Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Infection creates mysterious folders that regenerate when deleted


  • This topic is locked This topic is locked
18 replies to this topic

#1 JohnBlood

JohnBlood

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 23 October 2017 - 12:15 PM

Here is the information for FRST 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2017
Ran by Win 7 User (administrator) on PENT48 (21-10-2017 19:02:45)
Running from C:\Users\Win 7 User\Downloads
Loaded Profiles: Win 7 User (Available Profiles: Win 7 User & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Greatis Software, LLC) C:\Program Files (x86)\BootRacer\BootRacerServ.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files\Everything\Everything.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files\SyncTrayzor\SyncTrayzor.exe
(Resilio, Inc.) C:\Users\Win 7 User\AppData\Roaming\Resilio Sync\Resilio Sync.exe
(Dropbox, Inc.) C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Launchy\Launchy.exe
(Mike Edward Moras (e-sushi™) — www.e-sushi.net) C:\Program Files (x86)\MiniBin\MiniBin.exe
(Dropbox, Inc.) C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Dropbox, Inc.) C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
() C:\Users\Win 7 User\AppData\Roaming\SyncTrayzor\syncthing.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\Everything\Everything.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-08-25] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-05] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2197608 2017-06-06] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [MiniBin] => C:\Program Files (x86)\MiniBin\MiniBin.exe [69632 2013-02-13] (Mike Edward Moras (e-sushi™) — www.e-sushi.net)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [BootRacer] => C:\Program Files (x86)\BootRacer\Bootrace.exe [3843344 2014-04-23] (Greatis Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Run: [Google Update] => C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Run: [Dropbox Update] => C:\Users\Win 7 User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-07] (Dropbox, Inc.)
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Run: [SyncTrayzor] => C:\Program Files\SyncTrayzor\SyncTrayzor.exe [1139200 2017-09-04] ()
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Run: [Resilio Sync] => C:\Users\Win 7 User\AppData\Roaming\Resilio Sync\Resilio Sync.exe [16544776 2017-07-18] (Resilio, Inc.)
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Policies\Explorer: [NoDrives] 2
HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Win 7 User\AppData\Roaming\Copy\CopyAgent.exe"
Startup: C:\Users\Win 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-10-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Win 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2013-05-13]
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\Win 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2015-09-01] ()
BootExecute: autocheck autochk *  
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.1.10.1
Tcpip\..\Interfaces\{EDDB1837-5437-4A34-A40A-4520F00ADD06}: [NameServer] 208.67.222.222,208.67.220.220,192.168.1.1
Tcpip\..\Interfaces\{EDDB1837-5437-4A34-A40A-4520F00ADD06}: [DhcpNameServer] 10.1.10.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.tldm.org/
hxxps://www.paypal.com/us/
hxxps://www.tldm.org/cgi-bin/c32web.exe
hxxps://www.myvirtualmerchant.com/VirtualMerchant/login.do
hxxps://mail.google.com/mail/?shva=1#inbox
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.drudgereport.com/
SearchScopes: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001 -> DefaultScope {3E9E10E6-787F-4177-AD72-E10D68D0807F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001 -> {30255E0E-A6D3-4DDB-B8A4-099666DCDFD9} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001 -> {3E9E10E6-787F-4177-AD72-E10D68D0807F} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001 -> {707DCA81-0D9A-4BBD-A8C2-D9A2D24C7B04} URL = hxxp://youtube.com/results?search_type=search_videos&search_query={searchTerms}&search_sort=relevance&search_category=0&page={startPage?}
SearchScopes: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001 -> {A404EECA-6383-4742-8B35-4A5C55042047} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001 -> {C1BBD1A0-8588-4955-8035-118A1E1146EE} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=ADDLVD&src={referrer:source?}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-10-05] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-10-05] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: No Name -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> No File
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-21] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll [2013-09-05] ()
 
FireFox:
========
FF DefaultProfile: 
FF DefaultProfile: 9oas0nxt.default
FF DefaultProfile: 9m2tzvkv.default
FF ProfilePath: C:\Users\Win 7 User\AppData\Roaming\Songbird2\Profiles\iiszh7fn.default [2014-11-14]
FF NetworkProxy: Songbird2\Profiles\iiszh7fn.default -> no_proxies_on", "127.0.0.1;localhost"
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest.com [not found]
FF ProfilePath: C:\Users\Win 7 User\AppData\Roaming\Nightingale\Profiles\6vxre8e2.default [2014-04-02]
FF Extension: (Last.fm) - C:\Users\Win 7 User\AppData\Roaming\Nightingale\Profiles\6vxre8e2.default\Extensions\audioscrobbler@getnightingale.com [2014-04-02] [not signed]
FF Extension: (mashTape) - C:\Users\Win 7 User\AppData\Roaming\Nightingale\Profiles\6vxre8e2.default\Extensions\mashTape@getnightingale.com [2014-04-02] [not signed]
FF Extension: (SHOUTcast Radio) - C:\Users\Win 7 User\AppData\Roaming\Nightingale\Profiles\6vxre8e2.default\Extensions\shoutcast-radio@getnightingale.com [2014-04-02] [not signed]
FF Extension: (SoundCloud) - C:\Users\Win 7 User\AppData\Roaming\Nightingale\Profiles\6vxre8e2.default\Extensions\soundcloud@songbirdnest.com [2014-04-02] [not signed]
FF Extension: (MLyrics) - C:\Users\Win 7 User\AppData\Roaming\Nightingale\Profiles\6vxre8e2.default\Extensions\{6039188e-d135-11df-bcc9-c7e1ded72085} [2014-04-02] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\albumart@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\bluemonday@getnightingale.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\foldersync-ng@getnightingale.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\foldersync@rsjtdrjgfuzkfg.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\gonzo@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\pinkmartini@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\playlistfolders@getnightingale.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\purplerain@songbirdnest.com [not found]
FF ProfilePath: C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default [2017-10-21]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9oas0nxt.default -> Google (avast)
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\9oas0nxt.default -> Google (avast)
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\9oas0nxt.default -> hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\9oas0nxt.default -> Google (avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9oas0nxt.default -> Google (avast)
FF Homepage: Mozilla\Firefox\Profiles\9oas0nxt.default -> hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: Mozilla\Firefox\Profiles\9oas0nxt.default -> hxxps://www.google.com/search/?trackid=sp-006
FF NetworkProxy: Mozilla\Firefox\Profiles\9oas0nxt.default -> socks_remote_dns", true
FF NetworkProxy: Mozilla\Firefox\Profiles\9oas0nxt.default -> type", 0
FF Extension: (DownThemAll! AntiContainer) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\anticontainer@downthemall.net.xpi [2016-05-22]
FF Extension: (Blur) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\donottrackplus@abine.com.xpi [2017-10-12]
FF Extension: (Mozilla Labs: Prospector - Find Suggest) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\find.suggest@prospector.labs.mozilla.xpi [2016-05-10]
FF Extension: (Firebug) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\firebug@software.joehewitt.com.xpi [2017-03-06]
FF Extension: (Side Tabs) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\jid0-AjzBVlpzVAaBqxcar9QDqMWWAVQ@jetpack.xpi [2016-05-10]
FF Extension: (Push to Kindle) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\jid0-GokC6R49cBZciOKniufAR4QKFWc@jetpack.xpi [2017-03-30]
FF Extension: (Firefox Lightbeam) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2017-10-12]
FF Extension: (Personas Plus) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\personas@christopher.beard.xpi [2017-05-26]
FF Extension: (Mozilla Labs: Prospector - Query Stats) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\query.stats@prospector.labs.mozilla.xpi [2016-05-10]
FF Extension: (Send to Kindle for Mozilla Firefox) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\sendtokindle@amazon.com.xpi [2016-05-10]
FF Extension: (Avast SafePrice) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\sp@avast.com.xpi [2017-10-21]
FF Extension: (Mozilla Labs: Prospector - Speak Words) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\speak.words@prospector.labs.mozilla.xpi [2016-05-10]
FF Extension: (TinEye Reverse Image Search) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\tineye@ideeinc.com.xpi [2017-10-12]
FF Extension: (uBlock Origin) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\uBlock0@raymondhill.net.xpi [2017-10-21]
FF Extension: (Avast Online Security) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\wrc@avast.com.xpi [2017-10-12]
FF Extension: (FlashGot) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-01-04]
FF Extension: (Bookmark All) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\{a76cd07b-f0d7-4ef9-9566-8faef6e290e4}.xpi [2016-05-22]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-25]
FF Extension: (Video DownloadHelper) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-10-21]
FF Extension: (Tab Mix Plus) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-10-12]
FF Extension: (DownThemAll!) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-10-13]
FF SearchPlugin: C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\searchplugins\google-avast.xml [2015-02-06]
FF ProfilePath: C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw [2017-07-24]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\012dz70d.jpw -> Google (avast)
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\012dz70d.jpw -> Google (avast)
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\012dz70d.jpw -> hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\012dz70d.jpw -> Google (avast)
FF Keyword.URL: Mozilla\Firefox\Profiles\012dz70d.jpw -> hxxps://www.google.com/search/?trackid=sp-006
FF Homepage: Mozilla\Firefox\Profiles\012dz70d.jpw -> hxxps://www.google.com/?trackid=sp-006
FF NewTab: Mozilla\Firefox\Profiles\012dz70d.jpw -> about:newtab
FF Extension: (DownThemAll! AntiContainer) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\anticontainer@downthemall.net.xpi [2012-07-25] [not signed]
FF Extension: (Attachments.me) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\attachments.me@attachments.me.xpi [2011-11-30] [not signed]
FF Extension: (Cleanest Addon Manager) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\cam@sdrocking.com.xpi [2012-08-22] [not signed]
FF Extension: (Mozilla Labs: Contacts) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\contacts@labs.mozilla [2012-09-26] [not signed]
FF Extension: (DoNotTrackPlus) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\donottrackplus@abine.com [2012-09-26] [not signed]
FF Extension: (F1 by Mozilla Labs) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\ffshare@mozilla.org [2012-09-26] [not signed]
FF Extension: (Mozilla Labs: Prospector - Find Suggest) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\find.suggest@prospector.labs.mozilla.xpi [2011-07-25] [not signed]
FF Extension: (Embedded Objects) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\firefox@red-cog.com.xpi [2011-08-21] [not signed]
FF Extension: (Side Tabs) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\jid0-AjzBVlpzVAaBqxcar9QDqMWWAVQ@jetpack.xpi [2012-06-12] [not signed]
FF Extension: (Kindle It) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\jid0-GokC6R49cBZciOKniufAR4QKFWc@jetpack.xpi [2012-05-29] [not signed]
FF Extension: (No Name) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2015-02-06] [not signed]
FF Extension: (OAuthorizer) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\oauthorizer@mozillamessaging.com.xpi [2010-11-16] [not signed]
FF Extension: (Office Black) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\Office2007Black@JBBS.xpi [2012-06-26] [not signed]
FF Extension: (Personas) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\personas@christopher.beard.xpi [2011-12-30] [not signed]
FF Extension: (Mozilla Labs: Prospector - Query Stats) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\query.stats@prospector.labs.mozilla.xpi [2011-07-25] [not signed]
FF Extension: (Avast SafePrice) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\sp@avast.com.xpi [2017-07-11]
FF Extension: (Mozilla Labs: Prospector - Speak Words) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\speak.words@prospector.labs.mozilla.xpi [2011-07-25] [not signed]
FF Extension: (TinEye Reverse Image Search) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\tineye@ideeinc.com.xpi [2011-03-01] [not signed]
FF Extension: (Avast Online Security) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\wrc@avast.com.xpi [2017-09-20]
FF Extension: (FlashGot) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-08-11] [not signed]
FF Extension: (Bookmark All) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\{a76cd07b-f0d7-4ef9-9566-8faef6e290e4}.xpi [2012-04-09] [not signed]
FF Extension: (StumbleUpon) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2012-08-01] [not signed]
FF Extension: (DownloadHelper) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-09-26] [not signed]
FF Extension: (Shine Bright Skin Aero) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi [2012-08-06] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-25] [not signed]
FF Extension: (Tab Mix Plus) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-07-23] [not signed]
FF Extension: (DownThemAll!) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-02-11] [not signed]
FF SearchPlugin: C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\searchplugins\google-avast.xml [2015-02-06]
FF ProfilePath: C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default [2017-08-11]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-cs@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-de@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (English (US) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Español (España) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Finnish Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-fi@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Français Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-fr@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Galego (España) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-gl@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-he@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-hu@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-it@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Japanese Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-ja@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Korean (KR) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-ko@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-nl@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Polski Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-pl@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Russian (RU) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-ru@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-sl@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (српски (sr) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-sr@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2017-08-11] [not signed]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\Win 7 User\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\9m2tzvkv.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2017-08-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-08] [not signed]
FF HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Users\Win 7 User\Dropbox\PortableApps\PortableApps\FreeDownloadManagerPortable\App\FreeDownloadManager\Firefox\Extension => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-26] ()
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1046431522-2320746735-2345803343-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1046431522-2320746735-2345803343-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1046431522-2320746735-2345803343-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Win 7 User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-11] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://outlook.live.com/owa/","hxxps://mail.google.com/mail/u/0/?shva=1#inbox","hxxps://mail.google.com/mail/u/1/#inbox","hxxp://www.tldm.org/","hxxps://www.facebook.com/","hxxps://plus.google.com/u/0/","hxxp://www.drudgereport.com/","hxxp://www.tldm.org/store/admin/","hxxps://www.myvirtualmerchant.com/VirtualMerchant/login.do","hxxps://www.paypal.com/us/home","hxxp://www.newoxfordreview.org/","hxxp://www.pewsitter.com/page_1.html","hxxp://canon212.com/","hxxps://evernote.com/"
CHR NewTab: Default ->  Active:"chrome-extension://pejkokffkapolfffcgbmdmhdelanoaih/index.html", Not-active:"chrome-extension://pejkokffkapolfffcgbmdmhdelanoaih/src/override/override.html"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&atb=v24__
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default [2017-10-21]
CHR Extension: (Slides) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Floorplanner) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2015-03-23]
CHR Extension: (Shredder Chess Free) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelpbbhpcpelmnfablcbcianelefnnbg [2014-08-27]
CHR Extension: (Write Space) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aimodnlfiikjjnmdchihablmkdeobhad [2014-08-27]
CHR Extension: (SEOquake) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2017-10-04]
CHR Extension: (Angry Birds) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-13]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-08-27]
CHR Extension: (Docs) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (MeasureIt!) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma [2014-08-27]
CHR Extension: (Google Drive) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2015-04-14]
CHR Extension: (Session Manager) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2014-08-27]
CHR Extension: (Private Joe - Dungeons) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddhcbcefccaggaloclldffhobmecjfj [2014-08-28]
CHR Extension: (Web Developer) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2017-08-04]
CHR Extension: (YouTube) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2017-10-21]
CHR Extension: (C.H.I.P. Flasher) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpohdfcdfghdcgflomadkijfdgalcgoi [2017-03-22]
CHR Extension: (everymark) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccgmhgakppaknnnnbgkmpdlnpjokhcpb [2014-08-27]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-09-24]
CHR Extension: (OneTab) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-22]
CHR Extension: (uBlock Origin) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-10-18]
CHR Extension: (Kingdom Rush) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim [2014-08-27]
CHR Extension: (Google Search) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (BuiltWith Technology Profiler) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapjbgnjinbpoindlpdmhochffioedbn [2017-04-04]
CHR Extension: (Flag for Chrome) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpojpfdiliekbbiplijcphappgcgjfn [2014-08-27]
CHR Extension: (20 Things I Learned About Browsers & the Web) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfdlnlenokgjjchimonbekcmnofmlibg [2014-08-28]
CHR Extension: (rotoscope) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhimnnhmaanmanmmokfpijgambokcpni [2014-08-27]
CHR Extension: (SoundGecko) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpdaiiodhbjjcfmmflmidbhgibekagi [2014-08-27]
CHR Extension: (NYTimes) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2014-08-27]
CHR Extension: (Session Buddy) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-07-06]
CHR Extension: (Gmail Offline) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-08-27]
CHR Extension: (Box) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-04-30]
CHR Extension: (Avast SafePrice) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-18]
CHR Extension: (Sheets) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Pendule) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkffbkamcejhkcaocmkdeiiccpmjfdi [2014-08-27]
CHR Extension: (Stopwatch) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh [2014-08-27]
CHR Extension: (Google Docs Offline) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Planetarium) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2015-08-07]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2014-08-27]
CHR Extension: (Rapportive) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2017-08-12]
CHR Extension: (Eye Dropper) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2017-09-12]
CHR Extension: (Windscribe - Free VPN and Ad Blocker) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2017-10-15]
CHR Extension: (wikiHow Survival Kit) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl [2014-08-28]
CHR Extension: (World of Solitaire) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn [2014-08-28]
CHR Extension: (SourceKit) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iieeldjdihkpoapgipfkeoddjckopgjg [2016-03-23]
CHR Extension: (Send to Kindle (by Klip.me)) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan [2014-08-27]
CHR Extension: (WhatFont) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2017-05-09]
CHR Extension: (Lost in Tabs) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflfpbmhoejnlfpclaigkejabomphcci [2014-08-27]
CHR Extension: (Zoho Writer) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeidloagadfcohacebhbkkapgpiddj [2017-09-13]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2016-07-12]
CHR Extension: (Grammarly for Chrome) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-10-21]
CHR Extension: (Handcraft) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgpklhhhiiafnocfiikcpffkogjkdmki [2014-08-27]
CHR Extension: (StayFocusd) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2017-09-18]
CHR Extension: (Cheapstamatic) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lamcdjgcnmmghjceofmdaghmgoehlkbn [2014-08-27]
CHR Extension: (Steambirds: Survival) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn [2014-08-27]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-08-27]
CHR Extension: (Sketchpad) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2014-08-27]
CHR Extension: (NaClBox) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnheimjfkanojafofghpkcddhpbbnmac [2014-08-28]
CHR Extension: (Poppit!) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-27]
CHR Extension: (Plants vs Zombies) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2014-08-27]
CHR Extension: (Google Play Books) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-04-25]
CHR Extension: (Desktop, formerly Drive) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2017-02-25]
CHR Extension: (Save to Pocket) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-10-19]
CHR Extension: (Frontline Defense 2 HD) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nincmkjomngcmklpdkmdkioemlhdieim [2014-08-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Buffer) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2017-10-13]
CHR Extension: (SEO for Chrome) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2014-08-27]
CHR Extension: (Todo.ly) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap [2014-08-27]
CHR Extension: (Export Tabs) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\odafagokkafdbbeojliiojjmimakacil [2016-12-19]
CHR Extension: (Scribble - stickies on steroids) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\offpaifnchmpbnjhjbhpdffahlofdkfb [2014-08-28]
CHR Extension: (Image Size Info) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihdhfbfoagfkpcncinlbhfdgpegcigf [2017-02-19]
CHR Extension: (HubSpot Sales) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2017-10-21]
CHR Extension: (Narro) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgloffbopiaokioaeocdkmfolggnkah [2017-07-07]
CHR Extension: (Atari - Missile Command) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobnopfjjndfekinfcddimnjbhjdgmbg [2014-08-27]
CHR Extension: (Unsplash Instant) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejkokffkapolfffcgbmdmhdelanoaih [2017-10-10]
CHR Extension: (Gmail) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-18]
CHR Extension: (Session box - Tabs manager, Sync...) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljdghaomjmmleolekcgcamfpbhekbmc [2014-08-27]
CHR Extension: (Publish5 - DIY Mobile App Creator) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljongdhniobjippcfefmkjnjkcbflfl [2014-08-28]
CHR Extension: (Writer) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2014-08-28]
CHR Extension: (Popout for YouTube™) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofekaindcmmojfnfgbpklepkjfilcep [2017-09-06]
CHR Profile: C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-02-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
StartMenuInternet: Google Chrome.UMT7USTHPQ2MYSW7NVJF3LORQA - C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe
 
Opera: 
=======
StartMenuInternet: (HKLM) Operabeta - C:\Program Files (x86)\Opera Next\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-05] (AVAST Software)
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 BootRacerServ; C:\Program Files (x86)\BootRacer\BootRacerServ.exe [65296 2014-04-30] (Greatis Software, LLC)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13824 2017-10-08] (Cybereason) [File not signed]
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2273432 2017-09-27] (Comodo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [494136 2017-05-01] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [494136 2017-05-01] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-25] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [62464 2006-09-23] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-30] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [409720 2013-06-28] ()
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [321032 2017-10-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-10-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-10-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-10-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47008 2017-10-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147776 2017-10-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-10-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-10-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1020536 2017-10-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [587168 2017-10-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [201352 2017-10-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [363440 2017-10-05] (AVAST Software)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-12-07] (EldoS Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [32840 2017-08-25] (ELAN Microelectronic Corp.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-06-19] (Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-23] (REALiX™)
S1 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47928 2016-06-06] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-10-20] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2017-10-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45504 2017-10-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-21] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2017-10-21] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2015-10-23] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31800 2017-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-08-25] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [59448 2017-05-01] (NVIDIA Corporation)
S3 pbfilter; C:\Users\Win 7 User\Dropbox\PortableApps\PortableApps\PeerBlockPortable\App\PeerBlock\Modern64\pbfilter.sys [22600 2014-01-14] ()
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [79992 2013-07-25] (Paramount Software UK Ltd)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [13944 2013-06-28] (Paramount Software UK Ltd)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R0 SI3112; C:\Windows\System32\DRIVERS\SI3112.sys [83496 2007-06-29] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-06-29] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-06-29] (Silicon Image, Inc)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2017-01-04] (Synaptics Incorporated)
S3 tap0901cn; C:\Windows\System32\DRIVERS\tap0901cn.sys [36224 2015-10-19] (The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-21 19:02 - 2017-10-21 19:04 - 000057438 _____ C:\Users\Win 7 User\Downloads\FRST.txt
2017-10-21 19:02 - 2017-10-21 19:03 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Win 7 User\Downloads\rkill.exe
2017-10-21 19:02 - 2017-10-21 19:03 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Win 7 User\Downloads\rkill (2).exe
2017-10-21 19:02 - 2017-10-21 19:03 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Win 7 User\Downloads\rkill (1).exe
2017-10-21 19:02 - 2017-10-21 19:02 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-10-21 19:02 - 2017-10-21 19:02 - 000000000 ____D C:\FRST
2017-10-21 19:01 - 2017-10-21 19:02 - 002402816 _____ (Farbar) C:\Users\Win 7 User\Downloads\FRST64.exe
2017-10-21 15:04 - 2017-10-21 15:04 - 000000000 __SHD C:\Users\Win 7 User\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2017-10-21 15:04 - 2017-10-21 15:04 - 000000000 ___HD C:\Users\Win 7 User\Documents\xsettingsettings78
2017-10-21 15:04 - 2017-10-21 15:04 - 000000000 ___HD C:\Users\Win 7 User\Documents\2011 Absorted107
2017-10-21 15:03 - 2017-10-21 15:03 - 000523036 ____N C:\Users\Acuq9ql\rejectinn.xlsx
2017-10-21 15:03 - 2017-10-21 15:03 - 000503713 ____N C:\Users\Xcng\expose_comprehend_accompany_appointment.xlsx
2017-10-21 15:03 - 2017-10-21 15:03 - 000230146 ____N C:\Users\Acuq9ql\larger_community_serve.mdb
2017-10-21 15:03 - 2017-10-21 15:03 - 000205007 ____N C:\Users\Xcng\tested tobacco sharpen stroke.mdb
2017-10-21 15:03 - 2017-10-21 15:03 - 000072550 ____N C:\Users\Acuq9ql\functional_discussed.xls
2017-10-21 15:03 - 2017-10-21 15:03 - 000070321 ____N C:\Users\Xcng\snappedmaude.xls
2017-10-21 15:03 - 2017-10-21 15:03 - 000054643 ____N C:\Users\Acuq9ql\includes-apology.pem
2017-10-21 15:03 - 2017-10-21 15:03 - 000050581 ____N C:\Users\Xcng\continental.howard.institute.pem
2017-10-21 15:03 - 2017-10-21 15:03 - 000028286 ____N C:\Users\Acuq9ql\onto participation topic.sql
2017-10-21 15:03 - 2017-10-21 15:03 - 000020969 ____N C:\Users\Xcng\stream-friction-marketing-penny.txt
2017-10-21 15:03 - 2017-10-21 15:03 - 000014711 ____N C:\Users\Xcng\seekrequireddecidedpest.sql
2017-10-21 15:03 - 2017-10-21 15:03 - 000011388 ____N C:\Users\Acuq9ql\amorphous.keeping.acceptable.color.txt
2017-10-21 15:03 - 2017-10-21 15:03 - 000000000 ___HD C:\Users\Xcng
2017-10-21 15:03 - 2017-10-21 15:03 - 000000000 ___HD C:\Users\Acuq9ql
2017-10-21 15:03 - 2017-10-21 15:03 - 000000000 ____D C:\Zscan203
2017-10-21 15:02 - 2017-10-21 15:03 - 000000000 ____D C:\150205 shelper142
2017-10-21 14:17 - 2017-10-21 14:17 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-10-21 14:17 - 2017-10-21 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-10-21 14:17 - 2017-10-21 14:17 - 000000000 ____D C:\Program Files\iPod
2017-10-21 14:14 - 2017-10-21 14:17 - 000000000 ____D C:\Program Files\iTunes
2017-10-21 14:08 - 2017-10-21 14:08 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2017-10-21 14:07 - 2017-10-21 14:08 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-10-21 13:49 - 2017-10-21 13:50 - 061819320 _____ (Malwarebytes ) C:\Users\Win 7 User\Downloads\mbarw-setup-consumer-0.9.18.807.exe
2017-10-21 13:41 - 2017-10-21 13:41 - 000001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-10-21 13:41 - 2017-10-21 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-10-21 13:37 - 2017-10-21 13:37 - 000425304 _____ (Secure By Design Inc.) C:\Users\Win 7 User\Downloads\Ninite LibreOffice VLC Installer.exe
2017-10-21 13:36 - 2017-10-21 13:35 - 000000950 _____ C:\Users\Public\Desktop\PuTTY.lnk
2017-10-21 13:35 - 2017-10-21 13:35 - 000000000 ____D C:\Windows\SysWOW64\Adobe
2017-10-21 13:35 - 2017-10-21 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-10-21 13:35 - 2017-10-21 13:35 - 000000000 ____D C:\Program Files\PuTTY
2017-10-21 13:29 - 2017-10-21 13:29 - 000000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-10-21 13:29 - 2017-10-21 13:29 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2017-10-21 13:27 - 2017-10-21 13:27 - 000425304 _____ (Secure By Design Inc.) C:\Users\Win 7 User\Downloads\Ninite 7Zip Air Everything Java 8 Installer.exe
2017-10-21 12:57 - 2017-10-21 15:01 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-10-20 17:29 - 2017-10-20 17:29 - 000008453 _____ C:\Users\Win 7 User\Desktop\JRT.txt
2017-10-20 17:15 - 2017-10-20 17:15 - 000088228 _____ C:\Users\Win 7 User\Desktop\171020-malware-scan-reboot.txt
2017-10-20 16:42 - 2017-10-21 14:56 - 000000000 ____D C:\AdwCleaner
2017-10-20 16:23 - 2017-10-20 16:23 - 008250832 _____ (Malwarebytes) C:\Users\Win 7 User\Downloads\adwcleaner_7.0.3.1.exe
2017-10-20 16:23 - 2017-10-20 16:23 - 001790024 _____ (Malwarebytes) C:\Users\Win 7 User\Downloads\JRT.exe
2017-10-20 15:46 - 2017-10-20 15:46 - 000091296 _____ C:\Users\Win 7 User\Desktop\171020-malware-scan.txt
2017-10-20 14:51 - 2017-10-21 15:01 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-10-20 14:51 - 2017-10-21 15:01 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-10-20 14:51 - 2017-10-21 15:01 - 000045504 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-10-20 14:51 - 2017-10-20 14:51 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-10-20 14:50 - 2017-10-20 14:50 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-20 14:50 - 2017-10-20 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-20 14:50 - 2017-10-20 14:50 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-20 14:50 - 2017-10-04 13:15 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-10-20 14:49 - 2017-10-20 14:49 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-20 14:15 - 2017-10-20 14:33 - 000000000 ____D C:\Users\Win 7 User\Downloads\2016 Accounting
2017-10-19 16:39 - 2017-10-19 16:40 - 000000774 _____ C:\Windows\ST5UNST.000
2017-10-19 16:38 - 2017-10-19 16:39 - 000000000 ____D C:\bayside-cd
2017-10-19 11:46 - 2017-10-19 11:46 - 000000000 ____D C:\Users\Win 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-15 13:52 - 2017-10-15 13:52 - 003286519 _____ C:\Users\Win 7 User\Downloads\government-explained.mov
2017-10-13 17:54 - 2017-10-13 17:54 - 000001176 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-10-13 16:05 - 2017-10-13 16:05 - 000160502 _____ C:\Users\Win 7 User\Downloads\581.zip
2017-10-11 17:14 - 2017-10-11 17:14 - 000696832 _____ (Simon Tatham) C:\Users\Win 7 User\Downloads\kitty (2).exe
2017-10-11 17:12 - 2017-10-11 17:13 - 000696832 _____ (Simon Tatham) C:\Users\Win 7 User\Downloads\kitty (1).exe
2017-10-11 11:32 - 2017-10-11 11:32 - 000000000 ____D C:\Program Files (x86)\Comodo
2017-10-10 18:09 - 2017-10-10 18:09 - 000003992 _____ C:\Windows\System32\Tasks\Cybereason RansomFree Keepalive
2017-10-10 18:08 - 2017-10-10 18:08 - 000003098 _____ C:\Windows\System32\Tasks\Cybereason RansomFree Autostart
2017-10-10 18:08 - 2017-10-10 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cybereason RansomFree
2017-10-10 13:37 - 2017-10-10 13:37 - 000565154 _____ C:\Users\Win 7 User\Downloads\SecureMessage.pdf
2017-10-05 14:20 - 2017-10-05 14:20 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-10-04 17:48 - 2017-10-04 17:48 - 014750910 _____ C:\Users\Win 7 User\Downloads\session_buddy_backup_2017_10_04_17_48_21.json
2017-10-02 13:34 - 2017-10-02 13:34 - 007905536 _____ (Tim Kosse) C:\Users\Win 7 User\Downloads\FileZilla_3.28.0_win64-setup.exe
2017-09-28 15:50 - 2017-09-28 15:50 - 000000066 _____ C:\Users\Win 7 User\.gitconfig
2017-09-28 15:49 - 2017-10-19 15:51 - 000000000 ____D C:\Users\Win 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Axosoft, LLC
2017-09-28 15:49 - 2017-09-28 15:51 - 000000000 ____D C:\Users\Win 7 User\AppData\Roaming\.gitkraken
2017-09-28 15:49 - 2017-09-28 15:49 - 000000000 ____D C:\Users\Win 7 User\AppData\Roaming\GitKraken
2017-09-28 15:48 - 2017-10-19 15:50 - 000000000 ____D C:\Users\Win 7 User\AppData\Local\gitkraken
2017-09-28 15:46 - 2017-09-28 15:47 - 100515024 _____ (Axosoft, LLC) C:\Users\Win 7 User\Downloads\GitKrakenSetup.exe
2017-09-28 15:44 - 2017-09-28 15:44 - 000000000 ____D C:\Users\Win 7 User\AppData\Local\Atlassian
2017-09-28 15:43 - 2017-09-28 15:44 - 000000000 ____D C:\Users\Win 7 User\AppData\Local\SourceTree
2017-09-28 15:42 - 2017-09-28 15:43 - 020062024 _____ (Atlassian) C:\Users\Win 7 User\Downloads\SourceTreeSetup-2.3.1.0.exe
2017-09-22 18:17 - 2017-09-22 18:17 - 000001458 _____ C:\Users\Public\Desktop\LibreOffice 5.4.lnk
2017-09-22 18:17 - 2017-09-22 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-21 18:45 - 2015-05-15 12:27 - 000000938 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1046431522-2320746735-2345803343-1001UA.job
2017-10-21 18:26 - 2016-11-23 17:15 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-10-21 15:06 - 2009-07-14 00:45 - 000031920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-21 15:06 - 2009-07-14 00:45 - 000031920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-21 15:04 - 2015-02-05 15:52 - 000000400 __RSH C:\ProgramData\ntuser.pol
2017-10-21 15:04 - 2014-08-07 12:56 - 000000000 ____D C:\ProgramData\BootRacer
2017-10-21 15:04 - 2014-08-06 14:46 - 000001106 ____H C:\Users\Public\Documents\bootracer.ini
2017-10-21 15:03 - 2016-12-13 14:49 - 000000000 ____D C:\Users\Win 7 User\AppData\Roaming\Resilio Sync
2017-10-21 15:03 - 2016-03-22 13:40 - 000000000 ____D C:\Users\Win 7 User\AppData\Roaming\SyncTrayzor
2017-10-21 15:03 - 2015-05-15 12:26 - 000000000 ____D C:\Users\Win 7 User\AppData\Local\Dropbox
2017-10-21 15:03 - 2014-08-07 12:52 - 003682304 ____H C:\Users\Public\Documents\bootracer.his
2017-10-21 15:02 - 2012-09-26 10:20 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-21 14:57 - 2014-08-06 14:46 - 000000000 ____D C:\Program Files (x86)\BootRacer
2017-10-21 14:57 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-21 14:23 - 2015-09-17 12:58 - 000306894 _____ C:\Windows\ntbtlog.txt
2017-10-21 14:14 - 2015-06-02 12:59 - 000000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2017-10-21 14:12 - 2013-06-07 12:44 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-10-21 14:09 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-10-21 14:08 - 2013-05-20 14:32 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-10-21 13:43 - 2015-03-27 16:13 - 000000000 ____D C:\Users\Win 7 User\AppData\Local\CrashDumps
2017-10-21 13:40 - 2013-02-13 14:35 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2017-10-21 13:36 - 2016-11-16 12:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-10-21 13:33 - 2014-11-03 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-21 13:33 - 2013-04-02 12:16 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-21 13:31 - 2012-10-02 20:47 - 000000000 ___RD C:\Users\Win 7 User\Dropbox
2017-10-21 13:30 - 2014-11-03 13:30 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-10-21 13:29 - 2014-11-24 13:04 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-10-21 13:29 - 2012-09-26 11:42 - 000000000 ____D C:\ProgramData\Adobe
2017-10-21 13:28 - 2012-10-03 17:06 - 000000000 ____D C:\Users\Win 7 User\AppData\Local\Adobe
2017-10-21 13:08 - 2009-07-14 01:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-21 12:52 - 2014-02-16 13:24 - 000000000 ____D C:\ProgramData\IObit
2017-10-21 11:40 - 2015-05-15 12:26 - 000000886 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1046431522-2320746735-2345803343-1001Core.job
2017-10-20 16:56 - 2017-06-20 17:33 - 000000000 ____D C:\Users\Win 7 User\AppData\Local\Everything
2017-10-20 16:56 - 2014-08-29 10:25 - 000000000 ____D C:\Users\Win 7 User\AppData\Roaming\Everything
2017-10-20 16:44 - 2015-04-19 16:43 - 000000600 _____ C:\Users\Win 7 User\AppData\Local\PUTTY.RND
2017-10-20 16:44 - 2014-03-28 16:48 - 000000000 ____D C:\Users\Win 7 User\AppData\Roaming\FileZilla
2017-10-20 16:42 - 2015-10-16 12:50 - 000000000 ____D C:\Users\Win 7 User\AbiSuite
2017-10-20 14:50 - 2013-06-21 12:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-20 11:24 - 2016-03-22 13:41 - 000000000 ____D C:\Users\Win 7 User\AppData\Local\Syncthing
2017-10-19 16:39 - 2012-11-16 20:03 - 000000000 ____D C:\Users\Win 7 User\AppData\Roaming\TeraCopy
2017-10-19 16:26 - 2016-11-01 12:25 - 000000000 ____D C:\Users\Win 7 User\AppData\Roaming\ghostwriter
2017-10-19 11:46 - 2012-10-02 20:45 - 000000000 ____D C:\Users\Win 7 User\AppData\Roaming\Dropbox
2017-10-17 18:14 - 2017-08-16 16:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2017-10-17 18:14 - 2017-08-16 16:01 - 000000000 ____D C:\Program Files\Microsoft VS Code
2017-10-17 15:02 - 2016-11-23 17:16 - 000000000 ____D C:\Users\Win 7 User\AppData\LocalLow\Mozilla
2017-10-15 13:58 - 2013-02-21 13:25 - 000000000 ____D C:\Users\Win 7 User\AppData\Roaming\dvdcss
2017-10-15 13:58 - 2013-02-13 14:36 - 000000000 ____D C:\Users\Win 7 User\AppData\Roaming\vlc
2017-10-13 17:54 - 2012-09-26 16:26 - 000001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2017-10-13 17:54 - 2012-09-26 16:25 - 000000000 ____D C:\Program Files\Paint.NET
2017-10-13 17:16 - 2010-04-23 12:26 - 000000000 ____D C:\Users\Win 7 User\Downloads\Directives
2017-10-13 11:45 - 2016-11-23 17:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-13 11:45 - 2012-09-25 09:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-12 14:34 - 2017-06-01 11:42 - 000003852 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1372267320
2017-10-12 14:34 - 2013-06-26 13:22 - 000000000 ____D C:\Program Files (x86)\Opera Next
2017-10-10 12:50 - 2017-03-06 13:47 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-10-05 14:20 - 2015-02-06 12:37 - 000587168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-10-05 14:20 - 2015-02-06 12:37 - 000363440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-10-05 14:20 - 2015-02-06 12:37 - 000201352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-10-05 14:20 - 2015-02-06 12:37 - 000147776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-10-05 14:20 - 2015-02-06 12:37 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-10-05 14:20 - 2015-02-06 12:37 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-10-05 14:20 - 2015-02-06 12:37 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-10-05 14:20 - 2015-02-06 12:36 - 001020536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-10-05 14:20 - 2015-02-06 12:29 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-05 14:19 - 2017-03-06 13:46 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-10-05 14:19 - 2017-03-06 13:46 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-10-05 14:19 - 2017-03-06 13:46 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-10-05 14:19 - 2017-03-06 13:46 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-10-03 11:19 - 2017-08-15 12:16 - 000002097 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2017-10-03 11:19 - 2014-03-28 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-10-03 11:19 - 2014-03-28 16:48 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2017-10-02 13:45 - 2017-08-07 16:21 - 000000930 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2017-10-02 13:45 - 2013-07-19 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2017-10-02 13:45 - 2013-07-19 12:21 - 000000000 ____D C:\Program Files\Calibre2
2017-10-02 13:38 - 2013-07-19 12:23 - 000000000 ____D C:\Users\Win 7 User\Documents\Calibre Library
2017-09-28 15:53 - 2008-08-08 14:15 - 000000000 ____D C:\Users\Win 7 User\Documents\TLDM work
2017-09-28 15:50 - 2012-09-24 11:55 - 000000000 ____D C:\Users\Win 7 User
2017-09-28 15:49 - 2016-03-31 14:26 - 000000000 ____D C:\Users\Win 7 User\AppData\Local\SquirrelTemp
2017-09-28 15:18 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2017-09-25 12:49 - 2012-09-26 10:26 - 000130144 _____ C:\Users\Win 7 User\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-25 12:47 - 2009-07-14 00:45 - 000493448 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-22 18:16 - 2016-07-01 18:34 - 000000000 ____D C:\Program Files\LibreOffice 5
2017-09-22 11:33 - 2012-09-26 10:53 - 000002415 _____ C:\Users\Win 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2014-07-29 12:29 - 2017-06-27 14:26 - 000000231 _____ () C:\Users\Win 7 User\AppData\Roaming\Rim.Desktop.Exception.log
2014-07-29 12:28 - 2014-07-29 12:28 - 000001153 _____ () C:\Users\Win 7 User\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-07-29 12:29 - 2017-06-27 14:26 - 000000231 _____ () C:\Users\Win 7 User\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-09-24 10:40 - 2014-09-24 10:44 - 000000168 _____ () C:\Users\Win 7 User\AppData\Roaming\SBAMWsc.log
2015-04-19 16:43 - 2017-10-20 16:44 - 000000600 _____ () C:\Users\Win 7 User\AppData\Local\PUTTY.RND
2017-08-02 14:26 - 2016-09-23 16:54 - 000000218 _____ () C:\Users\Win 7 User\AppData\Local\recently-used.xbel
2012-09-26 10:12 - 2012-09-26 16:52 - 000007606 _____ () C:\Users\Win 7 User\AppData\Local\Resmon.ResmonCfg
2014-03-07 17:50 - 2014-03-07 17:50 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-04 14:43 - 2017-01-24 12:55 - 000005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-04 14:43 - 2017-01-24 12:34 - 000002938 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
 
Some files in TEMP:
====================
2017-03-03 17:43 - 2017-03-03 17:43 - 000006144 _____ (code.kliu.org) C:\Users\Win 7 User\AppData\Local\Temp\2744.tmp.exe
2016-06-30 19:21 - 2016-06-30 19:22 - 000003584 _____ () C:\Users\Win 7 User\AppData\Local\Temp\ag8alp7k.dll
2015-07-27 12:48 - 2015-07-27 12:50 - 250329200 _____ (AMD Inc.) C:\Users\Win 7 User\AppData\Local\Temp\amd-catalyst-15.7-without-dotnet45-win7-64bit.exe
2015-09-17 14:14 - 2015-09-17 14:16 - 250420000 _____ (AMD Inc.) C:\Users\Win 7 User\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe
2015-09-17 13:21 - 2015-09-17 13:21 - 001112576 _____ () C:\Users\Win 7 User\AppData\Local\Temp\AMDCleanupUtility.exe
2015-07-27 12:47 - 2015-07-22 12:23 - 006254592 _____ (Advanced Micro Devices, Inc.) C:\Users\Win 7 User\AppData\Local\Temp\AutoDetectUtilApp.exe
2015-09-17 13:21 - 2015-09-17 13:21 - 000232960 _____ () C:\Users\Win 7 User\AppData\Local\Temp\Cleanup.dll
2015-09-17 13:21 - 2015-09-17 13:21 - 000065536 _____ (Windows ® Server 2003 DDK provider) C:\Users\Win 7 User\AppData\Local\Temp\ddu.exe
2015-09-17 13:21 - 2015-09-17 13:21 - 000414152 _____ (Microsoft Corporation) C:\Users\Win 7 User\AppData\Local\Temp\difxapi.dll
2015-12-01 12:48 - 2015-12-01 12:48 - 000071168 _____ () C:\Users\Win 7 User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgtbrgc.dll
2016-08-15 16:42 - 2016-08-15 16:42 - 000006144 _____ (code.kliu.org) C:\Users\Win 7 User\AppData\Local\Temp\E2B6.tmp.exe
2017-07-21 13:13 - 2017-07-21 13:13 - 004043712 _____ (Geek Unіnstaller) C:\Users\Win 7 User\AppData\Local\Temp\geek64.exe
2016-01-20 11:41 - 2016-01-20 11:41 - 000000000 _____ () C:\Users\Win 7 User\AppData\Local\Temp\GUR2CF8.exe
2017-06-01 11:37 - 2017-06-01 11:37 - 000739904 _____ (Oracle Corporation) C:\Users\Win 7 User\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-08-16 10:39 - 2017-08-16 10:39 - 000740416 _____ (Oracle Corporation) C:\Users\Win 7 User\AppData\Local\Temp\jre-8u144-windows-au.exe
2015-09-17 13:21 - 2015-09-17 13:21 - 000516096 _____ (Microsoft Corporation) C:\Users\Win 7 User\AppData\Local\Temp\msvcm80.dll
2015-09-17 13:21 - 2015-09-17 13:21 - 001061376 _____ (Microsoft Corporation) C:\Users\Win 7 User\AppData\Local\Temp\msvcp80.dll
2015-09-17 13:21 - 2015-09-17 13:21 - 000796672 _____ (Microsoft Corporation) C:\Users\Win 7 User\AppData\Local\Temp\msvcr80.dll
2015-05-28 13:41 - 2015-05-28 13:41 - 006944290 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.6.7.8.2.Installer.exe
2015-07-01 13:24 - 2015-07-01 13:24 - 007000049 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.6.7.9.2.Installer.exe
2015-08-31 14:38 - 2015-08-31 14:38 - 005621420 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.6.8.1.Installer.exe
2015-09-15 17:07 - 2015-09-15 17:07 - 005311104 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.6.8.3.Installer.exe
2015-11-30 12:27 - 2015-11-30 12:28 - 004103179 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.6.8.6.Installer.exe
2015-12-30 14:22 - 2015-12-30 14:22 - 004121418 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.6.8.8.Installer.exe
2016-04-16 16:52 - 2016-04-16 16:52 - 004203840 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.6.9.1.Installer.exe
2016-06-01 10:35 - 2016-06-01 10:35 - 004211112 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.6.9.2.Installer.exe
2016-03-01 11:56 - 2016-03-01 11:56 - 004204144 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.6.9.Installer.exe
2016-10-31 15:02 - 2016-10-31 15:02 - 002842320 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.7.1.Installer.exe
2016-12-02 11:58 - 2016-12-02 11:58 - 002858376 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.7.2.2.Installer.exe
2017-03-06 13:43 - 2017-03-06 13:43 - 002903480 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.7.3.2.Installer.exe
2017-03-21 14:00 - 2017-03-21 14:00 - 002982992 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.7.3.3.Installer.exe
2017-06-05 12:08 - 2017-06-05 12:09 - 002990616 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.7.4.1.Installer.exe
2017-07-05 17:11 - 2017-07-05 17:11 - 003051288 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.7.4.2.Installer.exe
2017-09-05 12:10 - 2017-09-05 12:11 - 002885168 _____ () C:\Users\Win 7 User\AppData\Local\Temp\npp.7.5.1.Installer.exe
2015-09-17 12:11 - 2015-09-17 14:24 - 060685368 _____ () C:\Users\Win 7 User\AppData\Local\Temp\raptrpatch.exe
2015-09-17 12:11 - 2015-09-17 14:23 - 000221632 _____ () C:\Users\Win 7 User\AppData\Local\Temp\raptr_stub.exe
2017-05-01 11:51 - 2017-05-01 11:51 - 000192512 _____ () C:\Users\Win 7 User\AppData\Local\Temp\sfamcc00001.dll
2017-05-01 11:51 - 2017-05-01 11:51 - 000158720 _____ () C:\Users\Win 7 User\AppData\Local\Temp\sfareca00001.dll
2015-02-10 13:56 - 2015-02-10 13:56 - 000105984 _____ () C:\Users\Win 7 User\AppData\Local\Temp\sfextra.dll
2015-09-17 11:37 - 2015-09-17 11:39 - 250413440 _____ (AMD Inc.) C:\Users\Win 7 User\AppData\Local\Temp\tmpA015.exe
2016-04-06 10:19 - 2016-04-06 10:19 - 008955384 _____ (BitTorrent, Inc.) C:\Users\Win 7 User\AppData\Local\Temp\utt980A.tmp.exe
2016-06-13 10:57 - 2016-06-13 10:58 - 030533688 _____ () C:\Users\Win 7 User\AppData\Local\Temp\vlc-2.2.4-win32.exe
2016-11-16 12:37 - 2017-05-01 12:14 - 007178424 _____ (VS Revo Group                                               ) C:\Users\Win 7 User\AppData\Local\Temp\VSUSetup.exe
2015-08-02 19:58 - 2015-08-02 19:58 - 000118784 _____ () C:\Users\Win 7 User\AppData\Local\Temp\xmlUpdater.exe
2016-08-31 16:38 - 2016-08-31 16:41 - 070507048 _____ (Dropbox, Inc.) C:\Users\Win 7 User\AppData\Local\Temp\{20DD5D4C-4FEA-42DF-AB56-0E508B130163}-DropboxClient_10.3.19.exe
2015-07-03 12:32 - 2015-07-03 12:33 - 050023688 _____ (Dropbox, Inc.) C:\Users\Win 7 User\AppData\Local\Temp\{2B455117-7EBC-4C63-B80F-5DFA06CEC06E}-DropboxClient_3.6.8.exe
2016-09-08 15:38 - 2016-09-08 15:40 - 070507976 _____ (Dropbox, Inc.) C:\Users\Win 7 User\AppData\Local\Temp\{33114F5F-05AF-4660-9AB7-BF1EA3E1CC95}-DropboxClient_10.3.22.exe
2015-06-08 11:32 - 2015-06-08 11:33 - 050017664 _____ (Dropbox, Inc.) C:\Users\Win 7 User\AppData\Local\Temp\{8C8DBAF0-242C-43D8-9A46-F40181487EC6}-DropboxClient_3.6.6.exe
2016-05-18 11:38 - 2016-05-18 11:40 - 069024584 _____ (Dropbox, Inc.) C:\Users\Win 7 User\AppData\Local\Temp\{A4310BFB-D918-4326-BD43-F2E1974BF018}-DropboxClient_4.3.25.exe
2016-08-26 12:38 - 2016-08-26 12:40 - 070322128 _____ (Dropbox, Inc.) C:\Users\Win 7 User\AppData\Local\Temp\{A6829911-9ABA-4B25-A575-88D61E7343AE}-DropboxClient_9.3.45.exe
2015-03-02 12:44 - 2015-03-02 12:44 - 002158138 _____ () C:\Users\Win 7 User\AppData\Local\Temp\{AA5E42F2-D3DD-4F57-9542-FDD36A2F4722}-43.0.2319.0_chrome_installer_win64.exe
2016-08-23 13:38 - 2016-08-23 13:40 - 070320520 _____ (Dropbox, Inc.) C:\Users\Win 7 User\AppData\Local\Temp\{C874BCC0-3129-41BE-801F-9C382984115D}-DropboxClient_9.3.44.exe
2015-08-26 13:38 - 2015-08-26 13:40 - 048883840 _____ (Dropbox, Inc.) C:\Users\Win 7 User\AppData\Local\Temp\{E9E4C14F-6FD3-4903-9A24-792F676660E4}-DropboxClient_3.8.8.exe
2016-06-03 12:38 - 2016-06-03 12:40 - 069214768 _____ (Dropbox, Inc.) C:\Users\Win 7 User\AppData\Local\Temp\{FD0510FE-DB57-43DA-A09D-E9833D6501BF}-DropboxClient_5.3.19.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-10-20 17:47
 
==================== End of FRST.txt ============================
 
 


BC AdBot (Login to Remove)

 


#2 JohnBlood

JohnBlood
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 23 October 2017 - 12:21 PM

There is the Additional.txt content. I couldn't post both the forum said it was too long:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2017
Ran by Win 7 User (21-10-2017 19:05:34)
Running from C:\Users\Win 7 User\Downloads
Windows 7 Professional Service Pack 1 (X64) (2012-09-24 15:55:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1046431522-2320746735-2345803343-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1046431522-2320746735-2345803343-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1046431522-2320746735-2345803343-1002 - Limited - Enabled)
Win 7 User (S-1-5-21-1046431522-2320746735-2345803343-1001 - Administrator - Enabled) => C:\Users\Win 7 User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: ThreatTrack Security VIPRE (Disabled - Out of date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Disabled - Out of date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\uTorrent) (Version: 3.4.1.31395 - BitTorrent Inc.)
7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.53 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Atom (HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\atom) (Version: 1.6.1 - GitHub Inc.)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 6.0.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 3.0.2) (Version: 3.0.2 - Avery Products Corporation)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}) (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Device Manager 7.0 (HKLM-x32\...\{4229F016-3A60-439E-B626-DE4BD457469F}) (Version: 7.0.0.40 - Research In Motion Ltd.) Hidden
BlackBerry Device Manager 7.0 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.0.0.40 - Research In Motion Ltd.)
BlueGriffon version 2.3.1 (HKLM-x32\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 2.3.1 - Disruptive Innovations SAS)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Hidden
BootRacer (HKLM-x32\...\{C38A685C-434B-4EE4-8C4A-AEDCA6876489}) (Version: 4.7.1.372 - Greatis Software, LLC)
Brackets (HKLM-x32\...\{1E8FE8D5-B532-4320-83D8-DA83B8E7F608}) (Version: 1.10 - brackets.io)
Brave (HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Brave) (Version: 0.15.2 - Brave Software)
calibre 64bit (HKLM\...\{785A4AD2-80CC-4B6D-B586-10E3ABE6C098}) (Version: 3.8.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6521 - CDBurnerXP)
Clementine (HKLM-x32\...\Clementine) (Version: 1.3.1 - Clementine)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 58.0.3029.115 - Comodo)
CuneiForm OpenOCR (HKLM-x32\...\{2C695618-6950-4C88-B836-A4FE7DD7FC9F}) (Version: 01.08.1006 - Cognitive Technologies)
Cyberduck (HKLM-x32\...\{2fa0561e-1740-462e-8f97-a1a830c6173a}) (Version: 6.2.0.25806 - iterate GmbH)
Cyberduck (HKLM-x32\...\{F85A9407-224B-4BBB-9454-C05FC9F56A84}) (Version: 6.2.0.25806 - iterate GmbH) Hidden
Cybereason RansomFree 2.4.1.0 (HKLM-x32\...\{88BF86F8-A656-4397-B4CE-9C5956E82B1A}) (Version: 2.4.1.0 - Cybereason Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DeVeDe (HKLM-x32\...\{D1BCDFB2-D631-4AD5-9CA1-B86E01E1AC62}) (Version: 3.17.1 - MajorSilence)
Diamond Multimedia 12.10 5400-6900 & 7300 & 7700-7900 PCIe Win7-8Vista (HKLM-x32\...\Diamond Multimedia 12.10 5400-6900 & 7300 & 7700-7900 PCIe Win7-8Vista) (Version: 8.0.891.0 - Diamond Multimedia)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.60.000 - Runtime Software)
Driver Booster 4.5 (HKLM-x32\...\Driver Booster_is1) (Version: 4.5.0 - IObit)
Dropbox (HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Dropbox) (Version: 38.3.21 - Dropbox, Inc.)
dupeGuru (HKLM\...\{C11DACBD-8863-4AA4-94AD-708602F6F7EF}) (Version: 3.9.1 - Hardcoded Software)
Duplicate Cleaner Free 3.1.5 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.1.5 - DigitalVolcano Software Ltd) <==== ATTENTION
Duplicate Files Finder (HKLM-x32\...\Duplicate Files Finder) (Version:  - )
DVD Architect Studio 5.0 (HKLM-x32\...\{42C509F1-C451-11E1-AEC9-F04DA23A5C58}) (Version: 5.0.161 - Sony)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etcher (HKLM-x32\...\Etcher) (Version: v1.0.0-beta.3 - Resin.io)
Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
Fedora Project - Fedora Media Writer - Tool to write Fedora images to flash drives (HKLM-x32\...\Fedora Media Writer) (Version: "${VERSIONMAJOR}.${VERSIONMINOR}.${VERSIONBUILD}" - "Fedora Project")
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FileZilla Client 3.28.0 (HKLM-x32\...\FileZilla Client) (Version: 3.28.0 - Tim Kosse)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version:  - )
ghostwriter version 1.5.0 (HKLM-x32\...\{096AA89D-0275-4F5B-B144-7A0A6E9D614B}_is1) (Version: 1.5.0 - wereturtle)
gImageReader (HKLM-x32\...\gImageReader) (Version: 3.1.2 - Sandro Mani)
GitKraken (HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\gitkraken) (Version: 3.1.2 - Axosoft, LLC)
Glary Utilities 5.78 (HKLM-x32\...\Glary Utilities 5) (Version: 5.78.0.99 - Glarysoft Ltd)
Google Chrome (HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
ImageMagick 6.9.1-7 Q16 (64-bit) (2015-07-04) (HKLM\...\ImageMagick 6.9.1 Q16 (64-bit)_is1) (Version: 6.9.1 - ImageMagick Studio LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
iZotope Audio Enhancer (HKLM-x32\...\iZotope Audio Enhancer_is1) (Version: 1.00 - iZotope, Inc.)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
LibreOffice 5.4.1.2 (HKLM\...\{C16F4B36-C5D5-4B14-B9A9-9ECA3C35C22A}) (Version: 5.4.1.2 - The Document Foundation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Macrium Reflect Free Edition (HKLM\...\{C2030F34-5C13-4B42-891E-D9CF2AA89604}) (Version: 5.2.6348 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MarkdownPad 2 (HKLM-x32\...\{631321CE-ED43-44DB-BCDE-BDAC0FF5F383}) (Version: 2.5.0.27920 - Apricity Software LLC) Hidden
MarkdownPad 2 (HKLM-x32\...\MarkdownPad 2 2.5.0.27920) (Version: 2.5.0.27920 - Apricity Software LLC)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Publisher 2007 (HKLM-x32\...\PUBLISHERR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM\...\{EA457B21-F73E-494C-ACAB-524FDE069978}_is1) (Version: 1.17.2 - Microsoft Corporation)
MiniBin 6.2.0.0 (HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\MiniBin) (Version: 6.2.0.0 - Mike Edward Moras (e-sushi™))
MIT App Inventor Tools 2.3.0 (HKLM-x32\...\MIT App Inventor Tools) (Version: 2.3.0 - Massachusetts Institute of Technology)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{FE052581-1CD8-11E2-B617-F04DA23A5C58}) (Version: 12.0.576 - Sony)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
multibootusb (remove only) (HKLM-x32\...\multibootusb) (Version:  - )
MultiMarkdown 5.4.0 (HKLM-x32\...\MultiMarkdown 5.4.0) (Version: 5.4.0 - Fletcher T. Penney)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.5.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Opera beta 49.0.2725.18 (HKLM-x32\...\Opera 49.0.2725.18) (Version: 49.0.2725.18 - Opera Software)
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC)
Pandoc 1.18 (HKLM-x32\...\{9519E30D-A3B2-4F17-95E0-F1D83F973006}) (Version: 1.18 - John MacFarlane)
PhoneGap Desktop version 0.2.3 (HKLM-x32\...\com.adobe.phonegap.desktop_is1) (Version: 0.2.3 - Adobe Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
PVSonyDll (HKLM\...\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}) (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Python 2.7 PyGTK 2.24.2 (HKLM-x32\...\{09F82967-D26B-48AC-830E-33191EC177C8}) (Version: 2.24.2 - hxxp://www.pygtk.org/)
Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
qBittorrent 3.3.13 (HKLM-x32\...\qBittorrent) (Version: 3.3.13 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
QupZilla 2.0.1 (HKLM-x32\...\QupZilla) (Version: 2.0.1 - QupZilla Team)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Resilio Sync (HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Resilio Sync) (Version: 2.5.6 - Resilio, Inc.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 5.1 - Screaming Frog Ltd)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0360 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
Sigil 0.9.5 (HKLM\...\Sigil_is1) (Version:  - Sigil-Ebook)
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{75648F62-925B-11E2-B9EF-F04DA23A5C58}) (Version: 10.0.245 - Sony)
SourceTree (HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\SourceTree) (Version: 2.3.1 - Atlassian)
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncTrayzor (x64) version 1.1.18.0 (HKLM\...\{c004dcef-b848-46a5-9c30-4dbf736396fa}_is1) (Version: 1.1.18.0 - SyncTrayzor)
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
TagScanner 5.1.663 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
Tera Term 4.82 (HKLM-x32\...\Tera Term_is1) (Version:  - )
TeraCopy version 3.2 (HKLM\...\TeraCopy_is1) (Version: 3.2 - Code Sector)
Traffic Travis 4.1.0 (HKLM-x32\...\Traffic Travis 4.1 Setup Wizard_is1) (Version:  - Affilorama Ltd.)
TweetDeck (HKLM-x32\...\{B2F34D92-C5CF-4801-90CB-D04A5634B334}) (Version: 1.5.3 - Twitter, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIPRE Antivirus (HKLM-x32\...\{93A32543-0107-4885-A754-70B687522AF4}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
VIPRE Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
Vivaldi (HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Vivaldi) (Version: 1.0.83.38 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Web Comic Downloader (HKLM-x32\...\{3B7F280B-84F4-4A14-927A-2AEBC8676998}_is1) (Version: 2.7.0.0 - Sierra Softworks)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
Windows Driver Package - libusbK C.H.I.P. Flashing Mode (04/27/2014 3.0.7.0) (HKLM\...\57AA0B05B88B8102650E2DB9E2DB809E7E348E8F) (Version: 04/27/2014 3.0.7.0 - libusbK)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
xrecode II 1.0.0.223 (HKLM-x32\...\{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{581FFA00-FC33-0006-0502-95003A5CDE89}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Resilio Sync\ShellExtensionPath64_413.dll ()
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{581FFA01-FC33-0006-0502-95003A5CDE89}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Resilio Sync\ShellExtensionPath64_413.dll ()
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!BTSync2.3.3Done] -> {581FFA04-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll [2016-02-24] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.3RO] -> {581FFA03-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll [2016-02-24] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.3RW] -> {581FFA02-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll [2016-02-24] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.6Done] -> {581FFA04-FC33-0006-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_17A.dll [2016-04-06] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.6RO] -> {581FFA03-FC33-0006-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_17A.dll [2016-04-06] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.6RW] -> {581FFA02-FC33-0006-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_17A.dll [2016-04-06] ()
ShellIconOverlayIdentifiers: [!Resilio Sync 2.4.4Done] -> {581FFA04-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll [2016-12-13] ()
ShellIconOverlayIdentifiers: [!Resilio Sync 2.4.4RO] -> {581FFA03-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll [2016-12-13] ()
ShellIconOverlayIdentifiers: [!Resilio Sync 2.4.4RW] -> {581FFA02-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll [2016-12-13] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.3Done] -> {581FFA04-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll [2016-02-24] ()
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.3RO] -> {581FFA03-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll [2016-02-24] ()
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.3RW] -> {581FFA02-FC33-0003-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll [2016-02-24] ()
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.6Done] -> {581FFA04-FC33-0006-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_17A.dll [2016-04-06] ()
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.6RO] -> {581FFA03-FC33-0006-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_17A.dll [2016-04-06] ()
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.6RW] -> {581FFA02-FC33-0006-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_17A.dll [2016-04-06] ()
ShellIconOverlayIdentifiers-x32: [!Resilio Sync 2.4.4Done] -> {581FFA04-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll [2016-12-13] ()
ShellIconOverlayIdentifiers-x32: [!Resilio Sync 2.4.4RO] -> {581FFA03-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll [2016-12-13] ()
ShellIconOverlayIdentifiers-x32: [!Resilio Sync 2.4.4RW] -> {581FFA02-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll [2016-12-13] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-13] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-08-28] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers1: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => C:\Program Files (x86)\VIPRE\x64\SBFE.dll [2013-09-05] (ThreatTrack Security, Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2013-07-24] (Paramount Software UK Ltd)
ContextMenuHandlers1: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2013-09-05] (ThreatTrack Security, Inc.)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers1: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2013-07-24] (Paramount Software UK Ltd)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers2: [TeraCopyS64] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers4: [FileEraserShellExt] -> {D29FEC44-36A2-4865-AE5E-175C61587F1D} => C:\Program Files (x86)\VIPRE\x64\SBFE.dll [2013-09-05] (ThreatTrack Security, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [SBAMScanShellExt] -> {D47F1671-0EAA-4c02-8AC9-960BB08DB951} => C:\Program Files (x86)\VIPRE\x64\sbamscanshellext.dll [2013-09-05] (ThreatTrack Security, Inc.)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers4: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers5: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-05] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (The Eraser Project)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers6: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers1_S-1-5-21-1046431522-2320746735-2345803343-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-13] (Dropbox, Inc.)
ContextMenuHandlers1_S-1-5-21-1046431522-2320746735-2345803343-1001: [Resilio Sync 2.5.6] -> {581FFA00-FC33-0006-0502-95003A5CDE89} => C:\Users\Win 7 User\AppData\Roaming\Resilio Sync\ShellExtensionPath64_413.dll [2017-07-18] ()
ContextMenuHandlers4_S-1-5-21-1046431522-2320746735-2345803343-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-13] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1046431522-2320746735-2345803343-1001: [Resilio Sync 2.5.6] -> {581FFA00-FC33-0006-0502-95003A5CDE89} => C:\Users\Win 7 User\AppData\Roaming\Resilio Sync\ShellExtensionPath64_413.dll [2017-07-18] ()
ContextMenuHandlers5_S-1-5-21-1046431522-2320746735-2345803343-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-10-13] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FCF735E-E58A-42E3-AFD0-C61FFB3C8485} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-26] (Adobe Systems Incorporated)
Task: {1062F9F2-63FF-4753-8ADF-DE09B38098FF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-01] (NVIDIA Corporation)
Task: {12E818C3-1496-419E-BC5F-0E4340768742} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-05] (AVAST Software)
Task: {1602A75D-A916-4149-BA36-29844D24F856} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-01] (NVIDIA Corporation)
Task: {1CBD96C0-4F1F-434B-8526-F1DCC55A10C9} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {1CBD96C0-4F1F-434B-8526-F1DCC55A10C9} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {20DAE014-B084-4988-9919-FA6906D6F423} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {212C28A8-ACB3-47DD-97D3-4D07DED1D183} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
Task: {2EEF0CD1-400F-4AE8-9829-082B19496F80} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1046431522-2320746735-2345803343-1001UA => C:\Users\Win 7 User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {39CB1DC7-8518-47F5-92B0-E5AA83095CF2} - System32\Tasks\Quark Updater => C:\Program Files (x86)\Quark\Quark Update\AutoUpdate.exe
Task: {4B40EA86-CF1D-4A8E-B56D-E4AFFB2D83CC} - System32\Tasks\ASC8_SkipUac_Win 7 User => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: {4C227A27-70B1-48CD-B36C-6E825BC39144} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4C227A27-70B1-48CD-B36C-6E825BC39144} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {4C227A27-70B1-48CD-B36C-6E825BC39144} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {536F8023-7BEA-4155-8D9C-E80759A41173} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-01] (NVIDIA Corporation)
Task: {59C44F3E-8FFE-4D8E-A3B0-6585F55E52A2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6F995A3C-A253-474F-A816-FD53EE51B6D4} - System32\Tasks\Opera scheduled Autoupdate 1372267320 => C:\Program Files (x86)\Opera Next\launcher.exe [2017-10-12] (Opera Software)
Task: {768EA56E-D8F9-4F07-89CC-3FFAB5FAAC99} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-10-08] (Cybereason)
Task: {802690E8-F294-426B-AF65-8CA161AC5941} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-01] (NVIDIA Corporation)
Task: {8955E22B-2B2F-44BD-8DD4-7E9AD927B64C} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {8955E22B-2B2F-44BD-8DD4-7E9AD927B64C} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {8D44274C-CEDA-49BB-B1D7-AE66F7884CCE} - System32\Tasks\{E8E0489B-3B1F-4072-AB83-393E13B0FAC3} => C:\Windows\system32\pcalua.exe -a "C:\Users\Win 7 User\Downloads\32bit_Vista_Win7_Win8_R270.exe" -d "C:\Users\Win 7 User\Downloads"
Task: {8FE1A3C7-2163-4B9D-A154-9C15CD1B0C7E} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-10-08] (Cybereason)
Task: {AEA97667-CA37-4B6B-8F6C-86DC404528C7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1046431522-2320746735-2345803343-1001Core => C:\Users\Win 7 User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-10-07] (Dropbox, Inc.)
Task: {B80D0657-1809-414E-91F2-4546677571A4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {C1C6F330-7BA8-42B5-BA2D-DD408D1E5F09} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {CAEEE37F-00E5-4D36-9E5E-4701974EB1B3} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-06-18] (Glarysoft Ltd)
Task: {DE18B03D-5E76-436D-9AFF-FC0E51166F3F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1046431522-2320746735-2345803343-1001Core => C:\Users\Win 7 User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {E21024D6-84DE-4424-8000-F213E8825E35} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1046431522-2320746735-2345803343-1001UA => C:\Users\Win 7 User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-10-07] (Dropbox, Inc.)
Task: {E4C0B81C-B7A4-4016-988C-2B01023E61D5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-01] (NVIDIA Corporation)
Task: {E958C872-DACF-4767-B54D-A23A2C27B214} - System32\Tasks\SafeZone scheduled Autoupdate 1458746193 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {E9AC26CB-AC62-43E4-87A2-87B338C1EE7E} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2017-06-18] (Glarysoft Ltd)
Task: {EB33DC93-908E-46B2-996A-24B4CF61CDDC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-01] (NVIDIA Corporation)
Task: {EEBC4BBA-7AD7-4341-B267-EA463D70F746} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {EF5D7E3F-BB65-4532-8D26-D9B599C53DAF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {FA8B9B04-5036-424E-9F02-C00B6A683704} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-01] (NVIDIA Corporation)
Task: {FB26D6CA-5392-4CAE-A8B8-FCF22D412598} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {FB26D6CA-5392-4CAE-A8B8-FCF22D412598} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1046431522-2320746735-2345803343-1001Core.job => C:\Users\Win 7 User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1046431522-2320746735-2345803343-1001UA.job => C:\Users\Win 7 User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\Quark Updater.job => C:\Program Files (x86)\Quark\Quark Update\AutoUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Win 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragon Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo) ->  --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
ShortcutWithArgument: C:\Users\Win 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\C.H.I.P. Flasher.lnk -> C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bpohdfcdfghdcgflomadkijfdgalcgoi
ShortcutWithArgument: C:\Users\Win 7 User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-04-24 12:21 - 2011-02-28 18:37 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-02-24 11:37 - 2016-02-24 11:37 - 000505856 _____ () C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_128.dll
2016-04-06 10:20 - 2016-04-06 10:20 - 000505856 _____ () C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_17A.dll
2016-12-13 14:50 - 2016-12-13 14:50 - 000529408 _____ () C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll
2017-09-29 06:32 - 2017-09-29 06:32 - 000076456 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2017-05-18 17:46 - 2017-05-01 18:32 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2013-04-26 12:28 - 2013-04-30 16:35 - 000076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-28 16:55 - 2013-06-28 16:55 - 000409720 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
2017-10-20 14:50 - 2017-10-04 13:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-10-20 14:50 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-05 14:20 - 2017-10-05 14:20 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-10-05 14:20 - 2017-10-05 14:20 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-10-05 14:20 - 2017-10-05 14:20 - 000846752 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-10-05 14:20 - 2017-10-05 14:20 - 000286712 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2014-08-29 10:25 - 2017-06-06 21:42 - 002197608 _____ () C:\Program Files\Everything\Everything.exe
2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2016-03-22 13:41 - 2017-09-04 11:27 - 001139200 _____ () C:\Program Files\SyncTrayzor\SyncTrayzor.exe
2013-05-13 12:07 - 2010-11-10 19:38 - 000380928 _____ () C:\Program Files (x86)\Launchy\Launchy.exe
2016-03-22 13:41 - 2017-10-11 11:33 - 015001600 _____ () C:\Users\Win 7 User\AppData\Roaming\SyncTrayzor\syncthing.exe
2017-09-22 11:33 - 2017-09-21 03:29 - 004022616 _____ () C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-22 11:33 - 2017-09-21 03:29 - 000100184 _____ () C:\Users\Win 7 User\AppData\Local\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-10-05 14:20 - 2017-10-05 14:20 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-10-05 14:20 - 2017-10-05 14:20 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-05 14:20 - 2017-10-05 14:20 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-05 14:20 - 2017-10-05 14:20 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-05 14:20 - 2017-10-05 14:20 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-10-21 09:11 - 2017-10-21 09:11 - 005882040 _____ () C:\Program Files\AVAST Software\Avast\defs\17102100\algo.dll
2017-10-05 14:20 - 2017-10-05 14:20 - 000700656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-10-05 14:20 - 2017-10-05 14:20 - 000241448 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-05-18 17:46 - 2017-05-01 18:32 - 000901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-05-18 17:46 - 2017-05-01 18:32 - 002442176 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-05-18 17:46 - 2017-05-01 18:32 - 000363576 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-05-18 17:46 - 2017-05-01 18:32 - 000254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-05-18 17:46 - 2017-05-01 18:32 - 000385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-05-18 17:46 - 2017-05-01 18:32 - 000469048 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-05-18 17:46 - 2017-05-01 18:32 - 000571840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-07-11 15:45 - 2017-07-11 15:45 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-05 14:19 - 2017-10-05 14:19 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-19 11:45 - 2017-10-13 05:24 - 000724288 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-10-19 11:45 - 2017-10-13 05:24 - 002002752 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-10-19 11:45 - 2017-10-13 05:24 - 000100296 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000018888 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\select.pyd
2017-10-19 11:45 - 2017-10-13 05:26 - 000020800 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000035792 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000694224 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000021848 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000130512 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 001856848 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000022864 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000145864 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000116688 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-10-19 11:45 - 2017-10-13 05:24 - 000105928 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-10-19 11:45 - 2017-10-13 05:26 - 000022864 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000062784 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000024528 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000040248 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000020936 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000124880 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000116176 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000392656 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-10-19 11:45 - 2017-10-13 05:26 - 000392512 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-10-19 11:45 - 2017-10-13 05:26 - 000026456 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000024016 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000175560 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000030160 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000043472 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000026056 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32job.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000048592 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000057808 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000021824 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-10-19 11:45 - 2017-10-13 05:26 - 000023368 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000022856 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2017-10-19 11:45 - 2017-10-13 05:26 - 000066392 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 001796920 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000084424 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\sip.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 001956152 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 003859264 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000154440 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000521024 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000050496 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000042304 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000131384 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000218944 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000204096 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-10-19 11:45 - 2017-10-13 05:26 - 000025432 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000060880 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-10-19 11:45 - 2017-10-13 05:26 - 000054608 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000024016 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-10-19 11:45 - 2017-10-13 05:26 - 000022864 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000028616 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-10-19 11:45 - 2017-10-13 05:26 - 000022360 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-10-19 11:45 - 2017-10-13 05:26 - 000021848 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-10-19 11:45 - 2017-10-13 05:26 - 000022360 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000027488 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000349128 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-10-19 11:45 - 2017-10-13 05:26 - 000023896 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000025424 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-10-19 11:45 - 2017-10-13 05:24 - 000036296 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\librsync.dll
2017-10-19 11:45 - 2017-10-13 05:25 - 000181056 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-10-19 11:45 - 2017-10-13 05:26 - 000030536 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000024368 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\libEGL.DLL
2017-10-19 11:45 - 2017-10-13 05:25 - 001638200 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-10-19 11:45 - 2017-10-13 05:26 - 000026456 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000545080 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000359224 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-10-19 11:45 - 2017-10-13 05:25 - 000038208 _____ () C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2013-05-13 12:07 - 2009-12-16 22:13 - 008314880 _____ () C:\Program Files (x86)\Launchy\QtGui4.dll
2013-05-13 12:07 - 2009-12-16 21:54 - 002236416 _____ () C:\Program Files (x86)\Launchy\QtCore4.dll
2013-05-13 12:07 - 2009-12-16 21:56 - 000712704 _____ () C:\Program Files (x86)\Launchy\QtNetwork4.dll
2013-05-13 12:07 - 2009-12-17 00:18 - 000233472 _____ () C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
2013-05-13 12:07 - 2010-11-10 19:39 - 000081920 _____ () C:\Program Files (x86)\Launchy\plugins\calcy.dll
2013-05-13 12:07 - 2010-11-10 19:39 - 000090112 _____ () C:\Program Files (x86)\Launchy\plugins\controly.dll
2013-05-13 12:07 - 2010-11-10 19:38 - 000024064 _____ () C:\Program Files (x86)\Launchy\plugins\gcalc.dll
2012-03-14 00:27 - 2012-03-14 00:27 - 000118784 _____ () C:\Program Files (x86)\Launchy\plugins\putty.dll
2013-05-13 12:07 - 2010-11-10 19:38 - 000094208 _____ () C:\Program Files (x86)\Launchy\plugins\runner.dll
2013-05-13 12:07 - 2010-11-10 19:38 - 000057344 _____ () C:\Program Files (x86)\Launchy\plugins\verby.dll
2013-05-13 12:07 - 2010-11-10 19:38 - 000122880 _____ () C:\Program Files (x86)\Launchy\plugins\weby.dll
2016-02-24 11:37 - 2016-02-24 11:37 - 000455168 _____ () C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_128.dll
2016-04-06 10:20 - 2016-04-06 10:20 - 000455168 _____ () C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_17A.dll
2016-12-13 14:50 - 2016-12-13 14:50 - 000463872 _____ () C:\ProgramData\Resilio Sync\ShellExtensionOverlay86_2DC.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Win 7 User\AppData\Roaming\enchant:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\microsoft.com -> microsoft.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\1-se.com -> 1-se.com
 
There are 11089 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Win 7 User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{983AFC8A-3D1C-49BC-9BB2-3CB9CA16F75B}C:\users\win 7 user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\win 7 user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{520C576C-4260-4101-8CDE-D8E1DCA2FA85}C:\users\win 7 user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\win 7 user\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FC5E10A6-28BB-4B19-ACCA-9E9B0AC1D5BD}C:\users\win 7 user\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\win 7 user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1731DA12-4F44-4008-A7E3-DB082DEDA691}C:\users\win 7 user\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\win 7 user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{125A584D-46B3-43AD-8910-BB3A8109424D}] => (Allow) C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3B423816-90B1-4F8E-8FE5-67B5DF5413F4}] => (Allow) C:\Users\Win 7 User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{CD13E2C3-A62C-4ED7-A9F6-9B03AE77CAF4}C:\users\win 7 user\dropbox\portableapps\portableapps\freecivportable\app\freeciv\freeciv-server.exe] => (Allow) C:\users\win 7 user\dropbox\portableapps\portableapps\freecivportable\app\freeciv\freeciv-server.exe
FirewallRules: [UDP Query User{AC026117-6BF3-4390-BA36-55CA5528EB03}C:\users\win 7 user\dropbox\portableapps\portableapps\freecivportable\app\freeciv\freeciv-server.exe] => (Allow) C:\users\win 7 user\dropbox\portableapps\portableapps\freecivportable\app\freeciv\freeciv-server.exe
FirewallRules: [{0835404B-28AF-43FA-B797-6D8335F20CCC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FA907852-50F2-4D44-BD13-C5B21533DC6A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{455BEA84-EEAE-442C-B015-EC40B93FC172}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B9CA4A65-ACD5-4E18-9730-7D040CD42D80}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{B32F77D8-7FD1-4DC6-88C8-66A473CCAE26}C:\users\win 7 user\dropbox\portableapps\portableapps\spybotportable\app\spybot\sdupdate.exe] => (Allow) C:\users\win 7 user\dropbox\portableapps\portableapps\spybotportable\app\spybot\sdupdate.exe
FirewallRules: [UDP Query User{A908CBEB-CC1B-4971-BD2C-75F0C3AD4C3D}C:\users\win 7 user\dropbox\portableapps\portableapps\spybotportable\app\spybot\sdupdate.exe] => (Allow) C:\users\win 7 user\dropbox\portableapps\portableapps\spybotportable\app\spybot\sdupdate.exe
FirewallRules: [TCP Query User{D60A0199-BBA1-44B6-91C3-6B04B7AB038F}C:\portapps\portableapps\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\portapps\portableapps\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [UDP Query User{6BF60879-ADF1-41FA-842C-8B92F68C46AD}C:\portapps\portableapps\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\portapps\portableapps\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [TCP Query User{832689A1-48DB-4EE5-8E00-E8A829E38523}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{1DE95BD1-7050-4499-A32A-26D94340DD56}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{54D196FA-A17E-45B7-8C99-26081740758B}C:\thumb backup 131212\portableapps\portableapps\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) C:\thumb backup 131212\portableapps\portableapps\qbittorrentportable\app\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{F90442C3-86D9-44B3-AE53-9DEF6B1A3B9D}C:\thumb backup 131212\portableapps\portableapps\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) C:\thumb backup 131212\portableapps\portableapps\qbittorrentportable\app\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{E19EB985-A9A3-4E39-9646-28E8A6089EE6}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{B407133D-159C-45CB-B0D3-042A9AA9F65C}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{1DB822F6-907D-41C2-B9C6-D8CB33794674}C:\users\win 7 user\appdata\roaming\copy\copyagent.exe] => (Allow) C:\users\win 7 user\appdata\roaming\copy\copyagent.exe
FirewallRules: [UDP Query User{DA74D87E-DDAF-4FA7-B6F7-3842C6EF783F}C:\users\win 7 user\appdata\roaming\copy\copyagent.exe] => (Allow) C:\users\win 7 user\appdata\roaming\copy\copyagent.exe
FirewallRules: [{EB0C4FF7-B5A8-4F1D-B893-B3565DC7B1AC}] => (Allow) C:\Users\Win 7 User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C465865F-0F98-4765-971C-DF671BA9EA12}] => (Allow) C:\Users\Win 7 User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7E45D64B-0AEF-4524-A615-9EC2369EB150}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{9AD49838-5F93-4E03-8CEF-1C933A2C71A2}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{EE375F67-B87F-4847-8F1A-93871348D664}] => (Allow) LPort=4481
FirewallRules: [{CB12AF77-D676-4C6B-87D1-2BDE868FC948}] => (Allow) LPort=4481
FirewallRules: [{E8D6E62B-71CF-4E04-A848-502F8473B098}] => (Allow) LPort=4482
FirewallRules: [{9AAEC116-7E21-4D36-A235-712E984C4514}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{022A2439-E566-4115-B434-4AC13B3D6492}C:\portapps\portableapps\libreofficeportable\app\libreoffice\program\soffice.bin] => (Allow) C:\portapps\portableapps\libreofficeportable\app\libreoffice\program\soffice.bin
FirewallRules: [UDP Query User{A2C25BDF-61B9-4B5B-B8B0-BF57DACB2E75}C:\portapps\portableapps\libreofficeportable\app\libreoffice\program\soffice.bin] => (Allow) C:\portapps\portableapps\libreofficeportable\app\libreoffice\program\soffice.bin
FirewallRules: [TCP Query User{52630AEF-12FF-439D-83C8-C245C1F3580A}C:\portapps\portableapps\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\portapps\portableapps\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [UDP Query User{AA2E27F8-94B1-45DE-B59C-FBBC6FCE9081}C:\portapps\portableapps\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\portapps\portableapps\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [TCP Query User{78CC966F-DD8A-4B8B-8290-4518C0C7AA9B}C:\users\win 7 user\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\win 7 user\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B4BC31A9-A7F9-4987-80AE-2E748C0B24FA}C:\users\win 7 user\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\win 7 user\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{D976ED4D-A1E4-4424-BAFF-EE935931EE02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FB8C683A-4FEA-4D95-86A8-D546BBFF5C93}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F33312E3-BA13-4F69-91AA-05927A394B8A}] => (Allow) C:\Users\Win 7 User\AppData\Local\Vivaldi\Application\vivaldi.exe
FirewallRules: [TCP Query User{CF1BA346-3331-42DF-BD1B-4907F264DFF5}C:\portapps\portableapps\kvircportable\app\kvirc\kvirc.exe] => (Allow) C:\portapps\portableapps\kvircportable\app\kvirc\kvirc.exe
FirewallRules: [UDP Query User{81183111-4F38-44D3-9FB5-51125A21F213}C:\portapps\portableapps\kvircportable\app\kvirc\kvirc.exe] => (Allow) C:\portapps\portableapps\kvircportable\app\kvirc\kvirc.exe
FirewallRules: [TCP Query User{5B52F68B-50F8-42A7-88E2-4EB91B11A660}C:\users\win 7 user\dropbox\portableapps\portableapps\kvircportable\app\kvirc\kvirc.exe] => (Allow) C:\users\win 7 user\dropbox\portableapps\portableapps\kvircportable\app\kvirc\kvirc.exe
FirewallRules: [UDP Query User{92EB25BD-EEE3-4068-8C26-EE3E83B695CB}C:\users\win 7 user\dropbox\portableapps\portableapps\kvircportable\app\kvirc\kvirc.exe] => (Allow) C:\users\win 7 user\dropbox\portableapps\portableapps\kvircportable\app\kvirc\kvirc.exe
FirewallRules: [TCP Query User{00316C4F-707E-485E-A92C-6B016EF20F52}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
FirewallRules: [UDP Query User{72668815-3ED8-456A-BA9F-4BD4AF274359}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
FirewallRules: [TCP Query User{89F61BD1-A431-404F-95D6-C55DA334605C}C:\users\win 7 user\dropbox\portableapps\portableapps\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) C:\users\win 7 user\dropbox\portableapps\portableapps\qbittorrentportable\app\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{1C312051-47DB-4C2A-BBF6-5BBC826E10CD}C:\users\win 7 user\dropbox\portableapps\portableapps\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) C:\users\win 7 user\dropbox\portableapps\portableapps\qbittorrentportable\app\qbittorrent\qbittorrent.exe
FirewallRules: [{A2AA2418-39D2-4D6C-A2C2-60B2E81713BD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{508B70DA-0C1D-4E5F-808A-617CE61198D4}] => (Allow) LPort=2869
FirewallRules: [{EDBD1069-F653-44AE-97FA-136C2AB7127C}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{7E811FD8-C9B1-42D3-84BB-5423976D7DCA}C:\users\win 7 user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\win 7 user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{AF390BA0-46B9-4951-9AD6-064EC0F14409}C:\users\win 7 user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\win 7 user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{73984572-A90D-48D1-8D78-1A477C2D28D4}] => (Allow) C:\Users\Win 7 User\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{1A9FA270-85F8-44F5-B350-DAD9974C62CC}] => (Allow) C:\Users\Win 7 User\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{B943061B-68F3-4018-B2E1-FADF387157EF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{82E0AC35-E064-46D9-A97D-57C3531A0E96}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{494E1A7D-6289-4ABA-A996-CA8E715E368E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{6D8ACDEC-1315-4F14-8452-2B3E5182AF31}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{816D4A5C-8595-4720-8171-013CC14C6D30}C:\users\win 7 user\appdata\roaming\utorrent\updates\3.4.3_40760.exe] => (Allow) C:\users\win 7 user\appdata\roaming\utorrent\updates\3.4.3_40760.exe
FirewallRules: [UDP Query User{7BFA725D-14F4-4112-9324-F4E405330B0D}C:\users\win 7 user\appdata\roaming\utorrent\updates\3.4.3_40760.exe] => (Allow) C:\users\win 7 user\appdata\roaming\utorrent\updates\3.4.3_40760.exe
FirewallRules: [{0BCAE00C-D8A0-46AE-ADC6-603E0FF3DF9F}] => (Allow) C:\Users\Win 7 User\AppData\Local\Temp\7zS63D4\HPDiagnosticCoreUI.exe
FirewallRules: [{AD5B2086-CCC5-4DB0-854B-AF9B3B73BBDF}] => (Allow) C:\Users\Win 7 User\AppData\Local\Temp\7zS63D4\HPDiagnosticCoreUI.exe
FirewallRules: [{7D5CFDB1-BFF9-4114-82E2-7DEB534B43AE}] => (Allow) C:\Users\Win 7 User\AppData\Local\Temp\7zS4B54\HPDiagnosticCoreUI.exe
FirewallRules: [{291F50BF-50FB-455A-B283-E7D2C6D87E80}] => (Allow) C:\Users\Win 7 User\AppData\Local\Temp\7zS4B54\HPDiagnosticCoreUI.exe
FirewallRules: [{6C64A164-9F01-4B31-BDA0-3F0C029B3F79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{356C0BD2-B294-49B9-B212-17CA0E45B301}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C75ED94A-716F-4912-B88E-CFA7AFD21084}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe
FirewallRules: [UDP Query User{1D2DBE5D-9F15-4799-94FF-6A836BC438C0}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe
FirewallRules: [TCP Query User{639B9BF8-D668-46AB-B14E-CC014449FB07}C:\portapps\portableapps\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) C:\portapps\portableapps\qbittorrentportable\app\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{A11425A9-AFE2-48ED-93CD-D44CC1EF6E3B}C:\portapps\portableapps\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) C:\portapps\portableapps\qbittorrentportable\app\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{FDEBB4F6-82FB-42F0-93CF-81C7F58839BA}C:\users\win 7 user\appdata\roaming\synctrayzor\syncthing.exe] => (Allow) C:\users\win 7 user\appdata\roaming\synctrayzor\syncthing.exe
FirewallRules: [UDP Query User{0C08FAD3-B4C1-4406-94EA-499F8CF952A9}C:\users\win 7 user\appdata\roaming\synctrayzor\syncthing.exe] => (Allow) C:\users\win 7 user\appdata\roaming\synctrayzor\syncthing.exe
FirewallRules: [TCP Query User{96D02C70-42E8-4F23-A584-543D66430109}C:\users\win 7 user\appdata\local\temp\joie10f.tmp\join.me.exe] => (Allow) C:\users\win 7 user\appdata\local\temp\joie10f.tmp\join.me.exe
FirewallRules: [UDP Query User{13A77B6C-CEE9-4CF0-B1E3-B15051E6B3BF}C:\users\win 7 user\appdata\local\temp\joie10f.tmp\join.me.exe] => (Allow) C:\users\win 7 user\appdata\local\temp\joie10f.tmp\join.me.exe
FirewallRules: [TCP Query User{069591CC-9DBF-41E2-BE48-C7FFACE179A1}C:\users\win 7 user\appdata\roaming\synctrayzor\syncthing.exe] => (Allow) C:\users\win 7 user\appdata\roaming\synctrayzor\syncthing.exe
FirewallRules: [UDP Query User{DF02DD5F-987C-49AF-88AD-86590397A215}C:\users\win 7 user\appdata\roaming\synctrayzor\syncthing.exe] => (Allow) C:\users\win 7 user\appdata\roaming\synctrayzor\syncthing.exe
FirewallRules: [{9BA5D534-4751-4E20-8CB5-49C755768978}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{06B686F8-5B1D-4E45-953D-289253B80D1C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{4181116A-5AAF-4936-9C17-20A4EE711701}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{5A82D420-5682-4489-A38F-AD2B12C2157E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{3FBC001D-FC66-4D9C-BA85-15ACFBB6C6AB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{014B74D9-72CC-48D8-B4E3-E839A6DF0EB4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [TCP Query User{C8EF95D3-09A2-4678-85B8-BACB8FFD3D39}C:\users\win 7 user\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\win 7 user\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{917C93DF-D6C9-4ACC-9C72-9A4348E2D46F}C:\users\win 7 user\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\win 7 user\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{29DD8C3D-FD12-4020-AD01-19EB081A55D1}] => (Allow) C:\Users\Win 7 User\AppData\Roaming\Resilio Sync\Resilio Sync.exe
FirewallRules: [{C936A4A4-56B3-4C92-A8FB-FC403640A7D0}] => (Allow) C:\Users\Win 7 User\AppData\Roaming\Resilio Sync\Resilio Sync.exe
FirewallRules: [{5BC4CE03-14F5-44C6-963F-2E563BDC3875}] => (Block) LPort=445
FirewallRules: [{C893306D-24AB-4C4B-9263-BAE59DD8C907}] => (Block) LPort=445
FirewallRules: [{63E13FFF-B342-41B7-A31C-5989C6BA459C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F64C5526-CD39-44B0-93F5-513755226E58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EE4C1A99-401A-4C77-9E08-FD7893753D7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{58E5F1C2-C4D8-4791-87C4-9E58E71D3194}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C1625BBF-CA62-45E3-AC8E-F2EED6F54231}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{218F9E90-1BC0-4D5C-AA1D-68094F3D6026}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{0068F44A-5B3D-4D09-87D0-DD0C8DA2715E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{F6012F22-E77F-4077-8FEA-6B930E65DB83}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FEDA9709-F247-4B27-B4B1-DE47F14BCEE8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6D10AC8-5C23-46BA-A639-47A56A899DFC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{80C98BD9-7227-4854-B610-C2269DF599AB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EDCCF012-AF56-4BFE-9234-09519B5B25EC}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{6367FE61-D490-4E1F-A700-CC45A4D360EB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
FirewallRules: [{063ACAA5-5861-45BB-ADC0-5A286D87F9B7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
FirewallRules: [{4CC3E654-ED6F-43E9-9C0C-58ED96519257}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DBDownloader.exe
FirewallRules: [{69B44BD3-8731-42E5-9936-9A070282E00A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DBDownloader.exe
FirewallRules: [{D9D3BF0F-08D8-4607-9402-37459784167E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.5.0\AutoUpdate.exe
FirewallRules: [{FAAD1936-FDFD-4B60-944C-F1CAF2A66896}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.5.0\AutoUpdate.exe
FirewallRules: [{2AEA13D3-20FF-4A9C-8625-F40C701976E5}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{41CB5F08-C862-4EF6-81A4-B41648AA2824}] => (Allow) C:\Program Files (x86)\Opera Next\49.0.2725.12\opera.exe
FirewallRules: [{77756F7F-F350-4399-B809-7A8F25682FC0}] => (Allow) C:\Program Files (x86)\Opera Next\49.0.2725.18\opera.exe
FirewallRules: [{83338A06-D8A9-40F0-BF27-1BC605CB766D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
15-09-2017 16:13:58 Scheduled Checkpoint
22-09-2017 16:26:34 Scheduled Checkpoint
22-09-2017 18:11:05 Installed LibreOffice 5.4.1.2
02-10-2017 13:43:16 Installed calibre 64bit
10-10-2017 18:07:06 Installed Cybereason RansomFree 2.4.1.0
13-10-2017 17:51:34 paint.net 4.0.19
20-10-2017 17:16:17 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Intel® Active Management Technology - SOL (COM5)
Description: Intel® Active Management Technology - SOL
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: Serial
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/21/2017 02:59:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/21/2017 02:24:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/21/2017 01:43:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Eraser.exe, version: 6.2.0.2979, time stamp: 0x57c2350a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.19045, time stamp: 0x56259271
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0x1f0c
Faulting application start time: 0x01d34a927b54ed6a
Faulting application path: C:\Program Files\Eraser\Eraser.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 5d0190fc-b687-11e7-b7e2-001d60a3e925
 
Error: (10/21/2017 01:43:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Eraser.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.DirectoryNotFoundException
   at Eraser.Util.VolumeInfo.FromMountPoint(System.String)
   at Eraser.DefaultPlugins.FolderErasureTarget.EraseFolder()
   at Eraser.DefaultPlugins.FolderErasureTarget.Execute()
   at Eraser.Manager.Task.Execute()
   at Eraser.Manager.DirectExecutor.Main()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (10/21/2017 01:43:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000005
Fault offset: 0x000000000002142a
Faulting process id: 0x96c
Faulting application start time: 0x01d34a8d3022e8f6
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 4eb191a6-b687-11e7-b7e2-001d60a3e925
 
Error: (10/21/2017 12:55:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/21/2017 12:07:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/21/2017 09:34:11 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).
 
Error: (10/21/2017 08:11:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (10/20/2017 05:08:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (10/21/2017 03:02:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (10/21/2017 03:01:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
libusbK
 
Error: (10/21/2017 03:00:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Cybereason RansomFree Engine service hung on starting.
 
Error: (10/21/2017 02:57:28 PM) (Source: Serial) (EventID: 45) (User: )
Description: The serial driver detected a hardware failure on device \Device\Serial0 and will disable this device.
 
Error: (10/21/2017 02:56:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (10/21/2017 02:56:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (10/21/2017 02:55:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (10/21/2017 02:55:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (10/21/2017 02:53:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/21/2017 02:53:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
  Date: 2014-11-08 16:56:54.948
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-08 16:56:54.901
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-08 16:56:51.025
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-08 16:56:50.979
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-08 16:56:47.682
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-08 16:56:47.630
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-08 16:56:47.538
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-08 16:56:47.352
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-08 16:56:47.166
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-08 16:56:46.981
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU 6600 @ 2.40GHz
Percentage of memory in use: 48%
Total physical RAM: 8190.92 MB
Available physical RAM: 4232.98 MB
Total Virtual: 16380.05 MB
Available Virtual: 12875.9 MB
 
==================== Drives ================================
 
Drive b: () (Network) (Total:931.41 GB) (Free:340.95 GB) NTFS
Drive c: () (Fixed) (Total:931.41 GB) (Free:340.95 GB) NTFS
Drive f: (Seagate Replica) (Fixed) (Total:1863.01 GB) (Free:113.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E8F7EAFF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 19522E93)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#3 JohnBlood

JohnBlood
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 23 October 2017 - 12:24 PM

I should also note that the "Drive b: () (Network) (Total:931.41 GB) (Free:340.95 GB) NTFS"  listed in Addition.txt is not something I setup.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:37 AM

Posted 24 October 2017 - 08:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 6.0.0.0 - Auslogics Labs Pty Ltd)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) <- just delete this old version. Keep the other Java version.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
BHO-x32: No Name -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> No File
Toolbar: HKLM-x32 - No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\albumart@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\bluemonday@getnightingale.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\foldersync-ng@getnightingale.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\foldersync@rsjtdrjgfuzkfg.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\gonzo@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\pinkmartini@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\playlistfolders@getnightingale.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\purplerain@songbirdnest.com [not found]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\9oas0nxt.default -> hxxps://www.google.com/search/?trackid=sp-006
FF Homepage: Mozilla\Firefox\Profiles\9oas0nxt.default -> hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: Mozilla\Firefox\Profiles\9oas0nxt.default -> hxxps://www.google.com/search/?trackid=sp-006
FF SearchPlugin: C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\searchplugins\google-avast.xml [2015-02-06]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\012dz70d.jpw -> hxxps://www.google.com/search/?trackid=sp-006
FF Keyword.URL: Mozilla\Firefox\Profiles\012dz70d.jpw -> hxxps://www.google.com/search/?trackid=sp-006
FF Homepage: Mozilla\Firefox\Profiles\012dz70d.jpw -> hxxps://www.google.com/?trackid=sp-006
FF NewTab: Mozilla\Firefox\Profiles\012dz70d.jpw -> about:newtab
FF Extension: (No Name) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2015-02-06] [not signed]
FF SearchPlugin: C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\searchplugins\google-avast.xml [2015-02-06]
FF HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Users\Win 7 User\Dropbox\PortableApps\PortableApps\FreeDownloadManagerPortable\App\FreeDownloadManager\Firefox\Extension => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-18]
CHR Extension: (Poppit!) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {1CBD96C0-4F1F-434B-8526-F1DCC55A10C9} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {1CBD96C0-4F1F-434B-8526-F1DCC55A10C9} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {4C227A27-70B1-48CD-B36C-6E825BC39144} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {8955E22B-2B2F-44BD-8DD4-7E9AD927B64C} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {FB26D6CA-5392-4CAE-A8B8-FCF22D412598} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===
 

mysterious folders that regenerate when deleted

If the problem persists please give me an example of the folders created.
===
 

I should also note that the "Drive b: () (Network) (Total:931.41 GB) (Free:340.95 GB) NTFS" listed in Addition.txt is not something I setup.


Both drives are of the same size.
Drive b: () (Network) (Total:931.41 GB) (Free:340.95 GB) NTFS
Drive c: () (Fixed) (Total:931.41 GB) (Free:340.95 GB) NTFS

HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Policies\Explorer: [NoDrives] 2
This command in your log indicates that your driver B is hidden.

HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Win 7 User\AppData\Roaming\Copy\CopyAgent.exe"
This entry was created by Barracuda Networks, Inc.
Read about it.
http://www.shouldiremoveit.com/Copy-77123-program.aspx

Do you remember using that program?

#5 JohnBlood

JohnBlood
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 24 October 2017 - 11:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

...

HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Win 7 User\AppData\Roaming\Copy\CopyAgent.exe"
This entry was created by Barracuda Networks, Inc.
Read about it.
http://www.shouldiremoveit.com/Copy-77123-program.aspx

Do you remember using that program?


Thanks for your reply. I was getting very worried.

 

Yes, I installed Copy and used it for quite a while (well, until they pulled the plug on it.



#6 JohnBlood

JohnBlood
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 24 October 2017 - 11:57 AM

Here is the fixlog contents:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-10-2017 01
Ran by Win 7 User (24-10-2017 12:32:46) Run:1
Running from C:\Users\Win 7 User\Downloads
Loaded Profiles: Win 7 User (Available Profiles: Win 7 User & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
BHO-x32: No Name -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> No File
Toolbar: HKLM-x32 - No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\albumart@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\bluemonday@getnightingale.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\foldersync-ng@getnightingale.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\foldersync@rsjtdrjgfuzkfg.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\gonzo@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\pinkmartini@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\playlistfolders@getnightingale.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Nightingale\extensions\purplerain@songbirdnest.com [not found]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\9oas0nxt.default -> hxxps://www.google.com/search/?trackid=sp-006
FF Homepage: Mozilla\Firefox\Profiles\9oas0nxt.default -> hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: Mozilla\Firefox\Profiles\9oas0nxt.default -> hxxps://www.google.com/search/?trackid=sp-006
FF SearchPlugin: C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\searchplugins\google-avast.xml [2015-02-06]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\012dz70d.jpw -> hxxps://www.google.com/search/?trackid=sp-006
FF Keyword.URL: Mozilla\Firefox\Profiles\012dz70d.jpw -> hxxps://www.google.com/search/?trackid=sp-006
FF Homepage: Mozilla\Firefox\Profiles\012dz70d.jpw -> hxxps://www.google.com/?trackid=sp-006
FF NewTab: Mozilla\Firefox\Profiles\012dz70d.jpw -> about:newtab
FF Extension: (No Name) - C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2015-02-06] [not signed]
FF SearchPlugin: C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\searchplugins\google-avast.xml [2015-02-06]
FF HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Users\Win 7 User\Dropbox\PortableApps\PortableApps\FreeDownloadManagerPortable\App\FreeDownloadManager\Firefox\Extension => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-18]
CHR Extension: (Poppit!) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.32.8\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Win 7 User\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {1CBD96C0-4F1F-434B-8526-F1DCC55A10C9} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {1CBD96C0-4F1F-434B-8526-F1DCC55A10C9} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {4C227A27-70B1-48CD-B36C-6E825BC39144} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {8955E22B-2B2F-44BD-8DD4-7E9AD927B64C} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {FB26D6CA-5392-4CAE-A8B8-FCF22D412598} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => key not found. 
C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Nightingale\extensions\albumart@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Nightingale\extensions\bluemonday@getnightingale.com => path removed successfully
C:\Program Files (x86)\Nightingale\extensions\foldersync-ng@getnightingale.com => path removed successfully
C:\Program Files (x86)\Nightingale\extensions\foldersync@rsjtdrjgfuzkfg.com => path removed successfully
C:\Program Files (x86)\Nightingale\extensions\gonzo@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Nightingale\extensions\pinkmartini@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Nightingale\extensions\playlistfolders@getnightingale.com => path removed successfully
C:\Program Files (x86)\Nightingale\extensions\purplerain@songbirdnest.com => path removed successfully
Firefox DefaultSearchUrl removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\9oas0nxt.default\searchplugins\google-avast.xml => moved successfully
Firefox DefaultSearchUrl removed successfully
Firefox "Keyword.URL" removed successfully
Firefox "homepage" removed successfully
Firefox "newtab" removed successfully
C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack => moved successfully
C:\Users\Win 7 User\AppData\Roaming\Mozilla\Firefox\Profiles\012dz70d.jpw\searchplugins\google-avast.xml => moved successfully
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001\Software\Mozilla\Firefox\Extensions\\fdm_ffext@freedownloadmanager.org => value removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
CHR Extension: (Avast SafePrice) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-10-18] => Error: No automatic fix found for this entry.
CHR Extension: (Poppit!) - C:\Users\Win 7 User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-27] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key removed successfully
HKU\S-1-5-21-1046431522-2320746735-2345803343-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CBD96C0-4F1F-434B-8526-F1DCC55A10C9} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeC:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CBD96C0-4F1F-434B-8526-F1DCC55A10C9} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C227A27-70B1-48CD-B36C-6E825BC39144} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8955E22B-2B2F-44BD-8DD4-7E9AD927B64C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8955E22B-2B2F-44BD-8DD4-7E9AD927B64C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB26D6CA-5392-4CAE-A8B8-FCF22D412598} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB26D6CA-5392-4CAE-A8B8-FCF22D412598} => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4068933 B
Java, Flash, Steam htmlcache => 2286 B
Windows/system/drivers => 1414784447 B
Edge => 0 B
Chrome => 1163910426 B
Firefox => 460122248 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128327 B
systemprofile32 => 80446 B
LocalService => 16384 B
NetworkService => 104060 B
Win 7 User => 3497198017 B
UpdatusUser.PENT48 => 0 B
Administrator => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 6.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:44:27 ====


#7 JohnBlood

JohnBlood
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 24 October 2017 - 12:07 PM

I followed all the steps and I don't see the folders anymore. What was the problem?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:37 AM

Posted 24 October 2017 - 01:23 PM

Hi,

I just clean what was not required. Nothing malicious.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#9 JohnBlood

JohnBlood
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 24 October 2017 - 01:36 PM

@nasdaq In that case, thanks for your help. It takes a load off my mind. :)



#10 JohnBlood

JohnBlood
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 25 October 2017 - 10:53 AM

@nasdaq, I booted my computer today and the folders are back. Here is what they look like. https://www.dropbox.com/s/mtk4zze2esqyd9p/strange-files2.png?dl=0. (Not sure how to upload this file.) 
 
Someone on the Seven Forums (where I originally posted my problem) thinks that these folders were created by CyberReason RansomFree as a honeypot for ransomware. What do you think?

Edited by JohnBlood, 25 October 2017 - 10:53 AM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:37 AM

Posted 25 October 2017 - 12:42 PM



Hi.

Are these the folders you are referring to.
Ac0cjck0
xwif1j


If so run the Farbar program.

Perform a Folder search, enter the following syntax in bold in the Search box and press the "Search Files" button:

FindFolder: Ac0cjck0;xwif1j

Submit the log for my review.

#12 JohnBlood

JohnBlood
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 25 October 2017 - 01:11 PM

Here is the resulting log:

 

Farbar Recovery Scan Tool (x64) Version: 25-10-2017
Ran by Win 7 User (25-10-2017 13:57:54)
Running from C:\Users\Win 7 User\Downloads
Boot Mode: Normal
 
================== Search Files: "FindFolder: Ac0cjck0;xwif1j" =============
 
2017-10-25 11:17 - 2017-10-25 11:17 ____H C:\Users\Ac0cjck0
2017-10-25 11:17 - 2017-10-25 11:17 ____H C:\Users\Xwif1j
 
====== End of Search ======


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:37 AM

Posted 26 October 2017 - 06:34 AM

Hi,

Is there any files in these folders?

If found, what are the file extentions?
i.e.
.exe
.tmp

etc...

#14 JohnBlood

JohnBlood
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 27 October 2017 - 03:56 PM

Hi,

Is there any files in these folders?

If found, what are the file extentions?
i.e.
.exe
.tmp

etc...

 

@nasdaq

Here is a screenshot of the contents of one of the mysterious folder: https://www.dropbox.com/s/34ic3voj4tqhkhj/strange-files3.png?dl=0. I think these files are created by RansomFree. I paused the program for an hour and the folders disappeared. Resumed and they reappeared.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:37 AM

Posted 28 October 2017 - 06:39 AM

 
 
Hi,
 
Sorry for this delay. I lost my internet connection all day yesterday.
 

I paused the program for an hour and the folders disappeared. Resumed and they reappeared.
 
Which program did you paused?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users