Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NewFolder.exe virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 virusstopper

virusstopper

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 27 August 2017 - 11:05 AM

Hi all, not sure where it came from and have now infected all my Pc's and laptops by using the infected USB memory stick.I have tried the various "you tube" recommendations with out any success.What basically happens is if you copy a file to the USB it duplicates the original file name and adds a .exe extension to it, always the same size of 1.58M and has a folder icon .Please advise me on if it can be removed and how and also if there is a way to remove all these virus produced files, thanks, regards.



BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:33 PM

Posted 28 August 2017 - 04:31 PM

I'm Bezukhov and I'd like to help you with your problem. First some ground rules:
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 to 48 hours. I will try to do likewise. In the interest of full disclosure I am still a student, and therefore anything I propose must be cleared with an instructor, which may sometimes delay my responses. The upside to this is you'll have two heads looking into your problem.
  • If you have any pirated software on your system I must ask that you remove them. No need for you to tell me if you do. Many times such programs are the source of many an infection, which makes cleaning a sick computer just that more difficult. And it's also against BleepingComputer's rules.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear" from me.
I need more information.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
To err is Human. To blame it on someone else is even more Human.

#3 virusstopper

virusstopper
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 29 August 2017 - 04:09 AM

Hi Bezukhov, thanks for reply ,please find copied and pasted logs you required,thanks,regards
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
Ran by chris new (administrator) on VERNON (29-08-2017 10:56:15)
Running from C:\Users\chris new\Desktop
Loaded Profiles: chris new (Available Profiles: chris new & UpdatusUser & Guest)
Platform: Microsoft Windows 7 Home Basic  (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Digital Wave Ltd.) C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe
(SPEEDbit) C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\USBScan\USBScan.exe
(SPEEDbit) C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Attensity GmbH) C:\Program Files\Bosch\ESItronic\Esi2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3487032 2017-08-22] (Dropbox, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [USBScan.exe] => C:\Program Files\USBScan\USBScan.exe [1971712 2013-07-14] ()
Winlogon\Notify\WgaLogon: 
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\...\Run: [RSRWin.exe] => C:\Windows\RSRWin.exe
HKU\S-1-5-20\...\Run: [RSRWin.exe] => C:\Windows\RSRWin.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\Run: [SpeedBitVideoAccelerator] => C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe [1517224 2017-05-11] (SPEEDbit)
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6844320 2017-08-17] (SUPERAntiSpyware)
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: I - I:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {02b71e0c-c46d-11e1-8fe1-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {07dade77-ab14-11e2-bc47-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {100c32a3-fc9d-11df-bceb-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {13c6aa0b-642e-11e5-a5e4-858d420d0180} - M:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {1a51b25e-69eb-11e2-b15f-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {1a51b33e-69eb-11e2-b15f-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {1a51b362-69eb-11e2-b15f-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {226ffa93-19e3-11e1-bcf3-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {226ffa98-19e3-11e1-bcf3-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {22728d96-f2e7-11df-9048-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {25cfc85a-c711-11e0-b341-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {31143a76-9494-11e2-949d-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {31143d01-9494-11e2-949d-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {31143eae-9494-11e2-949d-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {31143ed4-9494-11e2-949d-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {4c58d77a-5a59-11e2-a3f7-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {5953010c-b6d5-11e0-8b09-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {59f9aa60-5d61-11e0-9f5f-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {65f526c6-bb9e-11e2-b168-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {675f3d6d-7041-11e2-bf2e-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {685b1721-5a5b-11e2-a3c0-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {6b57663f-24f9-11e1-9552-4487fce19b80} - F:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {6ff49122-e0fd-11e4-9d8c-b77befeddbd8} - K:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {73138cee-54f2-11e2-94cd-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {808c6de0-b19e-11e2-8594-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {835ead8a-1f42-11e7-803c-c8572b1ae0ad} - M:\HiSuiteDownLoader.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {87d6559e-6b70-11e2-bb26-4487fce19b80} - F:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {90875bd8-b164-11e2-94c7-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {93dc2b15-62e4-11e0-b312-4487fce19b80} - F:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {93fbde7e-a5cd-11e2-ad1b-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {93fbde99-a5cd-11e2-ad1b-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {96b5d39e-c4c7-11e1-8bc1-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {96b65769-9f8c-11e3-94d4-4487fce19b80} - I:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {96b6576f-9f8c-11e3-94d4-4487fce19b80} - I:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {9aebea4f-5aed-11e0-89c9-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {9aebea5e-5aed-11e0-89c9-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {9aebea63-5aed-11e0-89c9-4487fce19b80} - F:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {9d71382f-7418-11e2-a689-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {9d713998-7418-11e2-a689-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {a14e5319-71af-11e2-938e-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {a3537872-ac14-11e2-9f48-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {b0925ef8-4dfc-11e2-bbcc-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {b0925f17-4dfc-11e2-bbcc-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {bb0a2255-b993-11e4-a207-8b4b6dc88d60} - K:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {bcfbcc9c-9ef5-11e4-884a-f47853978062} - K:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {cc4a3bc4-58bd-11e2-bc6f-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {cc4a3bd6-58bd-11e2-bc6f-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {dfb16729-bbf0-11e4-b955-f64ee9040adb} - K:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {e08d6381-5a86-11e2-9499-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {e08d6392-5a86-11e2-9499-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {e1ad0a41-5af7-11e2-94c2-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {e1ad0db6-5af7-11e2-94c2-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {e1ad0db8-5af7-11e2-94c2-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {eb876fc1-52a4-11e2-8509-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {edb487c4-e829-11e4-835d-bdee51160bb3} - K:\.\StartModem.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {f45ccd17-4ab3-11e2-a36f-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {f45ccd20-4ab3-11e2-a36f-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {f45ccd59-4ab3-11e2-a36f-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\MountPoints2: {f6342c04-62e2-11e0-aeda-4487fce19b80} - E:\AutoRun.exe
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2614784 2011-02-26] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\BOSCHE~1.SCR [3561111 2010-04-08] ()
HKU\S-1-5-18\...\Run: [RSRWin.exe] => C:\Windows\RSRWin.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\BOSCHE~1.SCR [3561111 2010-04-08] ()
Lsa: [Authentication Packages] msv1_0 relog_ap
AlternateShell: 
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-191417907-4213490365-3347722966-1002\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ATTENTION: There are more than 99 Catalog9 entries. Turn off the whitelisting to see all the entries. You may check Device Manager for presence of unusual amount of "Microsoft 6to4 Adapter" devices.
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320 2017-05-11] (SPEEDbit)
Winsock: Catalog9 02 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320 2017-05-11] (SPEEDbit)
Winsock: Catalog9 03 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320 2017-05-11] (SPEEDbit)
Winsock: Catalog9 04 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320 2017-05-11] (SPEEDbit)
Winsock: Catalog9 05 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320 2017-05-11] (SPEEDbit)
Winsock: Catalog9 06 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320 2017-05-11] (SPEEDbit)
Winsock: Catalog9 07 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320 2017-05-11] (SPEEDbit)
Winsock: Catalog9 08 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320 2017-05-11] (SPEEDbit)
Winsock: Catalog9 000000000179 C:\Program Files\SpeedBit Video Accelerator\sblsp.dll [177320 2017-05-11] (SPEEDbit)
Hosts: 127.0.0.1 mpa.one.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0D3E2949-5182-46D4-9FC3-5A889452624C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3CC5B6A7-15BD-4A57-BB7C-5CD45E7417B6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{46A994ED-EF44-411E-9A68-C2CE330AA35D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5100FD39-8314-46A4-85AA-2A43B6CFA9DE}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6F39D2EF-2AEE-4BFC-8B6E-23BEBA16D1C4}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6F39D2EF-2AEE-4BFC-8B6E-23BEBA16D1C4}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{7A2958E7-73CB-4E5E-9AF1-B92D30AFB9EF}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{A0BA9EE9-8280-4F09-9DE6-B9D77EE04E0C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B58D80C7-C8FE-405F-98E5-CDFDECEE0655}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{BCDFB0EF-2884-491B-A45C-C3889AA0DFD6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{E0928034-564C-41A4-AA59-A6B7BFAC418F}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{F2CD451F-61EF-4CFD-A72D-799DCD1CCE16}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-za/?ocid=iehp
SearchScopes: HKU\S-1-5-21-191417907-4213490365-3347722966-1002 -> DefaultScope {D5793F71-B88B-4CD8-AB19-FFDC1D48688C} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-191417907-4213490365-3347722966-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-191417907-4213490365-3347722966-1002 -> {D5793F71-B88B-4CD8-AB19-FFDC1D48688C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-16] (McAfee, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-30] (Oracle Corporation)
BHO: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-10] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-30] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-10] (Google Inc.)
Toolbar: HKU\S-1-5-21-191417907-4213490365-3347722966-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-10] (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.1.0.10
FF Extension: (AVG Security Toolbar) - C:\ProgramData\AVG Secure Search\FireFoxExt\14.1.0.10 [2013-02-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-28] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\\npsitesafety.dll [No File]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2008-11-17] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-30] (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [2014-01-16] (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-29] (NVIDIA Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-191417907-4213490365-3347722966-1002: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-10-26] (Ubisoft)
 
Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData2
CHR HomePage: ChromeDefaultData2 -> hxxp://www.google/
CHR StartupUrls: ChromeDefaultData2 -> "hxxp://www.initialpage123.com/?z=042277b8169794f422ab79fg7z6teoezdzfedc1caz&from=amz&uid=ST3500418AS_9VMNVDXGXXXX9VMNVDXG&type=hp"
CHR Profile: C:\Users\chris new\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-08-29] <==== ATTENTION
CHR Extension: (Magic Actions for YouTube™) - C:\Users\chris new\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-08-24]
CHR Extension: (Chrome Cleaner Pro) - C:\Users\chris new\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2017-08-21]
CHR Extension: (Сookies Control) - C:\Users\chris new\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp [2017-07-10]
CHR Extension: (Flash Player +) - C:\Users\chris new\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\fanagokoaogopceablgmpndejhedkjjb [2017-08-02]
CHR Extension: (Grammarly for Chrome) - C:\Users\chris new\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-08-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chris new\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\chris new\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-27]
CHR Profile: C:\Users\chris new\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-28]
CHR HKLM\...\Chrome\Extension: [heieflhpkchcojjodgnmfhfpkddlncan] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [ilckobikkmajlmhhdenkhonjkoaneclk] - C:\Program Files\WinZip Courier\wzwmcgc.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
S4 AcrSch2Svc; C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe [410904 2007-08-08] (Acronis)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-27] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2017-08-22] (Dropbox, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-06-30] (Digital Wave Ltd.)
S4 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S4 gusvc; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-31] (Google) [File not signed]
S4 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
S4 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [1013032 2009-07-29] (Nero AG) [File not signed]
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2014-04-05] ()
S4 RegServ; C:\Windows\srntservice.exe [69632 2014-05-05] () [File not signed]
S4 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [349584 2009-04-15] () [File not signed]
S4 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia) [File not signed]
S4 SuperProServer; C:\Windows\system32\spnsrvnt.exe [126976 2001-10-22] (Rainbow Technologies) [File not signed]
S4 ufad-ws60; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [186928 2007-11-30] (VMware, Inc.) [File not signed]
S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [118784 2005-01-31] (Ulead Systems, Inc.) [File not signed]
R2 VideoAcceleratorService; C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe [298152 2017-05-11] (SPEEDbit)
S4 VMAuthdService; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [182832 2008-03-03] (VMware, Inc.) [File not signed]
S4 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2013-09-05] (Vodafone) [File not signed]
S4 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [121392 2008-03-03] (VMware, Inc.)
S4 vmount2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [338736 2007-03-23] (VMware, Inc.) [File not signed]
S4 VMware NAT Service; C:\Windows\system32\vmnat.exe [150064 2008-03-03] (VMware, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 IDriverT; no ImagePath
S3 Roxio UPnP Renderer 9; no ImagePath
S2 Roxio Upnp Server 9; no ImagePath
S2 RoxLiveShare9; no ImagePath
S3 RoxMediaDB9; no ImagePath
S2 RoxWatch9; no ImagePath
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-02-14] (AVG Technologies)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2012-09-03] (Windows ® Win 7 DDK provider)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 DirectNT; C:\Windows\system32\Drivers\DirectNT.sys [3424 1996-12-05] (c't) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2014-04-07] (DT Soft Ltd)
R2 eprdrv; C:\Windows\System32\drivers\eprdrv.SYS [11456 2004-06-07] (EVC electronic GmbH) [File not signed]
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [96464 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [74864 2016-10-04] ()
R2 hcmon; C:\Windows\system32\Drivers\hcmon.sys [34864 2008-03-03] (VMware, Inc.)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2011-02-25] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [64384 2011-01-30] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-01-30] (Huawei Technologies Co., Ltd.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
R2 LTKP1; C:\Windows\System32\drivers\LTKP1.SYS [32668 2003-05-09] (Advantech Equipment Corp.) [File not signed]
R2 LTKP2; C:\Windows\System32\drivers\LTKP2.SYS [32668 2003-05-09] (Advantech Equipment Corp.) [File not signed]
R2 LTKP3; C:\Windows\System32\drivers\LTKP3.SYS [32668 2003-05-09] (Advantech Equipment Corp.) [File not signed]
R2 LTKPB1; C:\Windows\System32\drivers\LTKPB1.SYS [24832 2005-07-01] (Advantech Equipment Corp.) [File not signed]
R2 LTKPB2; C:\Windows\System32\drivers\LTKPB2.SYS [24832 2005-07-01] (Advantech Equipment Corp.) [File not signed]
R2 LTKPB3; C:\Windows\System32\drivers\LTKPB3.SYS [24832 2005-07-01] (Advantech Equipment Corp.) [File not signed]
R2 LTKPE1; C:\Windows\System32\drivers\LTKPE1.SYS [25232 2005-06-24] (Advantech Equipment Corp.) [File not signed]
R2 LTKPE2; C:\Windows\System32\drivers\LTKPE2.SYS [25232 2005-06-24] (Advantech Equipment Corp.) [File not signed]
R2 LTKPE3; C:\Windows\System32\drivers\LTKPE3.SYS [25232 2005-06-24] (Advantech Equipment Corp.) [File not signed]
S3 MapObdII; C:\Windows\System32\Drivers\MapObdII.sys [25596 2003-10-28] (FTDI Ltd.) [File not signed]
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221600 2017-08-29] (Malwarebytes)
S3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-14] (Microsoft Corporation)
S3 MiniProWdf; C:\Windows\System32\DRIVERS\MiniProWdf.sys [6656 2010-04-12] (hxxp://www.autoelectric.cn) [File not signed]
S3 mtkmbim; C:\Windows\System32\DRIVERS\mtkmbim7.sys [172544 2012-12-13] (MediaTek Inc.)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial.sys [26496 2007-01-18] (Research in Motion Ltd) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [73216 2001-04-06] () [File not signed]
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [16128 2014-04-11] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [67968 2014-04-11] (Silicon Laboratories)
R2 simdrv; C:\Windows\System32\drivers\simdrv.SYS [9420 2004-06-07] (EVC electronic GmbH) [File not signed]
S3 slusb; C:\Windows\System32\Drivers\slusb.sys [12032 2012-05-21] (Beijing Senselock Corp.)
S3 Sntnlusb; C:\Windows\System32\Drivers\SNTNLUSB.SYS [20288 2001-04-06] (Rainbow Technologies Inc.) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [32768 2014-02-27] (Acronis) [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1047552 2009-05-08] (VIA Technologies, Inc.)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [20912 2008-03-03] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16816 2008-03-03] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [28592 2008-03-03] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25136 2008-03-03] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [15920 2008-03-03] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [925104 2008-03-03] (VMware, Inc.)
R3 vodafone_K3805-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [61952 2010-09-01] (Vodafone)
S3 vodafone_zte_cdc_acm; C:\Windows\System32\DRIVERS\vodafone_zte_cdc_acm.sys [67968 2011-05-20] (Vodafone)
S3 vodafone_zte_cdc_ecm; C:\Windows\System32\DRIVERS\vodafone_zte_cdc_ecm.sys [52224 2011-05-20] (Vodafone)
S3 vodafone_zte_cpo; C:\Windows\System32\DRIVERS\vodafone_zte_cpo.sys [9984 2011-05-20] (Vodafone)
S3 vodafone_zte_ecm_enum; C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum.sys [47488 2011-05-20] (Vodafone)
S3 vodafone_zte_ecm_enum_filter; C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum_filter.sys [47488 2011-05-20] (Vodafone)
R2 vstor2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [18480 2007-03-23] (VMware, Inc.)
R2 vstor2-ws60; C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [19248 2007-11-30] (VMware, Inc.)
S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [68480 2013-11-19] (MediaTek Inc.)
R2 WinDriver; C:\Windows\System32\drivers\WINDRVR.SYS [205220 2002-08-04] (Jungo) [File not signed]
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [195168 2009-05-15] (Jungo) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-29 10:56 - 2017-08-29 10:57 - 000032984 _____ C:\Users\chris new\Desktop\FRST.txt
2017-08-29 10:56 - 2017-08-29 10:56 - 000000000 ____D C:\FRST
2017-08-29 10:55 - 2017-08-29 10:55 - 001792512 _____ (Farbar) C:\Users\chris new\Desktop\FRST.exe
2017-08-28 12:05 - 2017-08-28 12:07 - 000000000 ____D C:\Users\chris new\Desktop\reason desktop
2017-08-28 11:58 - 2017-08-28 11:59 - 000000000 ____D C:\Users\chris new\Desktop\mush
2017-08-27 18:47 - 2017-08-27 18:47 - 000000000 ____D C:\ProgramData\Panda Security
2017-08-27 18:36 - 2017-08-27 18:51 - 000000000 ____D C:\Program Files\Panda USB Vaccine
2017-08-27 18:36 - 2017-08-27 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2017-08-27 16:20 - 2017-08-29 08:20 - 000000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a2110452-8b30-4f27-8819-dae96a55c215.job
2017-08-27 16:20 - 2017-08-27 18:48 - 000000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task dd92aa93-5717-4ae2-8f34-623d138f8a22.job
2017-08-27 16:20 - 2017-08-27 16:20 - 000000000 ____D C:\Users\chris new\AppData\Roaming\SUPERAntiSpyware.com
2017-08-27 16:20 - 2017-08-27 16:20 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-08-27 16:20 - 2017-08-27 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-08-27 16:20 - 2017-08-27 16:20 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-08-27 15:11 - 2017-08-27 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USBScan
2017-08-27 15:11 - 2017-08-27 15:11 - 000000000 ____D C:\Program Files\USBScan
2017-08-26 08:47 - 2017-08-26 08:47 - 000002085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2017-08-26 08:47 - 2017-08-26 08:47 - 000000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2017-08-24 07:03 - 2017-08-24 07:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-22 18:55 - 2017-08-22 18:55 - 000043336 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-08-22 18:55 - 2017-08-22 18:55 - 000035432 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-08-22 18:55 - 2017-08-22 18:55 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-08-22 18:55 - 2017-08-22 18:55 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-08-08 13:28 - 2017-08-08 13:28 - 000008908 _____ C:\Users\chris new\AppData\LocalLow\wbkC3EF.tmp
2017-08-02 20:54 - 2017-08-02 20:54 - 000000240 _____ C:\Users\chris new\AppData\LocalLow\wbk738C.tmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-29 10:46 - 2017-05-27 11:41 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-08-29 10:39 - 2009-07-14 06:34 - 000021728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-29 10:39 - 2009-07-14 06:34 - 000021728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-29 10:36 - 2014-04-13 11:14 - 000000836 _____ C:\Windows\ESIDATA.ini
2017-08-29 10:30 - 2017-07-26 14:52 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-29 10:29 - 2017-05-27 11:41 - 000000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-08-29 10:28 - 2012-12-20 16:57 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2017-08-29 10:28 - 2010-11-10 13:05 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-29 10:28 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-29 10:03 - 2014-03-12 16:41 - 000000068 _____ C:\Windows\iltwain.ini
2017-08-29 10:03 - 2014-03-05 07:58 - 000000501 _____ C:\ProgramData\Sls.ini
2017-08-29 10:03 - 2014-03-05 07:58 - 000000086 _____ C:\Windows\system32\ToleSec.ini
2017-08-29 09:59 - 2014-06-06 13:15 - 000000000 ____D C:\ADCDA2
2017-08-29 04:46 - 2011-08-18 07:06 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 12:08 - 2015-05-04 06:25 - 000000000 ____D C:\Users\chris new\Desktop\pc software
2017-08-28 12:08 - 2014-05-30 17:41 - 000000000 ____D C:\Users\chris new\Desktop\CAR SOFTWARE
2017-08-28 12:07 - 2015-05-04 06:31 - 000000000 ____D C:\Users\chris new\Desktop\misc docs and pdf
2017-08-28 10:42 - 2016-01-17 14:20 - 000000000 ____D C:\Windows\system32\3CE4EE
2017-08-28 10:12 - 2014-08-27 08:53 - 000000000 ____D C:\Program Files\OtoCheck
2017-08-27 18:47 - 2009-07-14 06:53 - 000032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-27 17:11 - 2011-06-19 09:05 - 137505280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-27 16:21 - 2011-01-21 09:23 - 000000000 ____D C:\Users\chris new
2017-08-27 15:55 - 2010-11-14 14:39 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-27 14:51 - 2010-11-10 12:46 - 000006588 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-26 08:24 - 2014-04-20 09:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
2017-08-25 13:37 - 2014-04-20 09:32 - 000000000 ____D C:\Users\chris new\AppData\Roaming\Propellerhead Software
2017-08-25 13:36 - 2017-05-26 08:21 - 000000000 ____D C:\Program Files\Propellerhead
2017-08-24 17:42 - 2010-11-12 16:36 - 000000000 ____D C:\Users\User\Documents\backs usb
2017-08-24 17:41 - 2010-12-22 18:57 - 000000000 ____D C:\Users\User\Documents\Magz
2017-08-24 16:22 - 2011-01-16 15:12 - 000000000 ____D C:\Movies
2017-08-24 07:03 - 2017-05-27 11:41 - 000000000 ____D C:\Program Files\Dropbox
2017-08-21 12:47 - 2017-07-26 14:52 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-21 12:38 - 2017-07-26 14:52 - 000085400 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-08-21 12:38 - 2017-07-26 14:52 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-07 18:53 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\NDF
2017-07-31 17:02 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\tracing
 
==================== Files in the root of some directories =======
 
2014-08-25 16:25 - 2014-08-25 16:25 - 000000000 _____ () C:\Users\chris new\AppData\Roaming\944.exe
2014-08-17 11:01 - 2014-08-17 11:01 - 000000278 _____ () C:\Users\chris new\AppData\Roaming\98EA.exe
2014-08-17 09:53 - 2014-08-17 09:53 - 000000278 _____ () C:\Users\chris new\AppData\Roaming\A3CE.exe
2014-08-17 09:53 - 2014-08-17 09:53 - 000000278 _____ () C:\Users\chris new\AppData\Roaming\AE4A.exe
2014-08-28 09:40 - 2014-08-28 09:40 - 000000000 _____ () C:\Users\chris new\AppData\Roaming\BBE1.exe
2015-04-05 07:52 - 2015-04-11 19:33 - 000000253 _____ () C:\Users\chris new\AppData\Roaming\default.rss
2014-08-28 09:42 - 2014-08-28 09:42 - 000000000 _____ () C:\Users\chris new\AppData\Roaming\EC2.exe
2015-06-23 08:51 - 2017-04-17 18:53 - 000000115 _____ () C:\Users\chris new\AppData\Roaming\LogFile.txt
2014-02-28 17:07 - 2014-04-05 12:43 - 000138056 _____ () C:\Users\chris new\AppData\Roaming\PnkBstrK.sys
2014-03-01 09:43 - 2014-08-15 18:29 - 000007605 _____ () C:\Users\chris new\AppData\Local\resmon.resmoncfg
2017-04-17 19:54 - 2017-04-17 19:54 - 000004256 _____ () C:\Users\chris new\AppData\Local\SymbolViewLayout.xml
2014-03-14 13:45 - 2014-03-14 13:45 - 000000057 _____ () C:\ProgramData\Ament.ini
2015-10-21 13:19 - 2015-10-21 13:19 - 000004159 _____ () C:\ProgramData\cjrvpdhv.bxn
2014-04-30 14:59 - 2014-04-30 14:59 - 000004140 _____ () C:\ProgramData\hulbxxgy.kfg
2014-03-05 07:58 - 2017-08-29 10:03 - 000000501 _____ () C:\ProgramData\Sls.ini
2017-06-07 14:37 - 2017-06-07 14:37 - 000001534 _____ () C:\ProgramData\ss.ini
2017-07-17 11:39 - 2017-07-17 11:39 - 000000197 _____ () C:\ProgramData\VC_Inst_Ver.txt
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-21 20:47
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-08-2017
Ran by chris new (29-08-2017 10:58:56)
Running from C:\Users\chris new\Desktop
Microsoft Windows 7 Home Basic  (X86) (2010-11-10 10:42:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-191417907-4213490365-3347722966-500 - Administrator - Disabled)
chris new (S-1-5-21-191417907-4213490365-3347722966-1002 - Administrator - Enabled) => C:\Users\chris new
Guest (S-1-5-21-191417907-4213490365-3347722966-501 - Limited - Enabled) => C:\Users\Guest
UpdatusUser (S-1-5-21-191417907-4213490365-3347722966-1004 - Limited - Enabled) => C:\Users\UpdatusUser
__vmware_user__ (S-1-5-21-191417907-4213490365-3347722966-1006 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 4.2 (Enabled - Up to date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET Smart Security 4.2 (Enabled - Up to date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {F3340042-195E-BB41-42D1-CDB495BB46DE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABRITES Common Software (HKLM\...\ABRITES_Common_Software_ID_is1) (Version: 1.7 - Abritus72 Ltd.)
ABRITES Diagnostic Software for interface ID 17193B (HKLM\...\ABRITES Diagnostic Software-ID17193B_is1) (Version:  - Abritus72 Ltd.)
Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - )
Advertising Center (HKLM\...\{b2ec4a38-b545-4a00-8214-13fe0e915e6d}) (Version: 0.0.0.1 - Nero AG) Hidden
AeroFly 5 (HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\{52989499-E3EF-442C-8B07-B1D2D32388ED}) (Version: 5.00.01.16 - IPACS)
AK300 (HKLM\...\AK300) (Version:  - )
AK90 (HKLM\...\AK90) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version:  - )
ASUS nVidia Driver (HKLM\...\{EEA080A7-4331-4593-A071-D0862A8178B9}) (Version: 1.00.0000 - ASUSTek) Hidden
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
AVS Media Player 4.2.3.106 (HKLM\...\AVS Media Player_is1) (Version: 4.2.3.106 - Online Media Technologies Ltd.)
AVS Video Converter 9.0 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.)
Battlefield: Bad Company™ 2 (HKLM\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Bing Bar (HKLM\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
BlackBerry Desktop Software 4.7 (HKLM\...\{84F1B62A-E6F6-458E-BC19-51DBB14055EA}) (Version: 4.7.0.25 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 4.7 (HKLM\...\BlackBerry_{84F1B62A-E6F6-458E-BC19-51DBB14055EA}) (Version: 4.7.0.25 - Research In Motion Ltd.)
BlackBerry Device Software Updater (HKLM\...\{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}) (Version: 6.0.1.13 - Research In Motion Ltd)
BMW Immo ID Editor 2.42 (HKLM\...\BMW Immo ID Editor2.42) (Version: 2.42 - pawliukazz)
Bome's Mouse Keyboard 2.00 (HKLM\...\Bome's Mouse Keyboard_is1) (Version:  - Bome Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bosch Viewer (HKLM\...\Bosch Viewer) (Version:  - )
CAR TOOL 1.06 (HKLM\...\{14A186C8-AAFB-4A22-A278-F679D4DFD954}_is1) (Version:  - )
CLIP (HKLM\...\{9D143A8C-C66A-4E27-A602-C004F14EBA92}) (Version: 29.18 - )
Collab (HKLM\...\Collab) (Version:  - Image-Line bvba)
Control unit diagnosis SD-SW-Setup:2012/1.1.00.009 KTS500-V:201 (HKLM\...\Control unit diagnosis_is1) (Version:  - Robert Bosch GmbH, Generated SD-SW-Setup)
CopyTrans Suite Remove Only (HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
D2SRoBa 3.80 (HKLM\...\D2SRoBa) (Version:  - )
DATA_EXPLORER_MANAGER (C:\Program Files\DATA_EXPLORER_MANAGER\) #3 (HKLM\...\ST6UNST #3) (Version:  - )
DATA_EXPLORER_MANAGER (C:\Program Files\DATA_EXPLORER_MANAGER\) (HKLM\...\ST6UNST #2) (Version:  - )
DATA_EXPLORER_MANAGER (HKLM\...\ST6UNST #1) (Version:  - )
Dataman-48XP/UXP Software (HKLM\...\{E5C3549A-1A57-41A6-80C6-2A9C4FE07E02}) (Version: 10.71.00 - Dataman Programmers Ltd.)
Device Programmer Desktop (HKLM\...\{4802F8E5-3321-11D6-8494-008048C6ADC0}) (Version: 4.5.0 - DB Software)
D-Link Connection Manager v2.0.0TK (HKLM\...\Broad Mobi HSPA Modem Normal Version_is1) (Version:  - )
DolbyFiles (HKLM\...\{b1adf008-e898-4fe2-8a1f-690d9a06acaf}) (Version: 0.1 - Nero AG) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 33.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
DVD2SVCD 1.2.3 Build 1 (HKLM\...\DVD2SVCD Software Bundle_is1) (Version:  - DVD2SVCD)
DVDSmith Movie Backup 1.0.8 (HKLM\...\DVDSmith Movie Backup_is1) (Version:  - dvdsmith.com)
EA Download Manager (HKLM\...\EA Download Manager) (Version: 6.0.4.124 - Electronic Arts, Inc.)
EA Download Manager UI (HKLM\...\{E17141A6-211D-5854-61D9-69827A430D82}) (Version: 6.0.4 - Electronic Arts) Hidden
EA Download Manager UI (HKLM\...\com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 6.0.4.124 - Electronic Arts)
EA Network Play System (HKLM\...\Network Play System) (Version:  - )
Eaglescope (HKLM\...\{742B3600-3DD9-4D22-8865-2AA6675565B5}) (Version: 1.00.0015 - techgearworld)
EDIABAS WinKFP Uninstall (HKLM\...\EDIABAS WinKFP Uninstall) (Version:  - )
ESI[tronic] (HKLM\...\ESI[tronic]) (Version:  - )
Far Cry 2 (HKLM\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.00.00 - Ubisoft)
Far Cry 3 (HKLM\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.00 - Ubisoft)
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server UK) (Version: 2.0.1.13 - MAGIX AG)
FL Studio 7 (HKLM\...\FL Studio 7) (Version:  - Image-Line bvba)
Foxit Reader (HKLM\...\Foxit Reader) (Version:  - )
Free Convert MP3 To WAV (remove only) (HKLM\...\Free Convert MP3 To WAV) (Version:  - 4dots Software)
Free Video To MP3 Converter (HKLM\...\Free Video To MP3 Converter_is1) (Version: 5.1.2.523 - Digital Wave Ltd)
Free YouTube To MP3 Converter (HKLM\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.53.628 - Digital Wave Ltd)
FreeCAD 0.15 - A free open source CAD system (HKLM\...\FreeCAD 0.15) (Version: 0.15.4671 - Juergen Riegel)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GeekBuddy (HKLM\...\{50D84E9A-CFB6-4176-B4F6-E88079E2E5D0}) (Version: 4.4.47 - Comodo Security Solutions Inc)
Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
Grammarly (HKU\S-1-5-21-191417907-4213490365-3347722966-1002\...\GrammarlyForWindows) (Version: 1.5.25 - Grammarly)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - FreeCodecPack)
Heroes of the Pacific (HKLM\...\Heroes of the Pacific) (Version: 1.0 - Codemasters)
Hex Workshop v6.7 (HKLM\...\{1CC291E4-9288-4189-B02D-8E5A7E8CB550}) (Version: 6.7.0.5247 - BreakPoint Software)
HexCmp 2.34.1 (HKLM\...\HexCmp 2_is1) (Version:  - Fairdell Software)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{822B325F-9CDD-4E78-87A2-35E6F0DDEEA2}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{90BBACD9-526F-4AD5-8B92-80BB5F5E1A6D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
iCloud (HKLM\...\{5DDB3393-E08B-447E-925F-6C00B95D0FE7}) (Version: 2.1.1.3 - Apple Inc.)
Ico's AirBag Crash Data Cleaner 1.1 (HKLM\...\{DFE42DA1-BE1F-45AF-9E06-CF9E92462595}_is1) (Version: 1.1 - Igor Pejašinović)
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line bvba)
ImagXpress (HKLM\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
InCD Help (HKLM\...\{b86754dd-2ddb-4ac0-9015-cb487277254e}) (Version: 6.4.0.0 - Nero AG) Hidden
Indeo® software (HKLM\...\Indeo® software) (Version:  - )
INPA5.0 (HKLM\...\{4FF0C150-34A4-426D-9AE7-998521EDAC17}) (Version: 1.00.0000 - BMW TESTER GROUPS)
iSkysoft iPhone Data Recovery(Build 1.0.0.13) (HKLM\...\{10B4DAB2-9F85-483e-BF03-31771821E060}_is1) (Version: 1.0.0.13 - iSkysoft Software Co.,Ltd.)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java™ 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
LabTool-48 (HKLM\...\LabTool-48) (Version:  - )
LG CyberLink PowerBackup (HKLM\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.5529 - CyberLink Corp.)
LG CyberLink PowerDVD (HKLM\...\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815d - CyberLink Corp.) Hidden
LG CyberLink PowerDVD (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815d - CyberLink Corp.)
LG CyberLink PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2130 - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2130 - CyberLink Corp.)
LG CyberLink YouCam (HKLM\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3123 - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3123 - CyberLink Corp.)
LG Power Tools (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.) Hidden
LG Power Tools (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.)
MAGIX Music Maker 15 Premium Trial 15.0.1.5 (UK) (HKLM\...\MAGIX Music Maker 15 Premium Trial UK) (Version: 15.0.1.5 - MAGIX AG)
MAGIX Screenshare 4.3.6.1987 (UK) (HKLM\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Maxtor MaxBlast (HKLM\...\{81A60A13-224D-4637-8203-3EAC03B121A4}) (Version: 10.0.5077 - Maxtor)
MBKey drivers and software (HKLM\...\MBKey) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Medal of Honor ™ (HKLM\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.11.25325 (HKLM\...\{568CD07E-0824-3EEB-AEC1-8FD51F3C85CF}) (Version: 14.11.25325 - Microsoft Corporation)
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.11.25325 (HKLM\...\{029DA848-1A80-34D3-BFC1-A6447BFC8E7F}) (Version: 14.11.25325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MobileWiFi (HKLM\...\MobileWiFi) (Version: TOOL-ConnLaucher_WIN1.09.02.00 - Huawei Technologies Co.,Ltd)
MSVC80_x86_v2 (HKLM\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MX vs ATV Reflex (HKLM\...\MX vs ATV Reflex_is1) (Version:  - )
Nero 9 Essentials (HKLM\...\{4b99b9bb-2e84-404a-8311-ac4459b6839e}) (Version:  - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{6869591A-7DD8-46D2-837F-57CBF7358955}) (Version: 7.1.22.0 - Nokia)
Nokia PC Suite (HKLM\...\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}) (Version: 7.1.40.1 - Nokia) Hidden
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.40.1 - Nokia)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9646 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Onlinesupport 5.0.8232 QS (HKLM\...\{9520BD31-226A-4D5D-B900-6C0CDBA75BF0}_is1) (Version:  - Robert Bosch GmbH)
OtoCheck (HKLM\...\OtoCheck2.0) (Version: 2.0 - OtoCheck)
Panda USB Vaccine 1.0.1.16 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PC Connectivity Solution (HKLM\...\{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}) (Version: 9.44.0.3 - Nokia)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.0 - Google, Inc.)
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
QCAD Trial 3.17.1 (HKLM\...\{8193741F-A032-4D0D-AD5C-2E6B0CAB4B34}) (Version: 3.17.1 - RibbonSoft GmbH)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
QuickTime (HKLM\...\QuickTime) (Version:  - )
Reason 5.0 (HKLM\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Reason Demo 3.0.4 (HKLM\...\Reason Demo_is1) (Version: 3.0.4 - Propellerhead Software AB)
ReCycle Demo 2.2.4 (HKLM\...\ReCycleDemo2.2_32_is1) (Version: 2.2.4 - Propellerhead Software AB)
Registry Repair Wizard (HKLM\...\Registry Repair Wizard_is1) (Version:  - SmartPCTools)
Screen Protractor (HKLM\...\Screen Protractor) (Version: 1.1 - Iconico)
Sentinel System Driver (HKLM\...\Rainbow Sentinel Driver) (Version:  - )
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM\...\{7A7772AB-6C86-4A4D-8557-106AE3C2AFA7}) (Version: 6.1.00 - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_2 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_2) (HKLM\...\{CC0A8373-D84C-496D-BC22-446235876226}) (Version: 6.4 - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_3 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_3) (HKLM\...\{44FECF15-0910-44AA-BCDE-AECECA91E5C2}) (Version: 6.4 - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_4 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_4) (HKLM\...\{A5C625E6-C4B9-4065-9C98-3D7159DC3359}) (Version: 6.4 - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_5 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_5) (HKLM\...\{451BBC3E-434B-4666-B07C-BC028001C847}) (Version: 6.4 - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_6 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_6) (HKLM\...\{EA3FB829-1F23-4767-815A-A051CD66AB6E}) (Version: 6.4 - Silicon Laboratories, Inc.)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_7 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_7) (HKLM\...\{91F56538-3B0E-4664-A8DE-DC6BF82A4742}) (Version: 6.4 - Silicon Laboratories, Inc.)
SketchUp 2016 (HKLM\...\{06584914-3DC6-4C37-AB84-30342BB5D93D}) (Version: 16.0.19911 - Trimble Navigation Limited)
SmartSound Quicktracks Plugin (HKLM\...\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.6 - SmartSound Software Inc) Hidden
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.6 - SmartSound Software Inc)
SpeedBit Video Accelerator (HKLM\...\SpeedBit Video Accelerator) (Version: 3380(build_3064) - SpeedBit Ltd.)
Split/Second (HKLM\...\{28526951-55EF-4901-A0CA-B9AC966D1DD1}) (Version: 1.00.0000 - Disney Interactive Studios)
Star Wars Republic Commando (HKLM\...\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}) (Version: 1.0 - )
Striata Reader (HKLM\...\{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}) (Version: 2.9-1 - Striata Communication Solutions)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
Techstream Software (HKLM\...\{937CA58A-0212-431C-8F0B-0D8305225476}) (Version: 6.10.041 - DENSO CORPORATION)
Techstream Software (HKLM\...\{C0AEFD8E-E96E-484D-9058-B76D57FF581A}) (Version: 5.00.028 - DENSO CORPORATION) Hidden
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Orange Box (HKLM\...\{9EF7918F-6283-48D4-8648-9FE84BE9FB41}) (Version: 1.00.0000 - Valvesoftware)
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
TM100 Key Programmer V1.3 (HKLM\...\TM100 Key Programmer Software_is1) (Version: 1.4 - )
Tolerance Data (HKLM\...\Tolerance Data) (Version: 2009.2 - )
TunerPro RT v4.14 (HKLM\...\TunerPro RT_is1) (Version:  - )
TunerPro v5.00 (HKLM\...\TunerPro_is1) (Version:  - )
Ulead DVD DiskRecorder 2.1.1 (HKLM\...\{31E1050B-F69F-4A16-8F5A-E44D31901250}) (Version:  - Ulead Systems, Inc.)
Ulead VideoStudio 9.0 (HKLM\...\{88F92798-59AB-474F-B40D-1EC5F782F7EE}) (Version: 9.0 - Ulead System)
UltraISO Premium V9.36 (HKLM\...\UltraISO_is1) (Version:  - )
UP48 (HKLM\...\{06AD6C10-6302-4F87-B8C5-5AFCD2ED9C03}) (Version: 1.039 - BK Electronics)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
USB Virus Scan 2.4 (HKLM\...\USB Virus Scan_is1) (Version:  - USB Virus Scan)
VAGEDCSuite (HKLM\...\{7B37F66B-5E91-477B-8B1D-137355D2B07E}) (Version: 1.3.9 - Dilemma)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VMware Workstation (HKLM\...\{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}) (Version: 6.0.3.1613 - VMware, Inc.)
Vodafone Mobile Broadband (HKLM\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.3.408.46426 - Vodafone)
Wave Editor 3.5.0.0 (HKLM\...\Wave Editor_is1) (Version: 3.5.0.0 - AbyssMedia.com)
Webcam Software (HKLM\...\Webcam Software) (Version:  - )
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\9E24492CE9279512BD465F61DB8523641BB7BBFC) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/27/2014 2.10.00) (HKLM\...\42F5D8399C4B7EB9005D88E9045ABB1A715CD59A) (Version: 01/27/2014 2.10.00 - FTDI)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - hxxp://www.autoelectric.cn (MiniProWdf) WDFMiniPro  (04/12/2010 6.1.7600.16385) (HKLM\...\951DFCED66C8346134CD960AEF2B38968B2E8A22) (Version: 04/12/2010 6.1.7600.16385 - hxxp://www.autoelectric.cn)
Windows Driver Package - Nokia Modem  (06/01/2009 7.01.0.4) (HKLM\...\8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA) (Version: 06/01/2009 7.01.0.4 - Nokia)
Windows Driver Package - Nokia Modem  (10/05/2009 4.2) (HKLM\...\05B59228C7E1C21DFBE89260F879BD95880548D8) (Version: 10/05/2009 4.2 - Nokia)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
WinHex (HKLM\...\WinHex) (Version:  - )
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 15.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9579 - WinZip Computing, S.L. )
WinZip Courier (HKLM\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325B5}) (Version: 3.0.9557 - WinZip Computing, S.L. )
Zed-BULL (HKLM\...\{4B74E8AE-35AB-4C7E-B40C-60794780B12D}) (Version: 5.0.6 - IstanbulAnahtar)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-191417907-4213490365-3347722966-1002_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CustomCLSID: HKU\S-1-5-21-191417907-4213490365-3347722966-1002_Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\Windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-191417907-4213490365-3347722966-1002_Classes\CLSID\{9E8D2FA1-591C-11D0-BF52-0020AF32BD64}\InprocServer32 -> C:\Program Files\BK Electronics\UP48\midas.dll (Embarcadero Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-191417907-4213490365-3347722966-1002_Classes\CLSID\{9E8D2FA3-591C-11D0-BF52-0020AF32BD64}\InprocServer32 -> C:\Program Files\BK Electronics\UP48\midas.dll (Embarcadero Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-191417907-4213490365-3347722966-1002_Classes\CLSID\{9E8D2FA5-591C-11D0-BF52-0020AF32BD64}\InprocServer32 -> C:\Program Files\BK Electronics\UP48\midas.dll (Embarcadero Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-191417907-4213490365-3347722966-1002_Classes\CLSID\{9E8D2FA7-591C-11D0-BF52-0020AF32BD64}\InprocServer32 -> C:\Program Files\BK Electronics\UP48\midas.dll (Embarcadero Technologies, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2009-07-16] (Nero AG)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => C:\Program Files\BreakPoint Software\Hex Workshop v6.7\HWExt32.dll [2012-07-29] (BreakPoint Software, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2012-12-17] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-03] (Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2011-08-02] (WinZip Computing, S.L.)
ContextMenuHandlers2: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => C:\Program Files\BreakPoint Software\Hex Workshop v6.7\HWExt32.dll [2012-07-29] (BreakPoint Software, Inc.)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2009-04-02] (EZB Systems, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files\VMware\VMware Workstation\vmdkShellExt.dll [2008-03-03] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2009-04-02] (EZB Systems, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-03] (Alexander Roshal)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2011-08-02] (WinZip Computing, S.L.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-18] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2009-04-02] (EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-03] (Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2011-08-02] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04102D10-A5E8-474D-97D9-9E49EE0C13F2} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e4829ca708ca => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {04779195-271F-43C9-8AAA-A681F7BFEFBF} - System32\Tasks\{AFFCD692-1020-1ACA-EF33-FA6055E4D62B} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\d34bfceb\b31f3f05.dll" <==== ATTENTION
Task: {092415EB-1A7B-4FCF-96CD-DECF3D55CA00} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] ()
Task: {0A242585-DDFF-4081-9580-EA4BE1150D43} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-05-27] (Dropbox, Inc.)
Task: {13E9E9AE-FD55-4DE6-B0E8-66C98483A210} - System32\Tasks\{95875210-DE8B-4C73-AFE9-CF1EA4FF43D6} => C:\Windows\system32\pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\PhoenixRC\phoenixRC.exe"
Task: {16289ABB-B777-4903-9275-FF0F311B11AD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2017-05-27] (Dropbox, Inc.)
Task: {19601516-7C17-40D6-B17B-D6B13561A17E} - \Windows Update Check - 0x0E7302EC -> No File <==== ATTENTION
Task: {1BB08408-5B5C-4406-A2F7-28120E61B825} - System32\Tasks\{0D022E69-BAA9-99C2-B814-63CD60A83302} => C:\ProgramData\{C47E1E3A-73D5-A991-7D0B-27F594F4D83B}\5767F486-E0CC-432D-8FA3-EA3FE6B65038.exe <==== ATTENTION
Task: {1D2B98B5-A16D-4BCE-98CA-7FD2340D8055} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e4829da81d68 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {231974EE-6286-4CE4-BEAF-86E998D2F34A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: {23BCDAE7-7018-4A6C-969E-584C1E69CAEB} - System32\Tasks\{940EC909-F292-4383-930F-B20FC6056A0D} => C:\CLIP_X91\Lib\Application\ClipLauncher_X91.exe
Task: {28C97465-2D62-45A5-83BF-2A05F4AA9DAF} - System32\Tasks\SUPERAntiSpyware Scheduled Task dd92aa93-5717-4ae2-8f34-623d138f8a22 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {2B88EAB8-E79D-446B-AD32-BF1801F4F1E9} - System32\Tasks\{F745813A-D759-49A2-95A5-22EAF6E30CE5} => K:\setup_vmb_lite.exe
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {2BEC3B21-ED49-4E0F-90C7-A0AF552293B9} - System32\Tasks\{0045E1A6-6B60-4145-8810-C1AF32A1854B} => C:\Windows\system32\pcalua.exe -a "F:\bmw dongle\我的光盘\02_Step_2\INSTALL\Instprog.exe" -d "F:\bmw dongle\我的光盘\02_Step_2\INSTALL"
Task: {2E2E5E0E-9336-408D-9B0F-0AB74AF42B13} - \ProtectedSearch\Protected Search -> No File <==== ATTENTION
Task: {2F56900C-DEFA-427E-B5F5-79B0D0DE40F8} - System32\Tasks\{E35CCE4B-1888-4ED2-BB2B-D65CF5345BB1} => C:\Users\chris new\Desktop\V94.0.0.0\setup.exe
Task: {34912F01-F330-43D8-8BC6-6DBC0A5D1CAA} - System32\Tasks\{8320E9E7-269C-471A-9147-F72A9A2FEB0B} => C:\Windows\system32\pcalua.exe -a "K:\BMW INPA\INPA\INPA\02_Step_2\INSTALL\Instprog.exe" -d "K:\BMW INPA\INPA\INPA\02_Step_2\INSTALL"
Task: {4794FE79-D99E-4B9F-8490-EEAC29AC6793} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {4EC1DC8E-7A07-429F-B4CD-A400FEE38DC9} - \{7A7A7D47-787F-050A-0E11-0D0C0E0C110D} -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5FE84337-6883-401C-9F08-AE59C5F7DD7E} - System32\Tasks\{642F7C80-63DE-4E2E-B07D-C037FA6A344E} => G:\setup.exe
Task: {6EEEEB5B-3ABB-4A30-A7D5-47A6090A309D} - System32\Tasks\{77DE968D-E08B-43C5-AB10-1F253412610A} => C:\Windows\system32\pcalua.exe -a M:\AecDrXP163.exe -d M:\
Task: {81C05F39-B9CA-4ED6-96B6-F31257AEFC55} - System32\Tasks\{DD34A4A6-14D4-431E-B07D-B4A2AC791C47} => C:\CLIP_X91\Lib\Application\ClipLauncher_X91.exe
Task: {84E26FDF-B440-4242-A5D3-BF52726601EA} - System32\Tasks\{DC72519C-FDD7-4510-99D9-40E3F1654A82} => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [2013-09-05] (Vodafone)
Task: {98CD9F6A-D921-44F8-92B6-F2F23F6484EE} - System32\Tasks\{EBDD37C3-67A0-49C1-AB6E-5D62D6A41B60} => C:\Windows\system32\pcalua.exe -a "E:\games\Duke_Nukem_Forever-Razor1911\New folder\razor1911_installer.exe" -d "E:\games\Duke_Nukem_Forever-Razor1911\New folder"
Task: {9DA6692A-A764-4F81-9515-D788C060C720} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {9F72B543-445C-42AB-B636-FE73C7A3BD76} - System32\Tasks\{78760E2E-2FB6-4940-BCC0-508B710E4854} => H:\setup.exe
Task: {A813EB9E-0D0B-4A9F-B347-64ED38094310} - System32\Tasks\{229CEFEB-0DBE-4EB8-81EC-7BB541548C60} => C:\Windows\system32\pcalua.exe -a "E:\zedbull\microsoft .net framework 3.5.EXE" -d E:\zedbull
Task: {B221DE6D-9CD4-4FC9-9046-71198F8209E0} - System32\Tasks\{5CA58C26-EE16-4912-A276-EE66848093F6} => C:\Windows\system32\pcalua.exe -a "E:\bosh\Local Disk\Local Disk\2012-1\DVD1\setup.exe" -d "E:\bosh\Local Disk\Local Disk\2012-1\DVD1"
Task: {B88EBEB5-6E19-4875-B79D-16DDFCB12E22} - System32\Tasks\SUPERAntiSpyware Scheduled Task a2110452-8b30-4f27-8819-dae96a55c215 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {C41AB19F-F392-46E7-AAC7-CA79D664FE73} - System32\Tasks\{EA7F1944-77C9-4057-B592-BFEBA27C3C5A} => C:\Users\chris new\Desktop\V94.0.0.0\setup.exe
Task: {CBDF3DA6-2C8B-4946-BD09-C12F40983653} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {D2AB01FF-2B32-4EE6-884A-56B2778DD296} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-15] (Adobe Systems Incorporated)
Task: {D4F47100-B2AD-4B8E-AE3C-C61D278C0317} - System32\Tasks\{E92BFE17-367D-4423-95B7-A6DB7895DD97} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Bome's Mouse Keyboard\unins000.exe"
Task: {D70B3F16-2678-4CB6-901F-0AFCE6EE5DEE} - System32\Tasks\{3CFE4F62-0CC9-4B00-B87C-405B7E2A35E4} => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: {D7411965-E533-43FE-9632-D48E9EAC716C} - System32\Tasks\{DD89CE45-A704-4E18-85C4-51606DC64154} => C:\Windows\system32\pcalua.exe -a "I:\darius bmw\Ediabas-6.4.3-full\INSTALL\Instprog.exe" -d "I:\darius bmw\Ediabas-6.4.3-full\INSTALL"
Task: {DA303636-AE4F-4A90-96E2-A753E24CD76A} - System32\Tasks\{292D9509-CC08-4F7C-873A-D06C9266CEFB} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\DVDVideoSoft\lib\Uninstall.exe" -c /app FreeVideoToMP3Converter
Task: {E3CEBE3E-ED5C-4AE0-9E46-F8FE477B4D31} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {E4C058AD-CC6C-4359-A57F-EB0F2B20621D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {E510335E-3F8A-405C-AC3D-E8A8078B5942} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-15] (Adobe Systems Incorporated)
Task: {E9B00D48-3A53-4AF2-931B-672E10F4E48A} - System32\Tasks\{8FD50CDA-30CC-4CFC-86F6-7823354663B1} => C:\CLIP_X91\Lib\Application\ClipLauncher_X91.exe
Task: {EEEEBECD-4DF2-4C1D-B42C-34CC68B8CCD5} - System32\Tasks\{B8D2577F-3773-4C78-A6AB-F6F6C4F84D17} => C:\Windows\system32\pcalua.exe -a K:\jre-8u25-windows-i586.exe -d K:\
Task: {EF697ADD-A7A9-4295-A335-12D3D07C4351} - System32\Tasks\{F0B3B40C-082C-4CB3-9178-1590665AF57C} => K:\setup_vmb_lite.exe
Task: {F1A8311E-81C9-4073-847C-085E779C8BF3} - System32\Tasks\{613311A5-6C96-448A-ADA5-0BE449B97382} => C:\CLIP_X91\Lib\Application\ClipLauncher_X91.exe
Task: {F414C379-C154-456C-B17C-464AC04B5CB3} - System32\Tasks\{AECD280C-A027-4B3B-89E5-1B09BBB7AC50} => C:\Windows\system32\pcalua.exe -a "E:\immo off tools\x-prog 5.3\xprog-m 5.3加密安装版\setup.exe"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a2110452-8b30-4f27-8819-dae96a55c215.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task dd92aa93-5717-4ae2-8f34-623d138f8a22.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\chris new\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eacadfa43776aec\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData2
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-11-19 19:02 - 2013-01-18 16:20 - 000079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2008-09-09 11:23 - 2008-09-09 11:23 - 000022723 _____ () C:\Windows\System32\sst1cl3.dll
2017-07-14 16:37 - 2017-06-29 10:46 - 000114664 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\zlib1.dll
2017-07-14 16:37 - 2017-05-23 13:57 - 000108008 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2017-07-14 16:37 - 2017-05-23 13:57 - 000024040 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2017-07-14 16:37 - 2017-05-23 13:57 - 000048104 _____ () C:\Program Files\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2014-08-25 15:56 - 2014-08-25 15:56 - 000043520 _____ () C:\Windows\system32\CmdLineExt03.dll
2010-01-21 01:34 - 2010-01-21 01:34 - 008793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-08-24 07:03 - 2017-08-22 18:55 - 000757568 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2017-08-24 07:03 - 2017-08-22 18:55 - 001787200 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
2017-08-21 12:55 - 2017-08-22 18:53 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2017-08-21 12:55 - 2017-08-22 18:57 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2017-08-24 07:03 - 2017-08-22 18:56 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000125904 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2017-08-24 07:03 - 2017-08-22 18:56 - 001862992 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-08-24 07:03 - 2017-08-22 18:56 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-08-24 07:03 - 2017-08-22 18:53 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2017-08-24 07:03 - 2017-08-22 18:55 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2017-08-21 12:55 - 2017-08-22 18:53 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2017-08-21 12:55 - 2017-08-22 18:57 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 000062784 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2017-08-24 07:03 - 2017-08-22 18:53 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2017-08-24 07:03 - 2017-08-22 18:55 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2017-08-21 12:55 - 2017-08-22 18:57 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2017-08-21 12:55 - 2017-08-22 18:57 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2017-08-24 07:03 - 2017-08-22 18:56 - 000022336 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-08-21 12:55 - 2017-08-22 18:57 - 000082264 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-08-21 12:55 - 2017-08-22 18:57 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 003928896 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 001826104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 001972024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 000171336 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 000042816 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 000531264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 000133432 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 000224064 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 000207680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2017-08-21 12:55 - 2017-08-22 18:57 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-08-21 12:55 - 2017-08-22 18:57 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-08-21 12:55 - 2017-08-22 18:57 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-08-21 12:55 - 2017-08-22 18:57 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-08-21 12:55 - 2017-08-22 18:57 - 000022872 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-08-24 07:03 - 2017-08-22 18:56 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-08-21 12:55 - 2017-08-22 18:53 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2017-08-21 12:55 - 2017-08-22 18:58 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 000025936 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-08-24 07:03 - 2017-08-22 18:55 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2017-08-24 07:03 - 2017-08-22 18:56 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-08-21 12:55 - 2017-08-22 18:57 - 000030536 _____ () C:\Program Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2017-08-24 07:03 - 2017-08-22 18:57 - 001637688 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2017-08-21 12:55 - 2017-08-22 18:57 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-08-21 12:55 - 2017-08-22 18:57 - 000023368 _____ () C:\Program Files\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 000546104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2017-08-24 07:03 - 2017-08-22 18:57 - 000357688 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2017-08-27 15:11 - 2013-07-14 18:34 - 001971712 _____ () C:\Program Files\USBScan\USBScan.exe
2015-09-22 16:12 - 2010-08-11 13:51 - 000036864 _____ () C:\Program Files\Bosch\ESItronic\polycsr.dll
2015-09-22 16:12 - 2010-08-11 13:51 - 000166912 _____ () C:\Program Files\Bosch\ESItronic\libmcrypt.dll
2017-08-29 04:46 - 2017-08-23 09:31 - 002881368 _____ () C:\Program Files\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-29 04:46 - 2017-08-23 09:31 - 000086360 _____ () C:\Program Files\Google\Chrome\Application\60.0.3112.113\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:07BF512B [136]
AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E [164]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2016-06-08 16:49 - 000000871 __RSH C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 mpa.one.microsoft.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-191417907-4213490365-3347722966-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: BBUpdate => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HWDeviceService.exe => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: Nero BackItUp Scheduler 4.0 => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: RegServ => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SuperProServer => 2
MSCONFIG\Services: ufad-ws60 => 3
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VmbService => 2
MSCONFIG\Services: VMnetDHCP => 2
MSCONFIG\Services: vmount2 => 2
MSCONFIG\Services: VMware NAT Service => 2
MSCONFIG\Services: WSWNA3100 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlackBerryAutoUpdate => C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
MSCONFIG\startupreg: gbrspcontrol => "C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: gtalkupdate => 
MSCONFIG\startupreg: hliltiuskc => wscript.exe //B "C:\Windows\TEMP\hliltiuskc..vbe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MaxBlastMonitor.exe => C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
MSCONFIG\startupreg: MobileBroadband => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: mobilegeni daemon => 
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: RSRWin.exe => 
MSCONFIG\startupreg: ServeurIPAsde => C:\Program Files\Common Files\sagem SA\DgIpSvr.exe
MSCONFIG\startupreg: VmbNotifier => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbNotifier.exe
MSCONFIG\startupreg: VMware hqtray => "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
MSCONFIG\startupreg: vmware-tray => C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{A60660BC-EFE2-413C-B3B9-C9136A87D117}C:\program files\common files\sagem sa\dgipsvr.exe] => (Block) C:\program files\common files\sagem sa\dgipsvr.exe
FirewallRules: [UDP Query User{083EBD36-8E7F-4765-A6B4-2B1A5B8698D0}C:\program files\common files\sagem sa\dgipsvr.exe] => (Block) C:\program files\common files\sagem sa\dgipsvr.exe
FirewallRules: [TCP Query User{FB40CBA5-B249-4147-9BF6-DCEBB3FAFEE9}C:\users\chris new\desktop\games\borderlands 2 pc full game v_1.0.2 ^^nosteam^^\borderlands 2 nosteam\binaries\win32\borderlands2.exe] => (Allow) C:\users\chris new\desktop\games\borderlands 2 pc full game v_1.0.2 ^^nosteam^^\borderlands 2 nosteam\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{C4181A12-979E-45C2-B427-ACE6BA34ED8D}C:\users\chris new\desktop\games\borderlands 2 pc full game v_1.0.2 ^^nosteam^^\borderlands 2 nosteam\binaries\win32\borderlands2.exe] => (Allow) C:\users\chris new\desktop\games\borderlands 2 pc full game v_1.0.2 ^^nosteam^^\borderlands 2 nosteam\binaries\win32\borderlands2.exe
 
==================== Restore Points =========================
 
07-08-2017 10:26:20 Scheduled Checkpoint
08-08-2017 05:51:43 Windows Update
21-08-2017 20:54:55 Scheduled Checkpoint
22-08-2017 03:37:21 Windows Update
26-08-2017 08:47:05 Installed Windows 7 Upgrade Advisor
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/27/2017 02:51:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/27/2017 02:51:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/09/2017 03:03:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FL.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: FLEngine.dll, version: 7.0.0.0, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x00004792
Faulting process id: 0x177c
Faulting application start time: 0x01d3110f85c13797
Faulting application path: C:\Program Files\Image-Line\FL Studio 7\FL.exe
Faulting module path: C:\Program Files\Image-Line\FL Studio 7\FLEngine.dll
Report Id: 28bbc4cc-7d03-11e7-bc66-ab9935417791
 
Error: (08/09/2017 03:01:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FL.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: FLEngine.dll, version: 7.0.0.0, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x00004792
Faulting process id: 0x177c
Faulting application start time: 0x01d3110f85c13797
Faulting application path: C:\Program Files\Image-Line\FL Studio 7\FL.exe
Faulting module path: C:\Program Files\Image-Line\FL Studio 7\FLEngine.dll
Report Id: e0ab4b9b-7d02-11e7-bc66-ab9935417791
 
Error: (08/08/2017 04:44:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/08/2017 04:44:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (07/30/2017 02:52:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (07/30/2017 02:52:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (07/28/2017 07:21:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.7600.16667, time stamp: 0x4c7dc5a1
Faulting module name: ULDVDA~1.AX, version: 2.0.0.31, time stamp: 0x42253e15
Exception code: 0xc0000005
Fault offset: 0x00011444
Faulting process id: 0x73c4
Faulting application start time: 0x01d307c5e65b0273
Faulting application path: C:\Program Files\Windows Media Player\wmplayer.exe
Faulting module path: C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ULDVDA~1.AX
Report Id: 25c09e11-73b9-11e7-9e09-85a8ea5a4095
 
Error: (07/28/2017 06:47:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.7600.16667, time stamp: 0x4c7dc5a1
Faulting module name: ULDVDA~1.AX, version: 2.0.0.31, time stamp: 0x42253e15
Exception code: 0xc0000005
Fault offset: 0x00012417
Faulting process id: 0x1a60
Faulting application start time: 0x01d307c1300d1cbf
Faulting application path: C:\Program Files\Windows Media Player\wmplayer.exe
Faulting module path: C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ULDVDA~1.AX
Report Id: 6f1ca7db-73b4-11e7-9e09-85a8ea5a4095
 
 
System errors:
=============
Error: (08/29/2017 10:33:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (08/29/2017 10:33:32 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
Logon failure: the specified account password has expired.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (08/29/2017 10:30:23 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The SAS Core Service service hung on starting.
 
Error: (08/29/2017 10:28:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eamonm service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (08/29/2017 10:28:37 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:09:06 AM on ‎2017/‎08/‎29 was unexpected.
 
Error: (08/29/2017 09:18:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (08/29/2017 09:18:47 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
Logon failure: the specified account password has expired.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (08/29/2017 09:16:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The SAS Core Service service hung on starting.
 
Error: (08/29/2017 09:15:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eamonm service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (08/29/2017 09:15:08 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 09:04:11 AM on ‎2017/‎08/‎29 was unexpected.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz
Percentage of memory in use: 61%
Total physical RAM: 3071.24 MB
Available physical RAM: 1188.5 MB
Total Virtual: 6138.71 MB
Available Virtual: 3913.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:27.07 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:1.64 GB) NTFS
Drive e: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive f: () (Fixed) (Total:74.53 GB) (Free:16.73 GB) NTFS
Drive h: (Reason 5) (CDROM) (Total:7.79 GB) (Free:0 GB) UDF
Drive i: () (Fixed) (Total:106.62 GB) (Free:25.31 GB) NTFS
Drive l: (DATA) (Fixed) (Total:106.64 GB) (Free:42.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4AEDBB32)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8D024B73)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 42D542D4)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 9D6E7D9D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=106.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=106.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 virusstopper

virusstopper
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 29 August 2017 - 12:33 PM

Well, I really can not explain this, the infection and all the files have disappeared, prior to this posting I did run Superantispy and Usbvaccine, they some how have done the job.Sorry to have wasted your time with that one .While you are busy with the logs could you please remedy the browser hacking problem I am experiencing, thank you for your time, regards.



#5 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:33 PM

Posted 30 August 2017 - 01:12 PM

Well, that's nice to know. I have a couple of questions.

I noticed there are Group Policy restrictions in effect. Are these known to you?[/font][/color]

Also seen is the User Account Controls are set to allow just about anyone to do anything they want. Is this something you want as well?

Now we begin the healing process. Don't expect much from this step. We're still in the discovery phase, and there are several files I need to look at closer.

We need to run a fix with FRST:
  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    ((Attached File  fixlist.txt   817bytes   2 downloads ))
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Another scanning tool
  • Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
  • Important - Save it to your desktop.
  • Right Click CKScanner.exe and "Run as administrator".
  • Give permission if necessary, and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please run the program once only.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
So next post fixlog.txt and CKFiles.txt. Also let me know about those policy items. Please run Farbar recovery Scan tool again. When the FRST window appears, under Whitelist please Uncheck Internet, then press Scan.

Edited by Bezukhov, 30 August 2017 - 01:19 PM.

To err is Human. To blame it on someone else is even more Human.

#6 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:02:33 PM

Posted 02 September 2017 - 08:49 AM

Do you still need help?
To err is Human. To blame it on someone else is even more Human.

#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,011 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:33 PM

Posted 05 September 2017 - 04:10 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users