}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01C748AD-07EC-9D6B-3F15-43D49C5E9DE6}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{E5407BDB-DAF1-F28E-B835-BB90F20A3333}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{9A8954B1-8591-D49B-F337-800094222F7E}) (Version: 2016.0326.2041.34859 - Advanced Micro Devices, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DriverUpdate (HKLM-x32\...\{53C9EBD2-F3F7-49BB-BDB4-147D3A4D5E6D}) (Version: 2.7.10 - Slimware Utilities Holdings, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.4.14.41 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.6.14.19 - HP)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{1BDD178E-43DC-4063-B480-BA2BAE03E2A0}) (Version: 1.1.15.1 - HP)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-GB) (HKLM-x32\...\{E0D13850-F97C-4B30-9F05-862299CE8DA5}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Mozilla Firefox 55.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.1 (x64 en-US)) (Version: 55.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7743 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.69 - REALTEK Semiconductor Corp.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3108641991-1499424543-81190280-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\jessi\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3108641991-1499424543-81190280-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\jessi\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3108641991-1499424543-81190280-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\jessi\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-08-01] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-03-26] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-08-01] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03C8260D-B476-4415-ADBA-817AF4E281EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {05ED0F16-69C3-45C0-B7B8-DDD97A67290A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {0B997BA6-1B27-4535-8F40-49BD13BD1B78} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\jessi\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {0DF3A414-67B7-4089-B5B0-CE956EA4C235} - System32\Tasks\{391CDA74-2C51-4F07-860A-37B8FD0111FF} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\jessi\Downloads\robby (1).exe" -d C:\Users\jessi\Downloads
Task: {20DCC14F-27CF-4772-83AD-6539DF27E446} - System32\Tasks\{4C04E76C-1679-4882-9A1D-464DB2170F1A} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\MagicISO\UNWISE.EXE"
Task: {43599EAB-34D3-420F-B58A-10E1BE05C336} - System32\Tasks\{4E341417-84F9-4975-B541-D069F38071FD} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Easy GIF Animator\unins000.exe"
Task: {4F7C333A-1906-48B1-91E1-D0AEF48375AD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {52F1A6CA-6A90-4AD1-B7CF-AE36CF5A4B50} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
Task: {54B7A44A-A8BE-4949-A2DE-3350D2C66EE3} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {66DEBDC3-7EAD-4DBA-9831-552A394B152F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {7DAA0245-4871-4841-AC92-7B9F041B3F76} - System32\Tasks\{1028CE1A-025C-4EF7-B732-D34CC86E0C4A} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\jessi\AppData\Local\Temp\Temp1_docbdr18.zip\DocBuilder1821.exe <==== ATTENTION
Task: {9E56A4E0-BEB4-4AE0-8791-0EAE101993E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {A14D244C-BBB3-43DB-A593-5597A683AD8C} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe
Task: {A3802616-BE17-4574-B18E-4E1F2C96A35E} - System32\Tasks\{0C5A03E6-CBE7-4C8B-8A84-5ED09F0799D3} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\jessi\Downloads\robby.exe -d C:\Users\jessi\Downloads
Task: {B051AA79-34B6-47B8-9144-0F3CF9484D0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {B5ED4C51-D77E-411F-9057-9716B05F350B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {BA447E62-587D-4CC4-A9E8-14E16E606491} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {BB34DA21-F8A7-408F-9959-E72346208CA1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {BE3FB3AB-FB05-40F9-B0EB-969BCD4D0AC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {C2CF529C-1C26-4925-AA55-0CA52FF81662} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {C332125E-09C7-4F1F-BB43-4EA9D1EDDE47} - System32\Tasks\{5ADCC754-27FE-4158-9E52-A128ABC000BA} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\jessi\Pictures\MSagent.exe -d C:\Users\jessi\Pictures
Task: {C4CA78E7-81C3-4822-B625-758F024A947A} - System32\Tasks\MSFT_TaskSettings3\CaesarsSlots => Powershell.exe -NoProfile -WindowStyle Hidden -command cmd.exe /c if exist C:\Users\jessi\AppData\Local\Packages\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2 start explorer.exe shell:appsFolder\Playtika.CaesarsSlotsFreeCasino_7vjeg68vnncd2!App
Task: {C7325EA5-BEE3-425B-B0B5-A0955237F9CF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-28] (Microsoft Corporation)
Task: {C77C6121-1831-44B3-A6FE-4A0C3C884BD4} - System32\Tasks\ba107646107646 => C:\Program Files (x86)\Mispronouncing\pradeep.exe
Task: {D5A3F373-AC34-4BDD-A919-65536F89B7E1} - \Universal\Driver Updater\Start Driver Updater automatic scanning -> No File <==== ATTENTION
Task: {E320151E-30B1-456C-99F2-C1C930ED0CDD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {EF8A458B-1542-4D45-9740-0628CF068D09} - System32\Tasks\{CF564080-CCBB-4268-8D18-4CE64028EB33} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\jessi\Downloads\merlin.exe -d C:\Users\jessi\Downloads
Task: {F0276966-FEB5-4788-B3E7-7F014F9B886A} - System32\Tasks\HPCeeScheduleForjessi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {F160BF46-E49F-404A-959D-6682F4466B6D} - System32\Tasks\{125356F1-3358-467A-902E-DF03AD20FE9C} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\jessi\Pictures\robby.exe -d C:\Users\jessi\Pictures
Task: {FDD2681F-5E2F-4D26-A1D8-80D02223E9D9} - \Universal\Driver Updater\Start Driver Updater оn logon -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForjessi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI_ActiveScriptEventConsumer_ASEC: <==== ATTENTION
 
Shortcut: C:\Users\jessi\Desktop\Desktop Stuff\Играть в Dragon Knight.lnk -> C:\Users\jessi\Downloads\Играть в Dragon Knight.ico (No File) <==== Cyrillic
 
ShortcutWithArgument: C:\Users\jessi\Desktop\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktopbr.com/
ShortcutWithArgument: C:\Users\jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktopbr.com/
ShortcutWithArgument: C:\Users\jessi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktopbr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktopbr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.vudu.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktopbr.com/
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 07:42 - 2016-07-16 07:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-01-11 14:40 - 2017-01-11 14:40 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-28 02:26 - 2014-04-14 21:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-04-15 14:20 - 2016-12-28 13:03 - 008924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-01-11 14:40 - 2017-01-11 14:40 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-12 16:35 - 2016-12-21 03:09 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-12 16:35 - 2016-12-21 03:08 - 000693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-12 16:35 - 2016-12-21 02:54 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-12 16:34 - 2016-12-21 02:48 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-12 16:34 - 2016-12-21 02:48 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-12 16:34 - 2016-12-21 02:48 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-12 16:34 - 2016-12-21 02:48 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-12 16:35 - 2016-12-21 02:53 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-25 20:34 - 2015-06-25 20:34 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 20:37 - 2015-06-25 20:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 20:35 - 2015-06-25 20:35 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 20:38 - 2015-06-25 20:38 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 19:53 - 2015-06-25 19:53 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 19:51 - 2015-06-25 19:51 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-02-06 20:22 - 2017-02-06 20:25 - 000073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 20:22 - 2017-02-06 20:25 - 000179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-13 03:51 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\61576923.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\61576923.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2017-08-13 03:40 - 000000797 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115330787\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123021766\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331062\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123021950\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jessi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\Control Panel\Desktop\\Wallpaper -> C:\Users\jessi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\Control Panel\Desktop\\Wallpaper -> C:\Users\jessi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdaptiveSleepService => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
HKLM\...\StartupApproved\StartupFolder: => "PlutoTV.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run: => "Login"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKLM\...\StartupApproved\Run32: => "Adware Agent"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "${ISAPPNAME}"
HKLM\...\StartupApproved\Run32: => "PCAcceleratePro"
HKLM\...\StartupApproved\Run32: => "Talking Stocks"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\StartupFolder: => "clarifying.lnk"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "DPRWBX4HM6SPZ6G"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "G7MSYCQT8PT2TT0"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "NVBVOBPTQS33WQ5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "615ZAV4Z2JAOOBY"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "59GD6LEJ4XP5ZL5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "RKZD3FIIVU3B9H5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "MNI74V3BK5V3O0J"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "ZFJNLRXNXMIPC2E"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "LGQJA9JHBRWS315"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "DZKA2DGR1YH1694"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "7OBGBCNTKWXRQZR"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "YBK0XOD99I540PV"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "YRXUZIBN92WJ5AQ"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "QG0RGCY47QQQX4M"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "9KMAU55FVXAPN2Q"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "032432vaja1"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "lb2bv4wfma3"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "nq0xhnjiq0s"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "dvipcausbop"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "mw3pad0b1cs"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "3ogshley5hl"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "3wb1yivd3yt"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "qfqjxszry2g"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "dtyv34tceaj"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "4tzyp44ys4s"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "1emupcu4ovb"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "k2b3mntx4ke"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "KUB0LIZ37DU5XPM"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "W969QFLAHZGC2VA"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "zn4fj1qqyef"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "ycdvsrd14gt"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "ucclchgpob2"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "0qfi5gncdzs"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "1sp2m4rdwhb"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "3p3tpztwtm2"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "2yxox3drg4m"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "rih0l1adbmv"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "mwl0i0vcbvk"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "nq1m4ii5mce"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "ixhxyw5g03s"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "l1trx04rc2h"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "8RT2YMAYM6USGLT"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "flepdd"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "gunfights"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "xlzbbpqwumd"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "v42nhhzvm43"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "hbftnxwfdxm"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "QQLMEXOHLH70Y8Q"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "6WTHB65LQXPZNKQ"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "B73TF87NEZJ09QJ"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "ZRMLW6KJ32AFSEU"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "LKQ7ZFB57KRGTNJ"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "JR5LYTGKKSNVX8H"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "J571V100BB7PR9D"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "3ok2c52rk4s"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "rdg5esg12bv"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "na5nsca1odj"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "olc5npsn5q0"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "q0nd5m3w11o"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "ddigb2ppv2k"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "cuxiq3mcrjs"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "uozin0ou2we"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "2wpnuauk3rm"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "tfcfrikiilr"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "IOAP581HS0JJG14"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "GPIAX6YG5RNYW6O"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "9J0PDFWR1HW4FEW"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "MSKYPE34QBO0XY5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "UZICZL1XT2R4QSY"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "OGU8B6UVQ1LSW6M"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "NVVQXTBRIXHQW6X"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "OWBIVXYNZK.exe"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "vdtbpbsg1u5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "sb3a21b3pxm"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "knqx1w0d3ek"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "hntin0hzhlr"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "hiv2j5acj45"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "slbobxuuhpl"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "zxlqb4cmekk"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "rq4ckrk24lg"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "yq023a4kxbw"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "mhmyhr2urq0"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "cocng2ubgj3"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "kozrd5b1eh2"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "accor"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "5FZB9NWPU65698R"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "918N4OQCA9ZXF5R"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "58CKP7EYX3RT1H7"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "6DLBBTZCSUAS06O"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "0jzsbe1kf2y"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "bz5aj3fzt3f"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "x50nxs5kjlp"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "Software Informer"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "efdmer13ra4"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "fdpfme22454"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "btvp1yut0jl"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "udteo0m3ual"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "z1vdfiegjxw"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "gtm5rbo0mpi"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "JDL2NIED8SX4X20"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "3MTF6OUR0DRBASU"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "XQP77W860002VIR"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "V5BK97PH8J8UW5U"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "5IW2PH696YVCN55"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "108I5SCPNU7VOS3"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "FDNYMXCGTEWN4PA"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "PUN6KYJY3HHE5LE"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "N2JM0QV2C4084NW"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "ZFNO047PX82FID4"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "QCPKM6VCDF4OOZX"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "5666YZB4OO4XW8Z"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "DW7HK1TFZMP5KIX"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "AOIO1A0YUIK6EQE"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "3UJGJQORBX7PBIX"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "YBW3S7GPRKA28N7"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "18HJVLTHJG3XXHG"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "6Z7PX6I47RVWV8N"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "JF05PNXD22P516B"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001\...\StartupApproved\Run: => "FINGF9NZ9SK9EB0"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\StartupFolder: => "clarifying.lnk"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "DPRWBX4HM6SPZ6G"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "G7MSYCQT8PT2TT0"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "NVBVOBPTQS33WQ5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "615ZAV4Z2JAOOBY"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "59GD6LEJ4XP5ZL5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "RKZD3FIIVU3B9H5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "MNI74V3BK5V3O0J"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "ZFJNLRXNXMIPC2E"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "LGQJA9JHBRWS315"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "DZKA2DGR1YH1694"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "7OBGBCNTKWXRQZR"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "YBK0XOD99I540PV"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "YRXUZIBN92WJ5AQ"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "QG0RGCY47QQQX4M"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "9KMAU55FVXAPN2Q"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "032432vaja1"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "lb2bv4wfma3"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "nq0xhnjiq0s"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "dvipcausbop"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "mw3pad0b1cs"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "3ogshley5hl"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "3wb1yivd3yt"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "qfqjxszry2g"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "dtyv34tceaj"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "4tzyp44ys4s"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "1emupcu4ovb"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "k2b3mntx4ke"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "KUB0LIZ37DU5XPM"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "W969QFLAHZGC2VA"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "zn4fj1qqyef"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "ycdvsrd14gt"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "ucclchgpob2"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "0qfi5gncdzs"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "1sp2m4rdwhb"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "3p3tpztwtm2"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "2yxox3drg4m"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "rih0l1adbmv"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "mwl0i0vcbvk"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "nq1m4ii5mce"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "ixhxyw5g03s"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "l1trx04rc2h"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "8RT2YMAYM6USGLT"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "flepdd"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "gunfights"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "xlzbbpqwumd"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "v42nhhzvm43"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "hbftnxwfdxm"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "QQLMEXOHLH70Y8Q"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "6WTHB65LQXPZNKQ"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "B73TF87NEZJ09QJ"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "ZRMLW6KJ32AFSEU"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "LKQ7ZFB57KRGTNJ"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "JR5LYTGKKSNVX8H"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "J571V100BB7PR9D"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "3ok2c52rk4s"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "rdg5esg12bv"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "na5nsca1odj"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "olc5npsn5q0"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "q0nd5m3w11o"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "ddigb2ppv2k"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "cuxiq3mcrjs"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "uozin0ou2we"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "2wpnuauk3rm"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "tfcfrikiilr"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "IOAP581HS0JJG14"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "GPIAX6YG5RNYW6O"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "9J0PDFWR1HW4FEW"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "MSKYPE34QBO0XY5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "UZICZL1XT2R4QSY"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "OGU8B6UVQ1LSW6M"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "NVVQXTBRIXHQW6X"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "OWBIVXYNZK.exe"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "vdtbpbsg1u5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "sb3a21b3pxm"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "knqx1w0d3ek"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "hntin0hzhlr"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "hiv2j5acj45"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "slbobxuuhpl"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "zxlqb4cmekk"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "rq4ckrk24lg"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "yq023a4kxbw"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "mhmyhr2urq0"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "cocng2ubgj3"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "kozrd5b1eh2"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "accor"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "5FZB9NWPU65698R"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "918N4OQCA9ZXF5R"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "58CKP7EYX3RT1H7"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "6DLBBTZCSUAS06O"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "0jzsbe1kf2y"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "bz5aj3fzt3f"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "x50nxs5kjlp"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "Software Informer"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "efdmer13ra4"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "fdpfme22454"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "btvp1yut0jl"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "udteo0m3ual"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "z1vdfiegjxw"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "gtm5rbo0mpi"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "JDL2NIED8SX4X20"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "3MTF6OUR0DRBASU"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "XQP77W860002VIR"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "V5BK97PH8J8UW5U"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "5IW2PH696YVCN55"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "108I5SCPNU7VOS3"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "FDNYMXCGTEWN4PA"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "PUN6KYJY3HHE5LE"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "N2JM0QV2C4084NW"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "ZFNO047PX82FID4"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "QCPKM6VCDF4OOZX"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "5666YZB4OO4XW8Z"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "DW7HK1TFZMP5KIX"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "AOIO1A0YUIK6EQE"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "3UJGJQORBX7PBIX"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "YBW3S7GPRKA28N7"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "18HJVLTHJG3XXHG"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "6Z7PX6I47RVWV8N"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "JF05PNXD22P516B"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017115331446\...\StartupApproved\Run: => "FINGF9NZ9SK9EB0"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\StartupFolder: => "clarifying.lnk"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "DPRWBX4HM6SPZ6G"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "G7MSYCQT8PT2TT0"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "NVBVOBPTQS33WQ5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "615ZAV4Z2JAOOBY"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "59GD6LEJ4XP5ZL5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "RKZD3FIIVU3B9H5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "MNI74V3BK5V3O0J"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "ZFJNLRXNXMIPC2E"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "LGQJA9JHBRWS315"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "DZKA2DGR1YH1694"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "7OBGBCNTKWXRQZR"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "YBK0XOD99I540PV"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "YRXUZIBN92WJ5AQ"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "QG0RGCY47QQQX4M"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "9KMAU55FVXAPN2Q"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "032432vaja1"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "lb2bv4wfma3"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "nq0xhnjiq0s"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "dvipcausbop"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "mw3pad0b1cs"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "3ogshley5hl"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "3wb1yivd3yt"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "qfqjxszry2g"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "dtyv34tceaj"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "4tzyp44ys4s"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "1emupcu4ovb"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "k2b3mntx4ke"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "KUB0LIZ37DU5XPM"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "W969QFLAHZGC2VA"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "zn4fj1qqyef"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "ycdvsrd14gt"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "ucclchgpob2"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "0qfi5gncdzs"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "1sp2m4rdwhb"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "3p3tpztwtm2"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "2yxox3drg4m"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "rih0l1adbmv"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "mwl0i0vcbvk"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "nq1m4ii5mce"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "ixhxyw5g03s"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "l1trx04rc2h"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "8RT2YMAYM6USGLT"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "flepdd"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "gunfights"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "xlzbbpqwumd"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "v42nhhzvm43"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "hbftnxwfdxm"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "QQLMEXOHLH70Y8Q"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "6WTHB65LQXPZNKQ"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "B73TF87NEZJ09QJ"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "ZRMLW6KJ32AFSEU"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "LKQ7ZFB57KRGTNJ"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "JR5LYTGKKSNVX8H"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "J571V100BB7PR9D"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "3ok2c52rk4s"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "rdg5esg12bv"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "na5nsca1odj"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "olc5npsn5q0"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "q0nd5m3w11o"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "ddigb2ppv2k"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "cuxiq3mcrjs"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "uozin0ou2we"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "2wpnuauk3rm"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "tfcfrikiilr"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "IOAP581HS0JJG14"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "GPIAX6YG5RNYW6O"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "9J0PDFWR1HW4FEW"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "MSKYPE34QBO0XY5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "UZICZL1XT2R4QSY"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "OGU8B6UVQ1LSW6M"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "NVVQXTBRIXHQW6X"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "OWBIVXYNZK.exe"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "vdtbpbsg1u5"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "sb3a21b3pxm"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "knqx1w0d3ek"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "hntin0hzhlr"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "hiv2j5acj45"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "slbobxuuhpl"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "zxlqb4cmekk"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "rq4ckrk24lg"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "yq023a4kxbw"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "mhmyhr2urq0"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "cocng2ubgj3"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "kozrd5b1eh2"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "accor"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "5FZB9NWPU65698R"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "918N4OQCA9ZXF5R"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "58CKP7EYX3RT1H7"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "6DLBBTZCSUAS06O"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "0jzsbe1kf2y"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "bz5aj3fzt3f"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "x50nxs5kjlp"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "Software Informer"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "efdmer13ra4"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "fdpfme22454"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "btvp1yut0jl"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "udteo0m3ual"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "z1vdfiegjxw"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "gtm5rbo0mpi"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "JDL2NIED8SX4X20"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "3MTF6OUR0DRBASU"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "XQP77W860002VIR"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "V5BK97PH8J8UW5U"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "5IW2PH696YVCN55"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "108I5SCPNU7VOS3"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "FDNYMXCGTEWN4PA"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "PUN6KYJY3HHE5LE"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "N2JM0QV2C4084NW"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "ZFNO047PX82FID4"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "QCPKM6VCDF4OOZX"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "5666YZB4OO4XW8Z"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "DW7HK1TFZMP5KIX"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "AOIO1A0YUIK6EQE"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "3UJGJQORBX7PBIX"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "YBW3S7GPRKA28N7"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "18HJVLTHJG3XXHG"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "6Z7PX6I47RVWV8N"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "JF05PNXD22P516B"
HKU\S-1-5-21-3108641991-1499424543-81190280-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08132017123022179\...\StartupApproved\Run: => "FINGF9NZ9SK9EB0"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
13-08-2017 00:20:10 Removed Microsoft Monitoring Agent.
13-08-2017 02:34:54 Installed Adblock Plus for IE (32-bit and 64-bit)
13-08-2017 10:06:39 JRT Pre-Junkware Removal
13-08-2017 10:33:48 Removed Cisco EAP-FAST Module
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/13/2017 12:50:08 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2017/08/13 12:50:05 -0400 LAPTOP-EF4R8GB6 jessi MESSAGE Database already up-to-date
 
Error: (08/13/2017 12:50:03 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2017/08/13 12:50:00 -0400 LAPTOP-EF4R8GB6 jessi MESSAGE Executing scheduled update:  Realtime
 
Error: (08/13/2017 12:49:08 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2017/08/13 12:49:05 -0400 LAPTOP-EF4R8GB6 jessi MESSAGE Database already up-to-date
 
Error: (08/13/2017 12:49:03 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2017/08/13 12:49:00 -0400 LAPTOP-EF4R8GB6 jessi MESSAGE Executing scheduled update:  Realtime
 
Error: (08/13/2017 12:48:08 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2017/08/13 12:48:05 -0400 LAPTOP-EF4R8GB6 jessi MESSAGE Database already up-to-date
 
Error: (08/13/2017 12:48:03 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2017/08/13 12:48:00 -0400 LAPTOP-EF4R8GB6 jessi MESSAGE Executing scheduled update:  Realtime
 
Error: (08/13/2017 12:47:08 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2017/08/13 12:47:05 -0400 LAPTOP-EF4R8GB6 jessi MESSAGE Database already up-to-date
 
Error: (08/13/2017 12:47:03 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2017/08/13 12:47:00 -0400 LAPTOP-EF4R8GB6 jessi MESSAGE Executing scheduled update:  Realtime
 
Error: (08/13/2017 12:46:08 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2017/08/13 12:46:05 -0400 LAPTOP-EF4R8GB6 jessi MESSAGE Database already up-to-date
 
Error: (08/13/2017 12:46:03 PM) (Source: MBAMService) (EventID: 1) (User: )
Description: MBAMService2017/08/13 12:46:00 -0400 LAPTOP-EF4R8GB6 jessi MESSAGE Executing scheduled update:  Realtime
 
 
System errors:
=============
Error: (08/13/2017 11:57:23 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-EF4R8GB6)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.
 
Error: (08/13/2017 11:55:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (08/13/2017 11:55:23 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-EF4R8GB6)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.
 
Error: (08/13/2017 11:53:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (08/13/2017 11:07:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/13/2017 10:23:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
Error: (08/13/2017 10:20:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/13/2017 10:19:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The tbaseprovisioning service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/13/2017 10:17:10 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.
 
Error: (08/13/2017 10:16:05 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
 
CodeIntegrity:
===================================
  Date: 2017-05-22 20:41:49.458
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-7110 APU with AMD Radeon R2 Graphics 
Percentage of memory in use: 53%
Total physical RAM: 3529.01 MB
Available physical RAM: 1637.89 MB
Total Virtual: 7529.01 MB
Available Virtual: 5100.11 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:446.16 GB) (Free:359.96 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.37 GB) (Free:2.12 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:3.73 GB) (Free:0.67 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4541579E)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:20 AM

Posted 15 August 2017 - 09:32 AM

Hello NXS!
 
Let's get started with the removal.
 
 
Online Gaming Warning!
 
Online gaming sites are a security risk which can make your computer susceptible to a large number of malware infections, remote attacks, exposure of personal information, and identity theft. They can lead to other sites containing malware which you can inadvertently download without knowledge. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.
 
More specifically, I noticed you had WildTangent on your computer.
WildTangent Program Warning
 
Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from
For that reason I would suggest you uninstalled it via add/remove.
 
Reboot after the uninstallation.<- Important.
 
 

Download attached fixlist.txt file and save it to the Desktop.
 
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
 

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareCleaner, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
 
 
I see that there are few programs on your system. Are you aware about them?
 
1. Movavi Video Editor 12
2. NewFreeScreensavers
3. BonziBuddy432
4. Screensavers
 
 
 
Let me know how it goes!
 
Have a nice day!
 
-Pranav

Attached Files


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#5 NXS

NXS
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 15 August 2017 - 10:01 AM

Pranav,

 

I didn't know I had those programs you listed on my system; they are not showing up under add/remove programs (the 1. Movavi Video Editor 12, NewFreeScreensavers, BonziBuddy432 or Screensavers)  I uninstalled Wild Tangent and I'm now getting ready to run the fixlist txt file you provided in FRST.  I will get back to you ASAP!



#6 NXS

NXS
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 15 August 2017 - 11:01 AM

Also, how long will it take that fixlist.txt file to complete?  I've been running it for an hour now and the green bar is still showing movement, but there's been no completion, log file pop up, or any restarts. 



#7 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:20 AM

Posted 15 August 2017 - 11:45 AM

Pranav,

 

I didn't know I had those programs you listed on my system; they are not showing up under add/remove programs (the 1. Movavi Video Editor 12, NewFreeScreensavers, BonziBuddy432 or Screensavers)  I uninstalled Wild Tangent and I'm now getting ready to run the fixlist txt file you provided in FRST.  I will get back to you ASAP!

Okay. Thanks for letting me know.

 

Also, how long will it take that fixlist.txt file to complete?  I've been running it for an hour now and the green bar is still showing movement, but there's been no completion, log file pop up, or any restarts. 

I have attached a new fixlist with this post. Could you please try closing force closing FRST once and then trying to run it again with this new fixlist? Please delete the older one though.

 

 

-Pranav

Attached Files


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#8 NXS

NXS
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 15 August 2017 - 12:40 PM

Running FRST with the new fixlist.txt you provided.  It created the restore point like before, and is again saying "Fixing is in progress, please wait..."  It's been going for about 15 minutes now... So, for now, I suppose I'm playing the waiting game :) 



#9 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:20 AM

Posted 15 August 2017 - 12:55 PM

Running FRST with the new fixlist.txt you provided.  It created the restore point like before, and is again saying "Fixing is in progress, please wait..."  It's been going for about 15 minutes now... So, for now, I suppose I'm playing the waiting game :)

Hmm. Seems like some of the commands are blocking or taking quite a lot of time. I have modified the fixlist to be shorter and removed some commands which could take a lot of time. Could you please try it with the latest fixlist which I have attached?

 

 

Also, could you please run AdwCleaner and post back the results?

 

 

-Pranav

Attached Files


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#10 NXS

NXS
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 15 August 2017 - 01:08 PM

Pranav,

 

Just downloaded the lastest fixlist.txt and I'm running it again.  It completed the restore point and now once again says "Fixing is in progress, please wait..."

Realistically, how long should the fix take?  Also, I do not have any antivirus software enabled, as I figured those would interfere... so I disabled those before running it the first time. 

Should I uncheck the boxes that are checked on FRST since I'm just doing a cleaning?  



#11 NXS

NXS
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 15 August 2017 - 01:42 PM

Pranav,

 

I am sorry to be posting yet again, but the FRST still says "Fixing in progress, please wait..."  Am I doing something wrong?  Would I be better suited to just back up my personal files and do a factory reset?  I hate to keep posting and asking questions, but time is of the essence with this particular laptop.  



#12 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:20 AM

Posted 15 August 2017 - 03:00 PM

 

Pranav,

 

Just downloaded the lastest fixlist.txt and I'm running it again.  It completed the restore point and now once again says "Fixing is in progress, please wait..."

Realistically, how long should the fix take?  Also, I do not have any antivirus software enabled, as I figured those would interfere... so I disabled those before running it the first time. 

Should I uncheck the boxes that are checked on FRST since I'm just doing a cleaning?  

 

Unchecking the boxes is not required. FRST creates a Fixlog.txt in the same folder from where you run FRST.exe . Could you please do me a favor and post the contents of that file with your next post? I have asked the developer and he would like to see it in order to determine the problem in this case.

 

Pranav,

 

I am sorry to be posting yet again, but the FRST still says "Fixing in progress, please wait..."  Am I doing something wrong?  Would I be better suited to just back up my personal files and do a factory reset?  I hate to keep posting and asking questions, but time is of the essence with this particular laptop.  

No worries. Let's proceed ahead and clean the machine.

 

 

 

In this part, we will download and install Zemana Antimalware.

  1. Please download Zemana Antimalware from this link.
  2. Once downloaded, close all programs and open windows on your computer.
  3. Now double-click on the icon on your desktop named Zemana.AntiMalware.Setup.exe. This will start the installation of Zemana AntiMalware onto your computer.
  4. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, Zemana will automatically start and display the main screen.
  5. Press the Scan button to start the malware removal scan.
  6. Zemana AntiMalware will now start scanning your computer for malware, adware, and potentially unwanted programs. This process can take quite a while, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
  7. When Zemana has finished finished scanning it will display a screen that displays any programs that have been detected.
  8. When the process is complete, you will be shown a screen that says Completed.
  9. Now, go to Home screen of Zemana and click on the Reports button (Last icon to right of Settings icon at top right). Now, select the latest scan and click on Open Report.
  10. Copy paste the entire contents of the report with your next post.
 
 
96jfrSi.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
 
So with your next reply, I would like to see -
  1. Partial Fixlog.txt generated by FRST
  2. Zemana Scan log
  3. JRT.txt
 
Let me know how it goes and have a nice day!

 

 

-Pranav


Edited by blueelvis, 15 August 2017 - 03:01 PM.
It's always the formatting :(

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#13 NXS

NXS
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 15 August 2017 - 09:11 PM

Pranav,

 

Thanks so much for your help and your time, but after waiting for 2 hours with no results on the FRST fix attempt, I decided to just do a factory restore and put the personal data I backed up back on it.  No more issues, antivirus, malware protection, CCleaner have been installed updated and tests all carried out and things are working splendidly.  I would have gladly opted to try your last reply, but the laptop has to be returned by tomorrow morning before 8:00am, and I didn't want to let my niece down.  Again, I do appreciate all of your help, though, sincerely.  

With that said--and unless something catastrophic happens in the finishing touches stage I'm now in--I guess you can close the thread.  If something does come up that I can't resolve, I'll start a new thread or attempt to shoot you a PM. 

Thanks!



#14 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:20 AM

Posted 16 August 2017 - 01:01 AM

Pranav,

 

Thanks so much for your help and your time, but after waiting for 2 hours with no results on the FRST fix attempt, I decided to just do a factory restore and put the personal data I backed up back on it.  No more issues, antivirus, malware protection, CCleaner have been installed updated and tests all carried out and things are working splendidly.  I would have gladly opted to try your last reply, but the laptop has to be returned by tomorrow morning before 8:00am, and I didn't want to let my niece down.  Again, I do appreciate all of your help, though, sincerely.  

With that said--and unless something catastrophic happens in the finishing touches stage I'm now in--I guess you can close the thread.  If something does come up that I can't resolve, I'll start a new thread or attempt to shoot you a PM. 

Thanks!

Oh okay.

 

No worries. Thanks for letting us know.

 

 

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

 

 

Have a nice day!

 

-Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users