Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware in PC - browser and other issues (with scan log from FRST)


  • This topic is locked This topic is locked
7 replies to this topic

#1 sharath83

sharath83

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 11 April 2018 - 04:05 AM

I happened to install a software, and it messed up my Firefox, Chrome and IE browser, some of the links are not opening. My YouTube history has videos I didn't watch before, this is within 30 - 50 mins after the issue.
 
Some of the software and other files, the program with which it should be opened, the shortcut icons are blank.
 
Youtube I cannot skip the ad videos. (Skip after 5 seconds is no more seen)
 
In Firefox, the redirect link is:
 
I tried Malwarebytes, it did remove some malwares, but still the issue persists.
 
In the post at 'Am I infected? What do I do?' here, I was asked perform a scan using FRST, attached is the log of Addition.txt and FRST.txt followed 6th step from here: https://bit.ly/2EDc2aV
 
I was unable to post the both logs here, as it would timeout.
 
Awaiting for a quick solution. Thank you.
 
FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by admin (administrator) on ADMIN-PC (11-04-2018 14:18:44)
Running from C:\Users\admin\Desktop\New folder (2)
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Felix Logic) C:\Program Files (x86)\Cold Turkey\CTService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
(Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Users\admin\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qustodio Technologies) C:\Program Files (x86)\Qustodio\qapp\QUpdateService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
(New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
(Simnet Ltd. ) C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
( New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Qustodio Technologies) C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Intel® Corporation) C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
(Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Qustodio Technologies) C:\Program Files (x86)\Qustodio\qproxy\qengine.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7679816 2016-10-09] (SoftPerfect)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-02-17] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2018-01-23] (Raptr, Inc)
HKLM-x32\...\Run: [QAppTray] => C:\Program Files (x86)\Qustodio\qapp\qapptray.exe [5824120 2017-07-26] (Qustodio Technologies)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3639616 2018-03-28] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [WinFLTray] => C:\Windows\SysWow64\WinFLTray.ex
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [FLBackup] => C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.ex
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [Simple Sticky Notes] => C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe [688648 2016-08-19] (Simnet Ltd. )
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-23] (SUPERAntiSpyware)
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_ActiveX.exe [1362432 2018-03-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {20c1b7c7-a7ee-11e6-89f6-fcaa14c2fb92} - L:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {696585ce-d229-11e3-961a-806e6f6e6963} - E:\Run.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {75480ec5-23ec-11e7-bc40-fcaa14c2fb92} - K:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {75480f11-23ec-11e7-bc40-fcaa14c2fb92} - K:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {75480f62-23ec-11e7-bc40-fcaa14c2fb92} - K:\setup.exe -a
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {98507fb2-4a79-11e7-8dc1-fcaa14c2fb92} - K:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {ad504ddb-2ab0-11e5-883e-806e6f6e6963} - "P:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {c38be7d2-8209-11e4-99ab-806e6f6e6963} - F:\Run.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {d4c2d37b-a551-11e5-899c-001b10002aec} - K:\Startme.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {ea572361-749b-11e5-8398-001b10002aec} - K:\Setup.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MountPoints2: {f2f63f40-5221-11e6-be00-fcaa14c2fb92} - O:\Setup.exe
HKU\S-1-5-18\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Windows\SysWOW64\qproxy.dll [670840 2017-06-15] (Qustodio Technologies)
Winsock: Catalog9 02 C:\Windows\SysWOW64\qproxy.dll [670840 2017-06-15] (Qustodio Technologies)
Winsock: Catalog9 03 C:\Windows\SysWOW64\qproxy.dll [670840 2017-06-15] (Qustodio Technologies)
Winsock: Catalog9 04 C:\Windows\SysWOW64\qproxy.dll [670840 2017-06-15] (Qustodio Technologies)
Winsock: Catalog9 16 C:\Windows\SysWOW64\qproxy.dll [670840 2017-06-15] (Qustodio Technologies)
Winsock: Catalog9-x64 01 C:\Windows\system32\qproxy64.dll [839288 2017-06-15] (Qustodio Technologies)
Winsock: Catalog9-x64 02 C:\Windows\system32\qproxy64.dll [839288 2017-06-15] (Qustodio Technologies)
Winsock: Catalog9-x64 03 C:\Windows\system32\qproxy64.dll [839288 2017-06-15] (Qustodio Technologies)
Winsock: Catalog9-x64 04 C:\Windows\system32\qproxy64.dll [839288 2017-06-15] (Qustodio Technologies)
Winsock: Catalog9-x64 05 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-15] (Lavasoft Limited)
Winsock: Catalog9-x64 06 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-15] (Lavasoft Limited)
Winsock: Catalog9-x64 07 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-15] (Lavasoft Limited)
Winsock: Catalog9-x64 08 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-15] (Lavasoft Limited)
Winsock: Catalog9-x64 20 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-15] (Lavasoft Limited)
Winsock: Catalog9-x64 21 C:\Windows\system32\qproxy64.dll [839288 2017-06-15] (Qustodio Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 125.22.47.125 8.8.8.8
Tcpip\..\Interfaces\{51F5BA4F-5C41-4B15-991C-5BC22DC84B9B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D063286F-5185-4613-BE88-0D66833B84B0}: [DhcpNameServer] 125.22.47.125 8.8.8.8
Tcpip\..\Interfaces\{E9D8FAE0-1661-467C-8EF2-8D081E39D7D2}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://in.yahoo.com/?fr=fp-spt_gen
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2012-08-24] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_162\bin\ssv.dll [2018-03-29] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-03-29] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2012-08-24] (Internet Download Manager, Tonec Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-10-01] (Adobe Systems Incorporated)
IE Session Restore: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000 -> is enabled.
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
 
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default [2018-04-11]
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\user.js [2018-03-27]
FF Homepage: Mozilla\Firefox\Profiles\yi4hh69o.default -> hxxp://www.google.co.in/
FF NetworkProxy: Mozilla\Firefox\Profiles\yi4hh69o.default -> http", "127.0.0.1"
FF Session Restore: Mozilla\Firefox\Profiles\yi4hh69o.default -> is enabled.
FF Extension: (System Table) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\622127@modext.tech.xpi [2018-04-02]
FF Extension: (Grammarly for Firefox) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-02-15]
FF Extension: (Windscribe VPN) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\@windscribeff.xpi [2018-02-13]
FF Extension: (Cisco WebEx Extension) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\ciscowebexstart1@cisco.com.xpi [2017-07-13]
FF Extension: (Browser Safety) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\extension@browser-safety.org.xpi [2018-04-10]
FF Extension: (Furniture Guru) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\extension@furnitureguru.in.xpi [2018-04-10]
FF Extension: (IndiaShopps) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\extension@indiashopps.com.xpi [2018-03-30]
FF Extension: (MEGA) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\firefox@mega.co.nz.xpi [2018-04-06]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2017-06-26]
FF Extension: (Nimbus Screen Capture) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2017-09-08]
FF Extension: (WiseStamp) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\wisestamp@wisestamp.com.xpi [2017-10-17]
FF Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2018-01-31]
FF Extension: (Yahoo Toolbar and New Tab) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}.xpi [2017-11-22]
FF Extension: (MeasureIt) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2016-03-16] [Legacy]
FF Extension: (Measure-it) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\{79b2e4de-8fb4-4ccc-b9f6-362ac2fb74b2}.xpi [2018-04-10]
FF Extension: (Video DownloadHelper) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-17]
FF Extension: (Web Developer) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-11-16]
FF Extension: (Download with Internet Download Manager (IDM)) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\{d1646fcf-76ad-49c5-b8b2-e496e9b71189}.xpi [2017-09-10]
FF Extension: (YouTube Flash Video Player) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2018-01-21]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yi4hh69o.default\features\{678cb115-9d57-483d-b62d-ffa0a4732c7d}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-04] [Legacy]
FF Extension: (Furniture Guru) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\extension@furnitureguru.in.xpi [2018-03-30]
FF Extension: (IndiaShopps) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\extension@indiashopps.com.xpi [2018-03-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-07-15] [Legacy] [not signed]
FF HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5 [2018-01-25] [Legacy] [not signed]
FF HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-31] ()
FF Plugin: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-03-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-03-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-31] ()
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2014-06-06] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccpluginex.dll [2014-06-06] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2014-06-06] (Fortinet Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-10-03] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-09-23] (Nero AG)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2017-09-09] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll [2011-12-22] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @webex.com/npatgpc -> C:\ProgramData\WebEx\npatgpc.dll [2017-12-07] (Cisco WebEx LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2017-05-15] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-05-15] (Cisco WebEx LLC)
 
Chrome:
=======
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2018-04-11]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-10]
CHR Extension: (Nimbus Screenshot App) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecjogkncpbkjfobfnoaiepipllcadhe [2017-09-08]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-10]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-10]
CHR Extension: (Web Developer) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2017-09-08]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-10]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-04-10]
CHR Extension: (Tampermonkey) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-04-10]
CHR Extension: (Dropbox for Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-04-10]
CHR Extension: (Adobe Acrobat) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-10]
CHR Extension: (Pearlski) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoffddcocadkbcomlgaciipfbeglmad [2018-04-10]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-10]
CHR Extension: (Web Developer Checklist) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahamcpedabephpcgkeikbclmaljebjp [2017-09-08]
CHR Extension: (Adobe Edge Inspect CC) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkjjgddem [2015-07-15]
CHR Extension: (Adblocker for Youtube™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhhfgfhbjnkpaoedekoofphhbagpooj [2018-04-10]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-02-01]
CHR Extension: (Spoon.net Extension) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncgbdglledmjmpnikebkagnchfdehbm [2015-10-05]
CHR Extension: (Skype) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-03-16]
CHR Extension: (Responsive Inspector) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\memcdolmmnmnleeiodllgpibdjlkbpim [2015-07-15]
CHR Extension: (Compare Hatke) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeifcmllbkkjebeahalgcadeblbbfbe [2015-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-10]
CHR Extension: (Responsive Web Design Tester) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2017-08-31]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-10]
CHR Extension: (MeasureIt) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokhcahijjfkdccinalifdifljglhclm [2015-07-15]
CHR Extension: (System Table) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-04-10]
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-10]
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [amanlcdnojadchadmedfkljbkffioapi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcpfiabjpehfpkmlfdfdlpameaoonpdn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [imedekbkldfofmicojdclhjchkmmnklg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ndgpdmigmpcbehlcdehbbldijnnibiee] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amanlcdnojadchadmedfkljbkffioapi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hcpfiabjpehfpkmlfdfdlpameaoonpdn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [imedekbkldfofmicojdclhjchkmmnklg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ndgpdmigmpcbehlcdehbbldijnnibiee] - hxxps://clients2.google.com/service/update2/crx
 
Opera:
=======
OPR Extension: (SaveFrom.net helper) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2016-10-23]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 CTService; C:\Program Files (x86)\Cold Turkey\\CTService.exe [329728 2016-04-07] (Felix Logic) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-03-28] (Dropbox, Inc.)
R2 FLService; C:\Windows\SysWow64\WinFLService.exe [92360 2015-10-11] (New Softwares.net)
R2 FortiSslvpnDaemon; C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [954080 2014-06-06] (Fortinet Inc.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 KingoSoftService; C:\Users\admin\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [367592 2017-03-27] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-07-15] (Lavasoft Limited) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-01-25] ()
R2 qengine; C:\Program Files (x86)\Qustodio\qproxy\qengine.exe [4141688 2017-06-15] (Qustodio Technologies)
R2 qupdate; C:\Program Files (x86)\Qustodio\qapp\QUpdateService.exe [2225784 2017-07-26] (Qustodio Technologies)
R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [53352 2016-12-08] ()
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [104248 2015-12-30] (Wondershare)
S2 AppmallosayoV; no ImagePath
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X]
S2 system_http_dll; C:\ProgramData\9e153da59d\e7b640f780.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [39704 2015-10-07] (Windows ® Win 7 DDK provider)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [75584 2015-10-07] (ASUS Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-10-06] ()
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-09-27] (Sony Mobile Communications)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [72632 2016-10-04] (NetFilterSDK.com)
R2 NEWDRIVER; C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2015-10-11] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [54000 2015-06-10] (Novation DMS Ltd.)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
R1 qwdf64; C:\Windows\system32\Drivers\qwdf64.sys [41848 2017-06-15] (Qustodio Technologies)
R1 qwdr64; C:\Windows\system32\Drivers\qwdr64.sys [55672 2017-06-15] (Qustodio Technologies)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)
R1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [34816 2015-10-11] ()
R2 WinVDEDrv; C:\Windows\SysWow64\WinVDEdrv.sys [225680 2015-10-11] (NewSoftwares.net, Inc.)
S3 cpuz134; \??\C:\Users\admin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-11 14:05 - 2018-04-11 14:18 - 000000000 ____D C:\FRST
2018-04-11 14:05 - 2018-04-11 14:06 - 000000000 ____D C:\Users\admin\Desktop\New folder (2)
2018-04-11 03:18 - 2018-04-11 03:18 - 000002075 _____ C:\Users\admin\Desktop\sound design - synth - revenge - music - production.txt
2018-04-11 03:18 - 2018-04-11 03:18 - 000000309 _____ C:\Users\admin\Desktop\advices for DJ  - warm up - dj set.txt
2018-04-10 21:08 - 2018-04-10 21:08 - 020987511 _____ C:\Users\admin\Desktop\The+Music+Production+Handbook+V1.pdf
2018-04-10 19:05 - 2018-04-11 03:05 - 000000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 57b62546-097e-45dc-9fcb-465e7bb6bd7c.job
2018-04-10 19:05 - 2018-04-11 02:00 - 000000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task cabfd5d0-c272-4a5f-b363-096e0061cee7.job
2018-04-10 19:05 - 2018-04-10 19:05 - 000003588 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task cabfd5d0-c272-4a5f-b363-096e0061cee7
2018-04-10 19:05 - 2018-04-10 19:05 - 000003514 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 57b62546-097e-45dc-9fcb-465e7bb6bd7c
2018-04-10 19:05 - 2018-04-10 19:05 - 000001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-04-10 19:05 - 2018-04-10 19:05 - 000000653 _____ C:\Users\admin\Desktop\changes for COCO logo.txt
2018-04-10 19:05 - 2018-04-10 19:05 - 000000000 ____D C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.com
2018-04-10 19:05 - 2018-04-10 19:05 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2018-04-10 19:05 - 2018-04-10 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-04-10 19:05 - 2018-04-10 19:05 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-04-10 19:04 - 2018-04-10 19:04 - 032727800 _____ (SUPERAntiSpyware) C:\Users\admin\Desktop\SUPERAntiSpyware.exe
2018-04-10 18:15 - 2018-04-10 18:22 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-04-10 17:47 - 2018-04-10 17:47 - 000000356 _____ C:\Users\admin\Desktop\remove these and synths.txt
2018-04-10 17:26 - 2018-04-10 19:05 - 000000515 _____ C:\Users\admin\Desktop\Known malicious programs.txt
2018-04-10 17:08 - 2018-04-10 17:08 - 000000052 _____ C:\Users\admin\Desktop\issue with tab on firefox.txt
2018-04-10 17:03 - 2018-04-10 17:03 - 072655960 _____ (Malwarebytes ) C:\Users\admin\Desktop\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4664.exe
2018-04-10 16:59 - 2018-04-10 17:01 - 000000000 ____D C:\AdwCleaner
2018-04-10 16:47 - 2018-04-10 16:47 - 000000000 _____ C:\Windows\SysWOW64\__020DC3BA__C0000005.dmp
2018-04-10 16:42 - 2018-04-10 17:24 - 000000000 ____D C:\Users\admin\AppData\Roaming\we3mddneeqo
2018-04-10 16:42 - 2018-04-10 17:24 - 000000000 ____D C:\Users\admin\AppData\Roaming\wbtkuzc5h14
2018-04-10 16:41 - 2018-04-10 17:24 - 000000000 ____D C:\Users\admin\AppData\Roaming\bmjls4u1pje
2018-04-10 16:41 - 2018-04-10 16:52 - 000015607 _____ C:\Windows\SysWOW64\findit.xml
2018-04-10 16:40 - 2018-04-10 16:47 - 000000000 ____D C:\Windows\SysWOW64\SSL
2018-04-10 16:38 - 2018-04-10 18:15 - 000000000 ____D C:\Program Files (x86)\ShutdownTime
2018-04-10 16:38 - 2018-04-10 17:24 - 000000000 ____D C:\Users\admin\AppData\Roaming\erj4tefl0zj
2018-04-10 16:38 - 2018-04-10 17:07 - 000000000 ____D C:\ProgramData\9e153da59d
2018-04-10 16:38 - 2018-04-10 16:52 - 000929792 _____ C:\Users\admin\AppData\Local\sham.db
2018-04-10 16:38 - 2018-04-10 16:38 - 000140800 _____ C:\Users\admin\AppData\Local\installer.dat
2018-04-10 16:38 - 2018-04-10 16:38 - 000000000 ____D C:\Users\admin\AppData\Roaming\FastDataX
2018-04-10 16:37 - 2018-04-10 18:15 - 000000000 ____D C:\Program Files (x86)\Pipe
2018-04-10 16:35 - 2018-04-10 18:12 - 000000000 ____D C:\Applications
2018-04-10 16:35 - 2018-04-10 17:23 - 000000000 ____D C:\Browse
2018-04-10 16:35 - 2018-04-10 17:22 - 000000000 ____D C:\WinSys
2018-04-10 16:35 - 2018-04-10 16:35 - 000000000 ____D C:\Users\admin\AppData\Local\AdvinstAnalytics
2018-04-10 16:29 - 2018-04-10 16:29 - 000003011 _____ C:\Users\admin\Desktop\links to check.txt
2018-04-10 16:29 - 2018-04-10 16:29 - 000000405 _____ C:\Users\admin\Desktop\music artist to check out.txt
2018-04-10 16:28 - 2018-04-10 16:28 - 000000454 _____ C:\Users\admin\Desktop\movies - english.txt
2018-04-10 13:35 - 2018-04-10 13:35 - 000000912 _____ C:\Users\admin\Desktop\gradient-for-slider.css
2018-04-09 22:36 - 2018-04-09 22:36 - 000000331 _____ C:\Users\admin\Desktop\plants to buy - less sun light - plants for home.txt
2018-04-09 22:36 - 2018-04-09 22:36 - 000000110 _____ C:\Users\admin\Desktop\idea - startup - buinesses plan.txt
2018-04-09 22:36 - 2018-04-09 22:36 - 000000028 _____ C:\Users\admin\Desktop\my ideas - product design.txt
2018-04-09 19:26 - 2018-04-09 22:35 - 000000934 _____ C:\Users\admin\Desktop\properties in bangalore -april 2018.txt
2018-04-09 18:15 - 2018-04-09 18:15 - 001440661 _____ C:\Users\admin\Desktop\cloudEngineers.psd
2018-04-09 14:27 - 2018-04-09 14:27 - 005725239 _____ C:\Users\admin\Desktop\call with jai on form design project - 09April2018.wma
2018-04-09 14:02 - 2018-04-09 14:02 - 000003458 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-admin-PC-admin
2018-04-09 13:59 - 2018-04-09 14:05 - 000000000 ____D C:\Users\admin\Desktop\New folder
2018-04-09 10:05 - 2018-04-09 10:05 - 000052422 _____ C:\Windows\uninstaller.dat
2018-04-09 01:51 - 2018-04-09 01:51 - 000000147 _____ C:\Users\admin\Desktop\Synthesizers links and others - to buy - vst and hardware.txt
2018-04-08 23:56 - 2018-04-09 01:25 - 1220032773 _____ C:\Users\admin\Desktop\Producer Loops Best Sellers Free Pack.zip
2018-04-06 16:53 - 2018-04-06 16:53 - 000001687 _____ C:\Users\admin\Desktop\Photoshop CC 2018.lnk
2018-04-06 16:51 - 2018-04-06 20:11 - 000000350 _____ C:\Users\admin\Desktop\to be done 06april2018 - before leaving.txt
2018-04-06 16:51 - 2018-04-06 16:51 - 000000426 _____ C:\Users\admin\Desktop\bird dreams meaning.txt
2018-04-06 16:49 - 2018-04-06 16:52 - 000001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2018.lnk
2018-04-06 16:46 - 2018-04-06 16:46 - 000994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-06 16:46 - 2018-04-06 16:46 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-06 16:44 - 2018-04-06 16:50 - 000000000 ____D C:\Users\admin\Desktop\AP2018
2018-04-06 16:24 - 2018-04-06 16:31 - 000000000 ____D C:\Users\admin\Downloads\Adobe Photoshop CC 2018 19.1.1.42094 + Pre-Cracked - [CrackzSoft]
2018-04-06 15:09 - 2018-04-10 16:33 - 000000000 ____D C:\Users\admin\Downloads\ESETInternetSecurityV11.0.144.0FinalLicenseFinder
2018-04-06 15:09 - 2018-04-06 15:09 - 000016578 _____ C:\Users\admin\Desktop\ESETInternetSecurityV11.0.144.0FinalLicenseFinder_archive.torrent
2018-04-06 03:48 - 2018-04-06 03:48 - 000000507 _____ C:\Users\admin\Desktop\infinite plugin contact email - shopify - annette.txt
2018-04-06 03:48 - 2018-04-06 03:48 - 000000158 _____ C:\Users\admin\Desktop\teachers stamp for shopify - page names and product links.txt
2018-04-06 03:47 - 2018-04-06 03:49 - 000001516 _____ C:\Users\admin\Desktop\about UX course in bangalore and people who teach UX.txt
2018-04-06 03:47 - 2018-04-06 03:47 - 000000088 _____ C:\Users\admin\Desktop\infinite plugin contact email - shopify.txt
2018-04-06 02:43 - 2018-04-06 02:43 - 000000837 _____ C:\Users\admin\Desktop\shopify plugin - for websites - free and paid links.txt
2018-04-06 02:00 - 2018-04-06 02:01 - 007924192 _____ (Tim Kosse) C:\Users\admin\Downloads\FileZilla_3.32.0_win64-setup.exe
2018-04-05 23:22 - 2018-04-05 23:23 - 012591505 _____ C:\Users\admin\Desktop\uxpin_ux_design_process_best_practices.zip
2018-04-05 23:05 - 2018-04-05 23:05 - 000000136 _____ C:\Users\admin\Desktop\books and contacts.txt
2018-04-05 22:33 - 2018-04-05 22:33 - 000867268 _____ C:\Users\admin\Desktop\UI-UX.pdf
2018-04-05 15:47 - 2018-04-05 15:47 - 000001193 _____ C:\Users\admin\Desktop\arnold statue.txt
2018-04-05 15:36 - 2018-04-05 15:36 - 000036057 _____ C:\Users\admin\Desktop\The Post (2017) [1080p] [YTS.ME].torrent
2018-04-05 15:36 - 2018-04-05 15:36 - 000033227 _____ C:\Users\admin\Desktop\The Greatest Showman (2017) [1080p] [YTS.ME].torrent
2018-04-05 14:38 - 2018-04-05 14:38 - 000508641 _____ C:\Users\admin\Desktop\Please do cdr.cdr
2018-04-05 14:38 - 2018-04-05 14:38 - 000018195 _____ C:\Users\admin\Desktop\Please do cdr.pdf
2018-04-05 02:31 - 2018-04-05 02:31 - 000000047 _____ C:\Users\admin\Desktop\typography - learn about it completely.txt
2018-04-05 02:26 - 2018-04-05 02:26 - 000000319 _____ C:\Users\admin\Desktop\learn how to create abstart art using shapes and abstract art.txt
2018-04-05 02:22 - 2018-04-05 02:22 - 000000061 _____ C:\Users\admin\Desktop\cool fonts - sans serif fonts - free commmercial use.txt
2018-04-05 00:20 - 2018-04-05 00:20 - 000000238 _____ C:\Users\admin\Desktop\shopify questions.txt
2018-04-05 00:20 - 2018-04-05 00:20 - 000000079 _____ C:\Users\admin\Desktop\dispensary plugins.txt
2018-04-04 22:42 - 2018-04-04 22:43 - 000002061 _____ C:\Users\admin\Desktop\music genre - jazz and western music - instruments - music.txt
2018-04-04 20:49 - 2018-04-04 20:49 - 000000308 _____ C:\Users\admin\Desktop\mother bleep police.txt
2018-04-04 20:28 - 2018-04-04 20:28 - 000000218 _____ C:\Users\admin\Desktop\house for sale in bank colony srinivasnagar.txt
2018-04-04 18:53 - 2018-04-11 14:18 - 000000000 ____D C:\Users\admin\Desktop\RE-ARRANGE ALL THESE FILES - important 2
2018-04-04 13:07 - 2018-04-04 13:07 - 000000000 ____D C:\Users\admin\Desktop\flats
2018-04-03 20:46 - 2018-04-03 21:29 - 000000000 ____D C:\Users\admin\Downloads\Armin van Buuren - The Best Of Armin Only (Special Edition) - 2017 (320 kbps)
2018-04-03 20:42 - 2018-04-03 20:42 - 000000000 ____D C:\Users\admin\Downloads\MasterClass.Armin.Van.Buuren.Teaches.Dance.Music.TUTORiAL-SYNTHiC4TE
2018-04-01 21:39 - 2018-04-01 21:39 - 000000000 ____D C:\Users\admin\AppData\Local\4kdownload.com
2018-04-01 21:38 - 2018-04-01 21:38 - 000001068 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
2018-04-01 21:38 - 2018-04-01 21:38 - 000000000 ____D C:\Program Files (x86)\4KDownload
2018-04-01 17:16 - 2018-04-01 17:16 - 000000000 ____D C:\Users\admin\AppData\Local\ESET
2018-03-31 23:52 - 2018-03-31 23:52 - 000000000 ____D C:\Users\admin\Downloads\ESET NOD32 Antivirus_Smart Security 8.0.319.1 RePack by KpoJIuK
2018-03-31 23:33 - 2018-03-31 23:33 - 000000000 ____D C:\Users\admin\Downloads\AVGInternetSecurity201717.1.3006x86x64MultilingualLicenseKeys_20180123
2018-03-31 23:29 - 2018-03-31 23:29 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-31 03:29 - 2018-03-31 23:54 - 000000000 ____D C:\Users\admin\Downloads\Padmaavat 2018 720p BrRip x264 - iFT
2018-03-30 13:20 - 2018-03-30 13:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-29 18:58 - 2018-03-29 18:58 - 000000000 ____D C:\Users\admin\.snippingtool++
2018-03-29 18:57 - 2018-03-29 18:57 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-03-29 18:57 - 2018-03-29 18:57 - 000000000 ____D C:\Users\admin\AppData\Roaming\Sun
2018-03-29 18:57 - 2018-03-29 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-29 18:57 - 2018-03-29 18:57 - 000000000 ____D C:\Program Files\Java
2018-03-29 18:55 - 2018-03-29 18:55 - 000000000 ____D C:\ProgramData\Oracle
2018-03-28 20:01 - 2018-03-28 20:01 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-03-28 20:01 - 2018-03-28 20:01 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-03-28 20:01 - 2018-03-28 20:01 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-03-27 11:35 - 2018-03-27 11:35 - 011472372 _____ C:\Users\admin\Downloads\Untitled.psd
2018-03-25 23:00 - 2018-03-25 23:01 - 000001743 _____ C:\Users\admin\Desktop\UX - Amazing musicians - Art.txt
2018-03-25 21:35 - 2018-03-25 21:36 - 006265909 _____ C:\Users\admin\Desktop\interaction-design.org - the-basics-of-ux-design.pdf
2018-03-25 17:00 - 2018-03-25 17:00 - 000000906 _____ C:\Users\Public\Desktop\Call of Duty WWII.lnk
2018-03-25 17:00 - 2018-03-25 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty WWII
2018-03-25 16:52 - 2018-03-25 16:52 - 000000387 _____ C:\Users\admin\Desktop\games links.txt
2018-03-25 14:23 - 2018-03-25 14:23 - 000090708 _____ C:\Users\admin\Desktop\Call_of_Duty_WWII.torrent
2018-03-25 14:18 - 2018-03-25 14:18 - 000015228 _____ C:\Users\admin\Desktop\Call.of.Duty.WWII.PC.torrent
2018-03-25 13:50 - 2018-03-25 13:50 - 000000137 _____ C:\Users\admin\Desktop\videos to watch.txt
2018-03-25 13:37 - 2018-03-25 13:37 - 000000077 _____ C:\Users\admin\Desktop\binaural audio downloads from YouTube.txt
2018-03-25 13:06 - 2018-03-25 13:06 - 919976361 _____ C:\Windows\MEMORY.DMP
2018-03-25 13:06 - 2018-03-25 13:06 - 000277752 _____ C:\Windows\Minidump\032518-31512-01.dmp
2018-03-25 13:05 - 2018-03-25 13:05 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-03-25 12:59 - 2018-03-25 12:59 - 000000000 ____D C:\Users\admin\AppData\Local\RadeonInstaller
2018-03-25 03:24 - 2018-03-25 03:24 - 000000166 _____ C:\Users\admin\Desktop\DOWNLOAD bleep AGAIN.txt
2018-03-21 15:20 - 2018-03-21 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Recording Player
2018-03-16 22:07 - 2018-03-16 22:08 - 000000000 ____D C:\Users\admin\Downloads\ABBYY FineReader v11.0.102.583 OCR Corporate Edition + Crack [ChattChitto RG]
2018-03-14 20:03 - 2018-03-14 20:03 - 366870165 _____ C:\Users\admin\AppData\Local\ACCCx4_4_1_298.zip.aamdownload
2018-03-14 20:03 - 2018-03-14 20:03 - 000004029 _____ C:\Users\admin\AppData\Local\ACCCx4_4_1_298.zip.aamdownload.aamd
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-11 14:19 - 2017-09-02 22:20 - 000012912 _____ C:\Windows\SysWOW64\qengineOff.ini
2018-04-11 14:19 - 2017-09-02 22:20 - 000012912 _____ C:\Windows\system32\qengineOff.ini
2018-04-11 14:18 - 2015-07-16 01:48 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-04-11 14:05 - 2015-12-12 11:43 - 000000000 ____D C:\Users\admin\AppData\Roaming\Copy
2018-04-11 13:18 - 2015-07-16 01:48 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-04-11 13:18 - 2009-07-14 10:15 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-11 13:18 - 2009-07-14 10:15 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-11 13:15 - 2009-07-14 10:43 - 000787438 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-11 13:15 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2018-04-11 13:14 - 2015-07-16 01:54 - 000000000 ____D C:\Program Files (x86)\Opera
2018-04-11 13:12 - 2016-11-19 10:57 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2018-04-11 13:11 - 2017-03-31 11:49 - 000000432 _____ C:\Windows\Tasks\AVG-SSU_0317tb_DELETE.job
2018-04-11 13:11 - 2017-03-31 11:34 - 000000570 _____ C:\Windows\Tasks\AVG-SSU_0317tb.job
2018-04-11 13:11 - 2016-11-16 10:40 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-04-11 13:11 - 2016-06-14 12:47 - 000000000 ____D C:\Users\admin\AppData\Roaming\Raptr
2018-04-11 13:09 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-11 04:01 - 2015-07-14 11:32 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-04-10 23:42 - 2013-10-03 14:31 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C711035-DCC3-4341-BF02-3175187079E5}
2018-04-10 20:26 - 2018-02-14 00:52 - 000001807 _____ C:\Users\admin\Desktop\YouTube channels.txt
2018-04-10 19:11 - 2015-07-16 00:50 - 000000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2018-04-10 19:04 - 2015-07-19 15:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-10 18:15 - 2017-10-25 00:18 - 000000000 ____D C:\Program Files (x86)\Mafia III
2018-04-10 18:14 - 2017-04-20 10:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-10 18:14 - 2017-03-28 20:13 - 000000000 ____D C:\Users\admin\AppData\Local\c77a23c
2018-04-10 18:12 - 2013-10-03 14:23 - 000000000 ____D C:\Users\admin
2018-04-10 17:23 - 2013-10-03 14:45 - 000001180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-04-10 16:41 - 2015-07-16 01:55 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2018-04-10 16:41 - 2013-10-03 14:40 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-10 16:41 - 2013-10-03 14:23 - 000001302 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-04-10 16:38 - 2009-07-14 08:50 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-04-10 16:34 - 2013-10-03 14:36 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-10 16:30 - 2015-07-15 11:05 - 000000000 ____D C:\Users\admin\AppData\Roaming\FileZilla
2018-04-10 13:00 - 2015-08-26 23:22 - 000000000 ___RD C:\Users\admin\Dropbox
2018-04-09 23:15 - 2016-10-01 22:51 - 000000000 ____D C:\Users\admin\Documents\Simple Sticky Notes
2018-04-09 14:26 - 2016-05-16 15:14 - 000000000 ____D C:\Users\admin\AppData\LocalLow\WebEx
2018-04-09 14:02 - 2013-10-03 14:46 - 000000000 ____D C:\Users\admin\AppData\Roaming\Adobe
2018-04-09 12:49 - 2013-10-03 14:40 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-08 22:27 - 2016-10-28 15:49 - 000003420 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2018-04-06 18:41 - 2016-05-31 04:40 - 001197448 ____H C:\Windows\system32\mlfcache.dat
2018-04-06 16:57 - 2015-07-15 10:55 - 000000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2018-04-06 16:49 - 2015-07-16 00:19 - 000000000 ____D C:\Users\admin\Documents\Adobe
2018-04-06 16:49 - 2015-07-16 00:17 - 000000000 ____D C:\Program Files\Adobe
2018-04-06 16:49 - 2013-10-03 14:42 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-04-06 16:48 - 2015-07-14 11:12 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-06 16:48 - 2013-10-03 14:41 - 000000000 ____D C:\ProgramData\Adobe
2018-04-06 02:01 - 2015-07-15 11:05 - 000002108 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2018-04-06 02:01 - 2015-07-15 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-04-06 02:01 - 2015-07-15 11:05 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2018-04-05 14:06 - 2009-07-14 10:15 - 008575304 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-05 02:21 - 2013-10-03 14:26 - 000836056 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-05 00:20 - 2015-07-16 00:40 - 000000034 _____ C:\Users\admin\AppData\Roaming\AdobeWLCMCache.dat
2018-04-04 01:30 - 2013-10-03 14:44 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc
2018-04-03 21:56 - 2015-11-23 11:51 - 000000000 ____D C:\Users\admin\AppData\Roaming\PrimoPDF
2018-04-03 12:45 - 2016-02-09 12:51 - 000000000 ___SD C:\Users\admin\AppData\LocalLow\Temp
2018-04-02 16:46 - 2015-08-14 17:41 - 000001456 _____ C:\Users\admin\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-04-02 16:19 - 2014-12-12 19:51 - 000000000 ____D C:\Users\admin\AppData\Local\Kingsoft
2018-04-02 16:19 - 2014-05-03 00:54 - 000000000 ____D C:\ProgramData\Kingsoft
2018-04-02 16:19 - 2014-05-03 00:53 - 000000000 ____D C:\Users\admin\AppData\Roaming\Kingsoft
2018-04-01 00:19 - 2015-10-11 01:38 - 000003465 ___SH C:\Windows\SysWOW64\win_stlthdb_sys.dat
2018-04-01 00:19 - 2015-10-11 01:38 - 000003465 ___SH C:\Users\admin\AppData\Local\win_stlthdb_sys.dat
2018-04-01 00:19 - 2015-10-11 01:38 - 000002568 ___SH C:\ProgramData\win_mpwd_sys.dat
2018-04-01 00:19 - 2015-10-11 01:38 - 000000700 ___SH C:\Users\admin\AppData\Local\systemFL7.dat
2018-03-31 23:57 - 2015-12-11 21:56 - 000000000 ____D C:\Users\admin\AppData\Roaming\AVG
2018-03-31 23:57 - 2015-12-11 21:52 - 000000000 ____D C:\ProgramData\Avg
2018-03-31 23:57 - 2015-07-28 23:49 - 000000000 ____D C:\Users\admin\AppData\Local\Avg
2018-03-31 23:57 - 2014-12-12 20:00 - 000000000 ____D C:\Program Files (x86)\AVG
2018-03-31 23:30 - 2013-10-03 14:51 - 000000000 ____D C:\Users\admin\AppData\Local\Adobe
2018-03-31 23:29 - 2013-10-03 14:40 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-31 23:29 - 2013-10-03 14:40 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-31 23:29 - 2013-10-03 14:40 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-31 23:11 - 2017-09-26 23:38 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-03-31 16:29 - 2017-11-14 15:03 - 000000000 ____D C:\Users\admin\Desktop\RE-ARRANGE ALL THESE FILES
2018-03-31 11:47 - 2015-07-16 01:48 - 000000000 ____D C:\Users\admin\AppData\Local\Dropbox
2018-03-30 13:20 - 2015-07-16 01:48 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-03-29 12:17 - 2013-10-03 14:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-28 23:53 - 2015-07-16 00:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2018-03-28 20:01 - 2017-10-03 15:51 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-03-26 02:26 - 2016-10-25 21:40 - 000000000 ____D C:\Users\admin\AppData\LocalLow\AMD
2018-03-25 20:19 - 2017-10-05 14:49 - 000000000 ____D C:\Users\admin\Desktop\Kartika - Syncroshakthi
2018-03-25 13:08 - 2016-06-14 12:50 - 000000000 ____D C:\Users\admin\AppData\Local\AMD
2018-03-25 13:06 - 2015-07-14 12:21 - 000000000 ____D C:\Windows\Minidump
2018-03-25 13:05 - 2016-06-14 12:47 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-03-25 02:32 - 2018-02-15 23:57 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-03-25 02:17 - 2014-12-12 20:14 - 000000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2018-03-25 02:17 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\system32\NDF
2018-03-25 01:57 - 2015-07-15 12:12 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2018-03-25 01:57 - 2014-05-03 00:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-25 01:56 - 2009-07-14 11:02 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-03-24 23:36 - 2013-10-03 14:44 - 000000000 ____D C:\Program Files (x86)\The KMPlayer
2018-03-23 22:28 - 2017-12-28 15:53 - 000000000 ____D C:\Users\admin\Desktop\remix contest
2018-03-23 19:13 - 2018-02-24 01:15 - 000000000 ____D C:\Users\admin\Desktop\DESIGN STRATEGY
2018-03-21 15:20 - 2016-05-16 15:14 - 000000000 ____D C:\ProgramData\WebEx
2018-03-21 15:20 - 2009-07-14 11:02 - 000000000 ____D C:\Windows\Downloaded Program Files
2018-03-21 12:13 - 2018-02-07 09:19 - 000001321 _____ C:\Users\Public\Desktop\Skype.lnk
2018-03-21 12:13 - 2018-01-09 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-03-15 12:31 - 2016-06-08 18:57 - 000000000 ____D C:\Program Files\7-Zip
2018-03-13 23:29 - 2016-02-11 16:05 - 001810120 _____ C:\Users\admin\Desktop\AnyDesk.exe
 
==================== Files in the root of some directories =======
 
2015-10-11 01:38 - 2018-04-01 00:19 - 000002568 ___SH () C:\ProgramData\win_mpwd_sys.dat
2014-05-03 00:50 - 2009-06-25 21:56 - 000488392 _____ (Softtouch Software Design) C:\Program Files (x86)\Hidden Files Scanner.exe
2014-05-03 00:50 - 2012-01-02 02:21 - 001647000 _____ (IObit) C:\Program Files (x86)\iobit-uninstaller.exe
2015-07-16 00:40 - 2018-04-05 00:20 - 000000034 _____ () C:\Users\admin\AppData\Roaming\AdobeWLCMCache.dat
2016-05-08 03:43 - 2016-05-08 03:43 - 000000112 _____ () C:\Users\admin\AppData\Roaming\JP2K CS6 Prefs
2016-04-29 20:07 - 2016-04-29 21:00 - 000000009 _____ () C:\Users\admin\AppData\Roaming\update.dat
2017-07-29 23:36 - 2017-07-29 23:36 - 000000009 ___SH () C:\Users\admin\AppData\Roaming\windata.xpd
2016-06-09 22:03 - 2016-06-09 22:03 - 266040255 _____ () C:\Users\admin\AppData\Local\ACCCx3_6_0_248.zip.aamdownload
2016-06-09 22:03 - 2016-06-09 22:03 - 000003014 _____ () C:\Users\admin\AppData\Local\ACCCx3_6_0_248.zip.aamdownload.aamd
2018-03-14 20:03 - 2018-03-14 20:03 - 366870165 _____ () C:\Users\admin\AppData\Local\ACCCx4_4_1_298.zip.aamdownload
2018-03-14 20:03 - 2018-03-14 20:03 - 000004029 _____ () C:\Users\admin\AppData\Local\ACCCx4_4_1_298.zip.aamdownload.aamd
2015-08-14 17:41 - 2018-04-02 16:46 - 000001456 _____ () C:\Users\admin\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-14 23:26 - 2017-12-13 14:38 - 000000278 _____ () C:\Users\admin\AppData\Local\HackLogs.dat
2018-04-10 16:38 - 2018-04-10 16:38 - 000140800 _____ () C:\Users\admin\AppData\Local\installer.dat
2015-11-27 05:16 - 2017-04-11 05:05 - 000000600 _____ () C:\Users\admin\AppData\Local\PUTTY.RND
2015-07-19 16:26 - 2015-07-19 16:26 - 000000218 _____ () C:\Users\admin\AppData\Local\recently-used.xbel
2018-03-09 16:05 - 2018-03-09 16:05 - 000007605 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2018-04-10 16:38 - 2018-04-10 16:52 - 000929792 _____ () C:\Users\admin\AppData\Local\sham.db
2015-10-11 01:38 - 2018-04-01 00:19 - 000000700 ___SH () C:\Users\admin\AppData\Local\systemFL7.dat
2017-04-18 12:47 - 2017-04-18 17:53 - 000000192 _____ () C:\Users\admin\AppData\Local\uts.ini
2015-10-11 01:38 - 2018-01-18 00:42 - 000003292 ___SH () C:\Users\admin\AppData\Local\win_fldb_sys.dat
2015-10-11 01:38 - 2018-04-01 00:19 - 000003465 ___SH () C:\Users\admin\AppData\Local\win_stlthdb_sys.dat
2015-07-25 11:46 - 2015-07-25 11:46 - 000000000 _____ () C:\Users\admin\AppData\Local\{2F5AD524-8915-4066-86B8-FFA0324509E5}
2016-10-26 01:52 - 2016-10-26 01:52 - 000000000 _____ () C:\Users\admin\AppData\Local\{4D7498BE-0D4D-42E8-8795-BD38719C6AFD}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-09 17:44
 
==================== End of FRST.txt ============================
 
 
Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by admin (11-04-2018 14:19:08)
Running from C:\Users\admin\Desktop\New folder (2)
Windows 7 Professional Service Pack 1 (X64) (2013-10-03 08:53:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-3425645261-2527552339-4145300971-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3425645261-2527552339-4145300971-500 - Administrator - Disabled)
Guest (S-1-5-21-3425645261-2527552339-4145300971-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )
µTorrent (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version:  - Microsoft) Hidden
4K Video Downloader 4.4 (HKLM-x32\...\{17CEAB50-0275-4D5E-9C11-CF2963C59FA1}) (Version: 4.4.6.2295 - Open Media LLC)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
ABBYY FineReader 11 Corporate Edition (HKLM-x32\...\{F1100000-0010-0000-0000-074957833700}) (Version: 11.0.460 - ABBYY)
Ableton Live 9 Lite (HKLM\...\{9130C3A8-3BEA-4A24-88F9-50EFB036F999}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB9}) (Version: 12.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_1) (Version: 19.1.1 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{FD8FD2BD-A82D-C528-EDA0-A6635F47C19C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.)
Ample Bass P Lite II version 2.3.1 (HKLM-x32\...\{26ACA0DD-7C66-40D7-B992-CC27CA024F2A}_is1) (Version: 2.3.1 - Ample Sound Technology Co., Ltd.)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 6.2.0.0 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Ares (HKLM-x32\...\Ares) (Version: 2.4.6-Build#3072 - AresGalaxy)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.3.16 - ASUS)
Bass Station 2.1 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.1 - Novation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Business-in-a-Box 2016 (HKLM-x32\...\Business-in-a-Box 2016) (Version: 7.1.4 - Biztree Inc.)
Call of Duty: WWII - Digital Deluxe Edition (HKLM-x32\...\Call of Duty: WWII - Digital Deluxe Edition_is1) (Version:  - )
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
Capture NX-D (HKLM\...\{794529D3-D489-4CF2-B2ED-CF241809E5EC}) (Version: 1.4.3 - Nikon Corporation)
Catalyst Control Center Next Localization BR (HKLM\...\{0898F764-D48A-DE16-BEE6-3D003B701FFD}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{FDADC57D-5D12-1669-E15E-07C9D55DDD78}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{60DA95E6-3B1C-811E-9356-BD8ECE030749}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{07FC7436-E7B5-2646-BA48-32D7E9A8C666}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{E04C7D42-CAA0-CCAF-5916-E0C49E129BE2}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D9929D54-2DA6-34B9-D9B8-3AA168A12E56}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{A621A41A-BDA2-8E01-B073-394C3EEF28BF}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{581A480E-F28E-5153-8B41-F77EFBA3AD34}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{2FFD48A8-D2E9-C256-4C04-82472D531802}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{40B17B27-AE12-072A-5041-4835EA7D8530}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{3E293710-1410-87AF-B5E4-5AD5D6E3362C}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{AA758256-BAB5-5FC0-954C-DA2C953D2786}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{433E7A26-1C27-1FBB-A2A8-347D4833B34E}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07B5AB95-77AD-AC26-496B-722066229B87}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3FFB59B6-520F-37D8-DC0A-61FBC1C74DFC}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{9141FD82-4253-9CA6-1A73-31F2A2FFB0A4}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{ED18DB34-7C6F-2B5C-32DB-1E2762E432C5}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{6D08D442-48EC-FC20-A2B5-1FA8E88AD9E7}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{49691258-4A4D-F4C5-4C0C-C21860490650}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{10E9C0F4-AA89-7426-54C2-4F53DE895682}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{2522CA6D-EF72-C63C-D2B9-CDC55F01E7B1}) (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
CGS17_Setup_x64 (HKLM\...\{A6B7D078-EDC4-4D8A-BD3D-CB2B11440219}) (Version: 17.6 - Corel Corporation) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Cold Turkey (HKLM-x32\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 2.1.3 - Cold Turkey)
Color Wheel Pro 2.0 (HKLM-x32\...\Color Wheel Pro_is1) (Version:  - QSX Software Group)
Convert EPUB to PDF 6.6.0 (HKLM-x32\...\{C860AFE7-2A99-4AF6-AB03-116EFC14AD30}) (Version: 6.6.0 - EPUB Converter)
Copy (HKLM\...\{580C53DC-DBA8-457B-8766-34C60F754BBD}) (Version: 3.2.1.481 - Barracuda Networks, Inc.)
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{3B4AE1A9-C026-4D08-8004-DA9A85A411A4}) (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - BR (x64) (HKLM\...\{FC41DFBE-6C39-4C84-949B-7CB1E6460C7A}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (HKLM\...\{2C91CB9D-323D-43E5-A433-229B71CFB773}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (HKLM\...\{9178F0A8-B6F6-4DA7-AD63-317CC4875F4B}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (HKLM\...\{BD036E95-A9CD-4DED-B744-95AB1DCAFF0C}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - CS (x64) (HKLM\...\{FA987EBD-79D8-4A2C-8018-4095AD215D3C}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - CT (x64) (HKLM\...\{1F83F9CC-9CAC-4612-859D-891654C9DC0F}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (HKLM\...\{5162E418-BB43-4C8F-ACD6-069645EF98C3}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - CZ (x64) (HKLM\...\{DCCD0EF6-DFCF-4D31-B71D-2AAC24C6AB16}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - DE (x64) (HKLM\...\{8EA70EAF-41AB-491C-A163-9BA1ADA004EB}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (HKLM\...\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (HKLM\...\{3BB8EB77-737B-4B32-BAB9-08C7110C46BD}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - ES (x64) (HKLM\...\{65168D5C-A6DD-4C1B-BF5C-860A39CDD05E}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (HKLM\...\{D10A5CFA-FE33-4F06-AE37-554604F00A52}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (HKLM\...\{5406029B-67AD-4F8E-9F2D-F1959CD9CD86}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FR (x64) (HKLM\...\{FC9BCB82-55E3-4328-868F-B19112B07B93}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IT (x64) (HKLM\...\{811C0940-9502-4A27-A9C5-A9A7ED853BD9}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - JP (x64) (HKLM\...\{5025968D-10D4-44B2-A31C-42E020CDE399}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - NL (x64) (HKLM\...\{6533647D-136C-43B8-8966-712EF27F5CEE}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (HKLM\...\{C922F325-DD52-4E22-B204-431A06E63E51}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (HKLM\...\{1A73168F-5983-46A6-AAAB-FD83BC231E02}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PL (x64) (HKLM\...\{2EF3A93A-569E-4FD7-A5DF-64AF588B4FBA}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (HKLM\...\{C57EDB5A-AC8E-4E03-9F1A-DC013A2BB9B2}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - RU (x64) (HKLM\...\{8C196158-5F89-4C88-AA33-2D57D67AA5D7}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (HKLM\...\{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (HKLM\...\{5672E0DC-7489-4EAC-8CFD-E01B3868FCB5}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (HKLM\...\{966996DC-D67C-40E3-8BD4-31FA0F093571}) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.6 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.6.0.1021 - Corel Corporation)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
CVPiano-Modeled (HKLM-x32\...\CVPiano-Modeled) (Version:  - )
Dee2 (remove only) (HKLM-x32\...\Dee2) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 46.4.65 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - )
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVEREST Ultimate Edition v5.01 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.01 - Lavalys, Inc.)
FabFilter Total Bundle (HKLM\...\Total Bundle_is1) (Version: 2017.12.05 - FabFilter)
FileZilla Client 3.32.0 (HKLM-x32\...\FileZilla Client) (Version: 3.32.0 - Tim Kosse)
Filter Forge 4.008 (HKLM-x32\...\Filter Forge 4_is1) (Version:  - Filter Forge, Inc.)
Find my Font (Free) (HKLM-x32\...\Find my Font (Free)) (Version: 3.3.14 - Softonium Developments)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FlacSquisher 1.3.7 (HKLM-x32\...\FlacSquisher) (Version: 1.3.7 - FlacSquisher)
Folder Lock (HKLM-x32\...\Folder Lock) (Version:  - New Softwares.net)
FonePaw Android Data Recovery 1.3.0 (HKLM-x32\...\{10E7BD57-C5FE-484f-A3F2-A1755286C0A7}_is1) (Version: 1.3.0 - FonePaw)
FortiClient SSLVPN v4.0.2303 (HKLM-x32\...\{A34DCE59-0004-0000-2303-3F8A9926B752}) (Version: 4.0.2303 - Fortinet Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Free MP4 To MP3 Converter (HKLM-x32\...\{8CD154FF-D5CC-4960-A483-90C556620658}) (Version: 2.0.0 - Free MP4 To MP3 Converter)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
glimpses (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\glimpses) (Version: 0.3.24.1035 - glimpses)
GnuCash 2.6.7 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth (HKLM-x32\...\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}) (Version: 4.2.198.2451 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8301}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
High-Definition Video Playback (HKLM-x32\...\{9193490D-5229-4FC4-9BB9-A6D63C09574A}) (Version: 11.1.10400.2.65 - Nero AG) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
IETester v0.5.4 (remove only) (HKLM-x32\...\IETester) (Version: 0.5.4 - Core Services)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.4.65 - Intel Corporation)
Intel® CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 162 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
join.me (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\JoinMe) (Version: 2.13.0.1917 - LogMeIn, Inc.)
join.me.launcher (HKLM-x32\...\{910ECE43-4D0D-4FAB-BE1F-6992F0495624}) (Version: 1.0.624.0 - LogMeIn, Inc.) Hidden
Kingo ROOT version 1.5.1.3006 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.5.1.3006 - Kingosoft Technology Ltd.)
K-Lite Mega Codec Pack 11.2.8 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.8 - )
KORG Legacy Collection - MS-20 (HKLM\...\{D9163B30-035A-45E8-A7FB-FC3D700DA159}) (Version: 1.3.0 - KORG Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Mafia III (HKLM-x32\...\Mafia III_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Make Your Words Sell! (HKLM-x32\...\MYWSuninstall) (Version:  - )
Max 7 (64-bit) (HKLM\...\{23261731-0D66-4BDF-8221-D388AC2863FB}) (Version: 7.3.4 - Cycling '74)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Melodics version 1.0.2032.0 (HKLM\...\Melodics_is1) (Version: 1.0.2032.0 - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version:  - MixMeister Technology LLC)
MobiKin Doctor for Android (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\MobiKin Doctor for Android) (Version: 1.1.0.39 - MobiKin)
Mobirise (HKLM-x32\...\Mobirise_is1) (Version:  - Mobirise.com)
Mobirise4 (HKLM-x32\...\Mobirise4_is1) (Version:  - Mobirise.com)
Motifmate version 1.0.1 (HKLM-x32\...\{C23D9323-077D-44FB-96F1-B80B7E8AD3C1}_is1) (Version: 1.0.1 - Hidayat Sagita)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 en-US)) (Version: 45.8.0 - Mozilla)
mysms version 2.1.1 (HKLM-x32\...\{48F31003-B5A3-4E17-917A-5DDFF60B9FA2}_is1) (Version: 2.1.1 - Up to Eleven Digital Solutions GmbH)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.1.177 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.9.132 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.7.0.797 - Native Instruments)
Nero 11 (HKLM-x32\...\{F021D637-BBDA-486B-96F0-225B62596C3B}) (Version: 11.0.11000 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
Network Recording Player (HKLM-x32\...\{CF0ADA34-2FFE-4798-A5FB-7374642CC3DC}) (Version: 31.20.2.18 - Cisco WebEx LLC)
NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version:  - Softperfect)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.3.0 - Nikon Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
Noun Project version 1.0 (HKLM-x32\...\645D82A9-AA15-40F4-8436-8B311D62480E_is1) (Version: 1.0 - Noun Project)
Novation USB Audio Driver 2.7 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.7 - Novation DMS Ltd.)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PCDJ DEX 3  (HKLM-x32\...\PCDJdex3_is1) (Version:  - PCDJ)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.2.2 - Nikon Corporation)
Pingendo (HKLM-x32\...\Pingendo 4) (Version: 2.0 - Pingendo)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
PrimoPDF -- by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)
PSD Repair Kit 2.1 (HKLM-x32\...\PSD Repair Kit_is1) (Version:  - Recovery Toolbox, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Qustodio (HKLM-x32\...\{3BE72491-5A26-4935-9500-4EADA48A4068}) (Version: 180.29.895.0 - Qustodio Technologies) Hidden
Qustodio (HKLM-x32\...\Qustodio) (Version: 180.29.895.0 - Qustodio)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.11-r125663-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.0.34 - Red Giant, LLC)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
R-Studio 7.2 (HKLM-x32\...\R-Studio 7.2NSIS) (Version: 7.2.155105 - R-Tools Technology Inc.)
Ruby 2.2.5-p319-x64 (HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\{A98E44F8-6401-400F-830E-B1A2919C22BD}_is1) (Version: 2.2.5-p319 - RubyInstaller Team)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Simple Sticky Notes 3.5 (HKLM-x32\...\Simple Sticky Notes_is1) (Version:  - Simnet Ltd.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.18 (HKLM-x32\...\Skype_is1) (Version: 8.18 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.17.201512161456 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
STCServ (HKLM\...\{A954D353-9DAF-4916-8E71-F1E959EBCD1E}) (Version: 3.0.0.1783 - Intel Corporation) Hidden
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1258 - SUPERAntiSpyware.com)
Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version:  - )
Syncrosoft License Control (HKLM-x32\...\Syncrosoft License Control) (Version:  - SIA Syncrosoft)
Synthesia (HKLM-x32\...\Synthesia) (Version: 10.3 - Synthesia LLC)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.76421 - TeamViewer)
TempoPerfect Metronome Software (HKLM-x32\...\TempoPerfect) (Version: 4.08 - NCH Software)
Tencent QQ (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.75.2548.0 - Tencent Technology (Shenzhen) Company Limited)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
TopStyle (Version 3) (HKLM-x32\...\TopStyle (Version 3)) (Version: 3.1.0 - Bradbury Software, LLC)
Trapcode Suite v12.1.6 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.6 - Red Giant, LLC)
TruePianos 1.9.5 40-day Test Version (HKLM\...\TruePianos 40-day Test Version_is1) (Version:  - 4Front Technologies)
Virtual MIDI Piano Keyboard (HKLM-x32\...\Virtual MIDI Piano Keyboard) (Version: 0.6.2 - VMPK)
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
V-Station 2.3 (HKLM-x32\...\{842C6AFC-7856-4fd9-99AF-8900554ACAA2}_is1) (Version: 2.3 - Novation)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-2) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-2) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{9ac678f8-9535-4e78-9706-4b969f03d0ba}) (Version: 2.0.1025.2130 - Lavasoft)
welcome (HKLM-x32\...\{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}) (Version: 11.0.21500.0.4 - Nero AG) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - ASUS Tek. Corporation (ATP) Mouse  (07/27/2015 7.0.0.7) (HKLM\...\A877FD5856151D202B724718A4F58CF0089A558C) (Version: 07/27/2015 7.0.0.7 - ASUS Tek. Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windscribe version 1.61 build 9 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.61 build 9 - Windscribe)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 11.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}) (Version: 11.1.7466 - WinZip Computing, S.L. )
Wondershare Dr.Fone for Android(Build 5.6.3.27) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 5.6.3.27 - Wondershare Software Co.,Ltd.)
WordPress.com (HKLM-x32\...\WordPress.com) (Version:  - Automattic, Inc.)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.4.2012.1 - URSoft, Inc.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000_Classes\CLSID\{12259DCB-7652-BA42-4A4A-FB36C150F6A0}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-02-08] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-16] ()
ContextMenuHandlers1: [CopyShExt] -> {D8CAB8C2-9E58-471C-BD75-2ED1BA091CE8} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers1: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2012-01-19] (ABBYY.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2014-09-11] (Foxit Software Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers4-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-03-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [CopyShExt] -> {D8CAB8C2-9E58-471C-BD75-2ED1BA091CE8} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-09-17] (Intel Corporation)
ContextMenuHandlers5: [Run] -> {2559A1F3−21D7−11D4−BDAF−00C04F60B9F0} =>  -> No File
ContextMenuHandlers5: [Search] -> {2559A1F0−21D7−11D4−BDAF−00C04F60B9F0} =>  -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [CopyShExt] -> {D8CAB8C2-9E58-471C-BD75-2ED1BA091CE8} => C:\Users\admin\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-12-12] (Barracuda Networks, Inc.)
ContextMenuHandlers6: [FineReader11ContextMenu] -> {79E48320-C6B5-49F1-992B-571D53586885} => C:\Program Files (x86)\ABBYY FineReader 11\FRIntegration.x64.dll [2012-01-19] (ABBYY.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\WZSHLS64.DLL [2007-04-11] (WinZip Computing LP)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02840A8A-091F-43AA-9EE8-6F22D2AC5561} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {0B8F53E8-0BD3-4E03-BC1B-C363C31C5872} - System32\Tasks\AdobeGCInvoker-1.0-admin-PC-admin => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {0DD0D783-A829-4A76-8E41-62EDD7BD7488} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {1EF0DD7A-D7AC-46B5-8343-FAD337D59118} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {2984C8DB-4658-45F9-9DB7-CFD00BFE4437} - System32\Tasks\{68AB93FC-B0D3-44E2-9018-1D061AF7E310} => C:\Windows\system32\pcalua.exe -a "C:\Users\admin\Desktop\bluetooth soft\sp69896.exe" -d "C:\Users\admin\Desktop\bluetooth soft"
Task: {3540BB2D-25DC-42B5-824B-169808F293FA} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3425645261-2527552339-4145300971-1000 => C:\ProgramData\MEGAsync\MEGAupdater.exe [2017-10-19] (Mega Limited)
Task: {36656FF4-D9E1-42B3-9726-D126792AF577} - System32\Tasks\Microsoft\Windows\Multimedia\ReportSender => C:\Users\admin\ReportSender\ReportSender.exe
Task: {38CB3EC4-29E3-4ECE-937D-F734E894C5D1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-18] (Adobe Systems Incorporated)
Task: {4120B6CA-8F1B-4B45-898E-88DB55ED0E1E} - System32\Tasks\AVG-SSU_0317tb_DELETE => C:\ProgramData\Avg_Update_0317tb\AVG-Secure-Search-Update_0317tb.exe
Task: {4564EF68-7DF7-4BD5-B180-DE60D44F5F95} - System32\Tasks\{822DD3BB-AF44-46F7-801B-AAB2F89C8299} => C:\Windows\system32\pcalua.exe -a "C:\Users\admin\Downloads\Password Recovery Bundle 2016\Password Recovery Bundle 2016.exe" -d "C:\Users\admin\Downloads\Password Recovery Bundle 2016"
Task: {48E9331C-5591-425F-9E21-7D0BC00C77F7} - System32\Tasks\SUPERAntiSpyware Scheduled Task cabfd5d0-c272-4a5f-b363-096e0061cee7 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {5569606F-082D-4784-BE42-7CE4BBFD48AB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {581E3700-3422-4AF1-9012-B15B386F02B6} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2018-01-10] (Apple Inc.)
Task: {6182BDD4-03C1-4207-983F-8051355634F0} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.)
Task: {72C7A881-6934-4F01-82E7-601251A9663F} - System32\Tasks\CTServiceInstaller => C:\Program Files (x86)\Cold Turkey\\CTServiceInstaller.exe [2016-04-07] (Felix Belzile)
Task: {86F72633-286E-486A-9AF5-BE8D234A91B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {8A74C4F0-0CE5-40E4-9315-9F42D4417795} - System32\Tasks\SUPERAntiSpyware Scheduled Task 57b62546-097e-45dc-9fcb-465e7bb6bd7c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-08] (SUPERAdBlocker.com)
Task: {8B4166BB-5396-4C6B-A162-FA8B1C8FEBA3} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2016-09-22] (AsusTek)
Task: {8D5C7AA7-0D3A-499F-9B46-B012E3BE530C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {937E1FF6-2B02-403F-ADB3-D8C27CAF0B91} - System32\Tasks\Opera scheduled Autoupdate 1436991915 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {B2B79B6D-CC47-4BD6-A6F4-B99E9628A779} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel® Corporation)
Task: {C1FE43C5-85B7-4B10-A038-8F403FF9E932} - System32\Tasks\AVG-SSU_0317tb => C:\ProgramData\Avg_Update_0317tb\AVG-Secure-Search-Update_0317tb.exe
Task: {E035CA81-A42C-4146-846B-0F3CC697CA9F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-31] (Adobe Systems Incorporated)
Task: {EA223253-F33E-4C19-9479-D80AAA69E445} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F5684CF2-9853-4E68-9845-2CEE01990AA5} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {FAC02C86-317C-4638-A899-979B62784B1E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {FE6E7C7B-34B8-4099-BC56-837A08328E84} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2014-09-05] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AVG-SSU_0317tb.job => C:\ProgramData\Avg_Update_0317tb\AVG-Secure-Search-Update_0317tb.exe
Task: C:\Windows\Tasks\AVG-SSU_0317tb_DELETE.job => C:\ProgramData\Avg_Update_0317tb\AVG-Secure-Search-Update_0317tb.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 57b62546-097e-45dc-9fcb-465e7bb6bd7c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task cabfd5d0-c272-4a5f-b363-096e0061cee7.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\admin\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.2.5-p319-x64\Interactive Ruby.lnk -> C:\Ruby22-x64\bin\irb.bat ()
 
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.2.5-p319-x64\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby22-x64\bin\setrbvars.bat
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-10-03 14:50 - 2012-10-04 19:49 - 000087152 _____ () C:\Windows\System32\cpwmon64.dll
2014-05-03 00:49 - 2009-07-31 07:28 - 000090624 _____ () C:\Windows\System32\Primomonnt.dll
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-04-18 12:47 - 2017-03-27 11:32 - 000017384 _____ () C:\Users\admin\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
2016-04-29 20:38 - 2017-01-25 22:01 - 000066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-03-13 14:14 - 2016-12-08 01:15 - 000053352 _____ () C:\Program Files (x86)\Windscribe\WindscribeService.exe
2018-04-03 12:00 - 2018-04-03 12:00 - 000076456 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2017-10-19 03:21 - 2017-10-19 03:21 - 000598528 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2016-10-23 23:12 - 2016-09-19 12:09 - 000813056 _____ () C:\Program Files\NetWorx\sqlite.dll
2015-03-16 12:58 - 2015-03-16 12:58 - 000127200 _____ () C:\Program Files\Intel\ConnectCenter\bin\Interop.STCServLib.dll
2016-05-29 12:42 - 2014-03-02 22:35 - 000075776 _____ () C:\Program Files (x86)\Cold Turkey\PcapDotNet.Core.dll
2015-12-18 18:59 - 2015-12-18 18:59 - 000705024 _____ () C:\Program Files (x86)\Qustodio\qapp\libGLESv2.dll
2015-12-18 18:59 - 2015-12-18 18:59 - 000043008 _____ () C:\Program Files (x86)\Qustodio\qapp\libEGL.dll
2015-12-18 18:59 - 2015-12-18 18:59 - 000864768 _____ () C:\Program Files (x86)\Qustodio\qapp\platforms\qwindows.dll
2015-12-18 18:59 - 2015-12-18 18:59 - 000024576 _____ () C:\Program Files (x86)\Qustodio\qapp\imageformats\qgif.dll
2015-12-18 18:59 - 2015-12-18 18:59 - 000021504 _____ () C:\Program Files (x86)\Qustodio\qapp\imageformats\qico.dll
2015-12-18 18:59 - 2015-12-18 18:59 - 000242688 _____ () C:\Program Files (x86)\Qustodio\qapp\imageformats\qjpeg.dll
2017-10-19 03:28 - 2017-10-19 03:28 - 000570368 _____ () C:\ProgramData\MEGAsync\ShellExtX32.dll
2015-05-08 07:07 - 2015-05-08 07:07 - 000087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 005812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2017-05-05 00:31 - 2017-05-05 00:31 - 000067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 001662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2015-05-08 07:08 - 2015-05-08 07:08 - 000110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2015-05-08 07:07 - 2015-05-08 07:07 - 000010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2015-05-08 07:19 - 2015-05-08 07:19 - 000417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2015-05-08 07:09 - 2015-05-08 07:09 - 000167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2015-05-08 07:09 - 2015-05-08 07:09 - 000313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-11-14 03:29 - 2015-11-14 03:29 - 000113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-11-14 03:29 - 2015-11-14 03:29 - 002396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2015-05-08 07:07 - 2015-05-08 07:07 - 000583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2015-05-08 07:07 - 2015-05-08 07:07 - 000324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd
2015-11-14 03:28 - 2015-11-14 03:28 - 000271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2015-05-08 07:09 - 2015-05-08 07:09 - 000141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2017-05-04 23:03 - 2017-05-04 23:03 - 002717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2015-05-08 07:19 - 2015-05-08 07:19 - 001213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2015-05-08 07:25 - 2015-05-08 07:25 - 000055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 001183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 001306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 001640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 001053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2015-05-08 07:19 - 2015-05-08 07:19 - 000474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2018-01-09 22:30 - 2018-03-16 15:19 - 001782904 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-03-21 12:13 - 2018-03-16 15:19 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-01-09 22:30 - 2018-03-16 15:19 - 002559608 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-01-09 22:30 - 2018-03-16 15:19 - 000031864 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-03-21 12:13 - 2018-03-16 15:19 - 000216520 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-03-21 12:13 - 2018-03-16 15:19 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-03-21 12:13 - 2018-03-16 15:19 - 000138688 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-03-21 12:13 - 2018-03-16 15:19 - 002213320 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\Users\admin\AppData\Local\CW8MKdOz3eydkEX:A4VMR1bqMZky8uETs6ODdus [2630]
AlternateDataStreams: C:\ProgramData\Microsoft:mTcPzRjTPWDZYLSQyfTA3D [2718]
AlternateDataStreams: C:\ProgramData\Microsoft:vHezHRZxxwHTn3Tbuctt8zz [2420]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [163]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [308]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\qengine => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2018-04-10 16:38 - 000001348 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 125.22.47.125 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Slack.lnk => C:\Windows\pss\Slack.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AirBackupHelper => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: BIBLauncher => C:\Program Files (x86)\Business-in-a-Box 2016\BIBLauncher.exe
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Chromium => c:\users\admin\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
MSCONFIG\startupreg: Copy => "C:\Users\admin\AppData\Roaming\Copy\CopyAgent.exe"
MSCONFIG\startupreg: DriverFinder => C:\Program Files (x86)\DriverFinder\DriverFinder.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: join.me.launcher => C:\Users\admin\AppData\Local\join.me.launcher\join.me.launcher.exe
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: QAppTray => "C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe"
MSCONFIG\startupreg: QQIntl => "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
MSCONFIG\startupreg: Windscribe => C:\Program Files (x86)\Windscribe\Windscribe.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{37ECEAC0-AB95-4B56-AD1A-EE9570DCE75A}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{8C582BA6-1710-4C25-AED4-2AC80D8ADB35}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{BFF466DD-9B89-44E0-B440-08357C4DD189}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{1C18BD99-8C85-4006-A3A8-EF4F572E3854}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{BD284F0E-8D77-4C28-88A4-62AC559620A9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E3B785F7-0B8C-4C58-84FB-7F8F345C4DBA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{043C9221-CBC6-4B1F-8774-F69AD3D3BF8F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E74EA1F1-4495-493B-AE7F-C8337F231162}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{5905E122-16F2-460A-A451-5E9F43332F9C}] => (Block) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{4CF0A193-6A12-4A4E-8857-4F40F69B2464}] => (Block) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{F1012D99-6C18-41DE-A06C-9666FECD23D3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{CA6EB034-8007-456B-BE4D-ADBB3B70CB34}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{17EB3DC7-A4AA-4F0C-8582-54C1BC7E4D42}] => (Block) %ProgramFiles%\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{C2445C4D-0793-4D43-9D09-3ABF52DC729A}] => (Block) C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{C7547AB8-BFAD-4A8B-8617-09DCBE3528EE}] => (Block) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{9C02F32A-93DA-4BD8-84E1-7678A220F79F}] => (Block) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{A93D5526-2BC3-4EE9-ABE1-287A30E2AF3D}] => (Allow) C:\Users\admin\AppData\Local\Temp\nsc7F4E.tmp\Installer-76048000.exe
FirewallRules: [{8C5102AA-7C1E-4CD7-8190-C78EB42B4AF3}] => (Allow) C:\Users\admin\AppData\Local\Temp\nsc7F4E.tmp\Installer-76048000.exe
FirewallRules: [{77E5ED42-7DBD-4E1A-B5CF-6E81D4FE64B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90366AC1-1388-43BC-BD5E-03C970AD4D23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ACB3012C-F37F-42E5-83D4-D59123CF9B71}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2D82E1DC-F7AD-4B15-87F3-6B35559DC716}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D138686F-2BBB-4622-9CF1-D795EC9CEFB3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4379F70F-E065-4ECF-AC61-973D0090E582}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{969144DA-9EAD-442C-B3D7-334BB27B87E5}] => (Block) C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{B72B8C94-1CC3-4533-8B9A-D4EEC89784F6}] => (Block) %ProgramFiles% (x86)\Rockstar Games\Max Payne 3\MaxPayne3.exe
FirewallRules: [{E7CF6113-FE6B-4689-BEF7-C3D9ADDAF153}] => (Block) %ProgramFiles% (x86)\Rockstar Games\Max Payne 3\PlayMaxPayne3.exe
FirewallRules: [{C7D63E5B-94FF-47B0-9560-FED1A51FCE31}] => (Block) %ProgramFiles% (x86)\Rockstar Games\Max Payne 3\MaxPayne3.exe
FirewallRules: [{0BC12591-DDCE-47DF-A36B-3F466F4B95B1}] => (Block) %ProgramFiles% (x86)\Rockstar Games\Max Payne 3\PlayMaxPayne3.exe
FirewallRules: [{42E782B5-2471-46D6-9166-24A628BCC53F}] => (Allow) C:\Users\admin\AppData\Roaming\Copy\CopyAgent.exe
FirewallRules: [{7B325C15-1693-48EF-853B-E58290EADEAF}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC\Support Files\AfterFX.exe
FirewallRules: [{B98AED66-FEB2-4783-A4C2-2CCB2F3B9DA6}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC\Support Files\AfterFX.exe
FirewallRules: [{6CE3AEFC-CB3D-46FB-9933-C5404AA4E9BA}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{54DBC99B-7206-4069-97E8-DC3725706C76}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{F0C86F97-39D2-4DEB-B3C4-C612C8F35A00}] => (Block) %SystemDrive%\Users\All Users\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{82CB8739-10C3-4FEA-8DAF-5989F85F2053}] => (Block) %SystemDrive%\Users\All Users\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{C86264C2-35E1-485F-8B60-4BBF5D3A4E5B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{48E2E7E4-2EF3-43ED-982E-6564D98EBD7B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{5ACF6BD3-802B-4D1D-8AE3-D82C24F94203}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL.exe
FirewallRules: [{7DAFC937-D519-4AD9-80C9-A03111FF6667}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL64.exe
FirewallRules: [{B7F4450A-C7FC-4BAC-80B6-FA240DB25433}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL.exe
FirewallRules: [{F3B17F6B-F97D-4049-B35E-C14355B9D9C8}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL64.exe
FirewallRules: [{AC7D6303-AE1B-4D38-988E-2A5851A2C3FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E0E69B55-9F07-4156-B5F7-08AF96C8C338}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9ED9BD5D-F731-48B1-B745-B346FCC147B8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{17585E12-FA11-452D-A7C0-9F3D2DCA6DEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2590E8C7-32E8-4DB4-949D-B0ABC65B1817}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{0EDD97F2-FA04-4CAC-A9AE-28F249E36A72}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{3A25D3EC-FF68-44C9-8257-22361C381C84}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{1E143B94-083C-4269-ADD4-C2E99D9A5EFC}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{F2B65DBB-96C8-4DD9-83B1-E6746D9CB696}] => (Allow) LPort=8317
FirewallRules: [{5903F95B-6A95-4DBD-BD87-330C895B6AA0}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [{93FD86F5-E05D-4D6B-AA71-D2B8BAA5CF82}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{9D168888-E399-4C29-8E8E-8D5E10F7DCC7}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{3BA62ED7-0927-48AD-A947-9E464BADC2D4}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{CA98DC1F-7F1A-402D-AA3B-AB4E1D6525B6}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{A75AC4F9-F772-41F7-83CD-EBA4351F4C33}] => (Allow) C:\Program Files (x86)\ASUS\Share Link\ShareLink.exe
FirewallRules: [{D84D5BD8-9C9D-4641-AE50-0BA286A1E83D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EB70F318-9E04-45D5-99A3-4AF22A661B72}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{22A0C02E-F0F5-409F-BA78-F44F340E32DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{985DE91F-4D35-4D2C-8D49-A4A788E2418F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{27091ABA-9CA4-48DB-9206-1468071A79E4}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{3341E0BE-E07D-4BA4-9907-F855033C6323}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{6C80338D-54D3-43D2-835A-FE9F30EAF22F}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC\Support Files\AfterFX.exe
FirewallRules: [{C154A22D-83E0-4084-9FAE-FEE67D0ED72A}] => (Block) %ProgramFiles%\Adobe\Adobe After Effects CC\Support Files\AfterFX.exe
FirewallRules: [{DFFB124D-72C0-4502-B98B-7DB9DE26C227}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{9B3C1C24-7CCC-4C5D-804D-478664919E69}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{CCBE7E28-34CD-49A6-8728-8697FFB03324}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\auclt.exe
FirewallRules: [{025BAC45-BAA5-4902-BD57-E3DA94572844}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\auclt.exe
FirewallRules: [{AF60B664-E481-4626-8870-1BC7429EFCA0}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\txupd.exe
FirewallRules: [{4C9E7FFB-5F07-4BD4-9B15-52434705A852}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\txupd.exe
FirewallRules: [{5A5FE7F7-9025-4C41-BFBA-3CD198C1D7EE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{30C7BF00-67D0-4C2C-B91D-7E5D61F82F46}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BFE3EA58-11EB-47D0-90F5-D7A817214973}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7CD4FC94-A5CA-489F-9F9E-451669D0AF86}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B4A5CB08-350B-43E3-AE36-295E65BFD009}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3CF144EB-FFAD-46C6-8008-2543995C3939}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{40F04704-90C7-41A8-8B28-23AE48592AFE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{0F492CDA-8B04-4CD9-87C2-89FDD942A00C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{1E41DFFA-2DEB-4B3D-98BE-3E6D57A0B72F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{0C2F7663-464C-4B11-A44F-F14405327EB2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D55B0850-4589-45BE-9081-FB02EEAB1B46}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DA7EBF3C-BA24-4494-824B-8F05FE254F3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2BA206D1-7114-4930-9092-F10C649460E4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{64C9C05A-4A59-46B5-A496-D735BE4981BB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{91ADE171-A2A4-4DC1-B1E3-B9475811B136}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{94D6B181-7509-4D6E-94B9-08113C592C25}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{5791A997-9A6A-4ACA-8550-D6428767F98B}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{12487303-8C95-4C22-93D4-F29D64A8C681}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{834FA37A-D4CF-46EB-9309-311FE5169AB5}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{5994A75E-5ACF-4828-8BC0-AAF640373040}] => (Allow) C:\Users\admin\Desktop\AnyDesk.exe
FirewallRules: [{76CA293E-CBD2-4BDD-9FB4-791D9AE9D627}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{755EA25D-EA70-4CE7-8439-A1671EBFBB93}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{1EC59A45-4C73-4AC9-AB83-9524721FD96B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{348F3759-AEAD-4504-9D24-F7A2D7A533A3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{46836396-6B2C-4DF7-96F5-95269D9C830F}] => (Allow) %programfiles%\Qustodio\qapp\qwelcomewzd.exe
FirewallRules: [{46950849-30DD-4A3F-8193-FCD3349F5382}] => (Allow) %programfiles%\Qustodio\qapp\QUpdateService.exe
FirewallRules: [{2A6918DD-8C0B-4B0F-AA01-29FF8B61DCF4}] => (Allow) %programfiles%\Qustodio\qapp\QReport.exe
FirewallRules: [{36558008-F74F-4489-BF5E-548C2059C2B6}] => (Allow) %programfiles%\Qustodio\qproxy\qengine.exe
FirewallRules: [{A3E16C1B-9DF4-4E2F-87DD-370064D2150C}] => (Allow) %programfiles%\Qustodio\qapp\QAppTray.exe
 
==================== Restore Points =========================
 
10-04-2018 16:55:48 Windows Defender Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/11/2018 01:14:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 12.8.0.1016, time stamp: 0x51fb0c50
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x03a74c0d
Faulting process id: 0x172c
Faulting application start time: 0x01d3d168c2147007
Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 1ad4e307-3d5c-11e8-b5c4-fcaa14c2fb92
 
Error: (04/11/2018 01:14:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (04/11/2018 01:11:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/10/2018 07:14:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 12.8.0.1016, time stamp: 0x51fb0c50
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x03634c0d
Faulting process id: 0x218c
Faulting application start time: 0x01d3d0d1e4c1bdcd
Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 3d301713-3cc5-11e8-8424-fcaa14c2fb92
 
Error: (04/10/2018 07:14:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (04/10/2018 07:11:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSGPlusBTServer64.exe, version: 1.0.1.12, time stamp: 0x559ddf30
Faulting module name: AsusSGPlusBTServer64.exe, version: 1.0.1.12, time stamp: 0x559ddf30
Exception code: 0xc0000005
Fault offset: 0x0000000000010b50
Faulting process id: 0x2658
Faulting application start time: 0x01d3d0d1ad02e6c0
Faulting application path: C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
Faulting module path: C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
Report Id: eaebc88b-3cc4-11e8-8424-fcaa14c2fb92
 
Error: (04/10/2018 07:11:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSGPlusBTServer64.exe, version: 1.0.1.12, time stamp: 0x559ddf30
Faulting module name: AsusSGPlusBTServer64.exe, version: 1.0.1.12, time stamp: 0x559ddf30
Exception code: 0xc0000005
Fault offset: 0x0000000000010b50
Faulting process id: 0x2484
Faulting application start time: 0x01d3d0d1a9ff2fef
Faulting application path: C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
Faulting module path: C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
Report Id: e9743a1e-3cc4-11e8-8424-fcaa14c2fb92
 
Error: (04/10/2018 07:11:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusSGPlusBTServer64.exe, version: 1.0.1.12, time stamp: 0x559ddf30
Faulting module name: AsusSGPlusBTServer64.exe, version: 1.0.1.12, time stamp: 0x559ddf30
Exception code: 0xc0000005
Fault offset: 0x0000000000010b50
Faulting process id: 0x1d0c
Faulting application start time: 0x01d3d0d1a6fb2bcb
Faulting application path: C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
Faulting module path: C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
Report Id: e62a029f-3cc4-11e8-8424-fcaa14c2fb92
 
 
System errors:
=============
Error: (04/11/2018 01:14:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/11/2018 01:13:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.
 
Error: (04/11/2018 01:11:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (04/11/2018 01:11:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (04/11/2018 01:11:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD} did not register with DCOM within the required timeout.
 
Error: (04/11/2018 01:09:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The system_http_dll service failed to start due to the following error:
The system cannot find the file specified.
 
Error: (04/11/2018 01:09:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MxService service failed to start due to the following error:
The system cannot find the file specified.
 
Error: (04/11/2018 01:09:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppmallosayoV service failed to start due to the following error:
The system cannot find the path specified.
 
 
Windows Defender:
===================================
Date: 2018-04-10 16:45:25.101
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:TrojanDownloader:Win32/Adload.DP!bit
ID:225548
Severity:High
Category:Trojan Downloader
Path Found:file:C:\Users\admin\Downloads\ESETInternetSecurityV11.0.144.0FinalLicenseFinder\ESET Internet Security 11.0.144.0 (64Bit) + Fix\License Downloader\TNod-1.6.3.1-Final-Portable\TNODUP-Portable.exe
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:
 
Date: 2018-04-10 16:37:05.874
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:TrojanDownloader:Win32/Adload.DP!bit
ID:225548
Severity:High
Category:Trojan Downloader
Path Found:file:C:\Users\admin\Downloads\ESETInternetSecurityV11.0.144.0FinalLicenseFinder\ESET Internet Security 11.0.144.0 (64Bit) + Fix\License Downloader\TNod-1.6.3.1-Final-Portable\TNODUP-Portable.exe;process:pid:7148;process:pid:7232
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2018-04-10 16:34:03.786
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:TrojanDownloader:Win32/Adload.DP!bit
ID:225548
Severity:High
Category:Trojan Downloader
Path Found:file:C:\Users\admin\Downloads\ESETInternetSecurityV11.0.144.0FinalLicenseFinder\ESET Internet Security 11.0.144.0 (64Bit) + Fix\License Downloader\TNod-1.6.3.1-Final-Portable\TNODUP-Portable.exe;process:pid:7232
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2017-04-04 10:14:01.542
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:MonitoringTool:Win32/TotalSpy
ID:17559
Severity:Severe
Category:Monitoring Software
Path Found:containerfile:C:\Users\admin\Desktop\setup (PASSW0RD = 123987).exe;file:C:\Users\admin\Desktop\setup (PASSW0RD = 123987).exe->(inno#000000)
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:c:\program files\windows defender\MpCmdRun.exe
 
CodeIntegrity:
===================================
 
Date: 2018-04-11 13:09:29.349
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-11 13:09:29.349
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-11 04:00:32.456
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-11 04:00:32.455
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-10 19:11:12.991
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-10 19:11:12.991
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-10 18:16:03.613
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-04-10 18:16:03.613
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info ===========================
 
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 38%
Total physical RAM: 16244.9 MB
Available physical RAM: 10016.01 MB
Total Virtual: 32487.98 MB
Available Virtual: 24926.8 MB
 
==================== Drives ================================
 
Drive c: (WINDOWS-SSD) (Fixed) (Total:232.79 GB) (Free:27.18 GB) NTFS
Drive d: (WINDOWS) (Fixed) (Total:150.39 GB) (Free:73.39 GB) NTFS
Drive e: (SKA and Digital Painting) (Fixed) (Total:150.39 GB) (Free:10.99 GB) NTFS
Drive f: (PERSONAL FILES) (Fixed) (Total:150.39 GB) (Free:12.81 GB) NTFS
Drive g: (MUSIC) (Fixed) (Total:150.39 GB) (Free:51.79 GB) NTFS
Drive h: (GAMES) (Fixed) (Total:150.39 GB) (Free:10.43 GB) NTFS
Drive i: (SOFTWARES) (Fixed) (Total:179.46 GB) (Free:13.97 GB) NTFS
Drive m: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:239.82 GB) NTFS
Drive n: (My Book-1TB OLD) (Fixed) (Total:930.86 GB) (Free:8.66 GB) NTFS
Drive p: (WD SmartWare) (CDROM) (Total:0.62 GB) (Free:0 GB) UDF
Drive q: (MOVIES) (Fixed) (Total:466.8 GB) (Free:9.22 GB) NTFS
Drive r: (MOVIES AND MUSIC) (Fixed) (Total:466.8 GB) (Free:60.44 GB) NTFS
Drive s: (MUSIC PRODUCTION - DJING) (Fixed) (Total:466.8 GB) (Free:392.14 GB) NTFS
Drive t: (STUDY) (Fixed) (Total:462.62 GB) (Free:82.36 GB) NTFS
 
\\?\Volume{8c40a4c4-2c1c-11e3-9f03-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS
\\?\Volume{a578a6ce-29e7-11e5-889c-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: F70EC33E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2CBCDF0E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=630.6 GB) - (Type=0F Extended)
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5D5D1032)
Partition 1: (Not Active) - (Size=466.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=466.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=462.6 GB) - (Type=0F Extended)
 
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 000564D0)
Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.
 
==================== End of Addition.txt ============================

Attached Files


Edited by sharath83, 11 April 2018 - 12:02 PM.
Deleted duplicates


BC AdBot (Login to Remove)

 


#2 sharath83

sharath83
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 13 April 2018 - 03:03 PM

Mod Edit:  merged topics - Hamluis.

 

I happened to install a software, and it messed up my Firefox, Chrome and IE browser, some of the links are not opening. My YouTube history has videos I did not watch before, this is within 30 - 50 mins after the issue. Youtube I cannot skip the ad videos. (Skip after 5 seconds is no more seen)
 
Some of the software and other files, the program with which it should be opened, the shortcut icons are blank.
 
In Firefox, the redirect link is:

https://feed.helperbar.com/
http://5231.xg4ken.com/trk/

I tried Malwarebytes, and Super AntiSpyware it did remove some of malwares, but still the issue persists.
 
Am posting this issue again, I need solution for this, awaiting for your reply, Thank you.


Edited by hamluis, 13 April 2018 - 05:34 PM.
Added CODE block to disable potentially malicious links


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 15 April 2018 - 08:38 PM

Greetings sharath83 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall any and all products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan after removal and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 sharath83

sharath83
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 16 April 2018 - 01:12 AM

Hi Gary,

 

Thank you for the reply.

 

You have mentioned: "Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall any and all products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan after removal and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic."

 

Could i know what does this got to do with the malware issue am facing in the browser? Whatever software am using are required and are essential software i use on daily basis.

 

Am here only to get solution to get rid of the malware issue, which i posted on the main topic, facing issues with firefox, were in some of the website doesn't open, some places were-in website has ads, they show up, which is unusual, and my youtube history has videos that i never watch before.

 

So please let me know if there is any solution, to remove the malware, without removing my softwares. Appreciate your reply, thank you.


Edited by sharath83, 16 April 2018 - 12:04 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 16 April 2018 - 11:12 AM

Greetings.

Despite your involvement in illegal activity I can not in good conscience offer assistance under these circumstances. Apart for the legal and moral implications, downloading this type of software inherently brings with it the possibility of delivering malicious software for "free."

The only thing I can offer is to see if any other helpers here are willing to assist you. I will post that today and either someone else will jump in within 24 hours or the absence of that will mean we will not be able to assist you.

You always have the option to pay someone to clean your computer.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 sharath83

sharath83
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 16 April 2018 - 11:50 AM

Greetings.

Despite your involvement in illegal activity I can not in good conscience offer assistance under these circumstances. Apart for the legal and moral implications, downloading this type of software inherently brings with it the possibility of delivering malicious software for "free."

The only thing I can offer is to see if any other helpers here are willing to assist you. I will post that today and either someone else will jump in within 24 hours or the absence of that will mean we will not be able to assist you.

You always have the option to pay someone to clean your computer.

 

The softwares did not bring any type of malicious issues. And am not involved in any illegal activity, i do use original softwares on my laptop. As i have license to use only on laptop, not in desktop. Till date i have not faced any issues, it is only recently that there was a exe file i installed thinking it as a software, only later facing the issues.

 

And for your information Mr. Gary, there are people who are using illegal software, but they do buy them later.

 

So next you come across any people, who are facing malware issues, my suggestion for you is, if you can solve someones malware issues, do so without any type of 'Conscience', logic is required here, which is most important. Otherwise, stop telling people that they are using illegal softwares, by replying to every post that you come across. People are "aware" of what they are using. Users come here come for solution, and please do not WASTE their time.

 

Your reply is irrelevant with the PC problems am facing. I don't need your assistance, i will solve this by myself. 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 16 April 2018 - 01:53 PM

At your request I will close this topic.

Good luck.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 16 April 2018 - 01:53 PM

This topic is permanently closed.

Edited by Oh My!, 16 April 2018 - 02:51 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users