Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware help please! Microsoft explorer keeps popping up..


  • This topic is locked This topic is locked
5 replies to this topic

#1 alinato

alinato

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 12 August 2018 - 12:43 PM

Hi,

 

I have a problem with microsoft explorer as it keeps popping up every 3-4 hours with random websites. prior to making microsoft explorer my default browser, I was having the same problem with chrome. I believe there is a malware sending a message to default browser to reach various websites.

 

I run windows 7 64x on parallels (on macbook pro) and I have Symantec Endpoint Protenction running on windows. I did a scan using symantec but couldn't find any malware..

 

I would be really grateful if anybody could help me in identification and removal of the malware causing this.

 

I have already ran FRST and these are the log files I got:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by user004 (administrator) on USER004-PC (12-08-2018 18:31:48)
Running from \\psf\Home\Downloads
Loaded Profiles: user004 (Available Profiles: user004 & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Tanuki Software, Ltd.) C:\Program Files (x86)\i2p\I2Psvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe
(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools_service.exe
(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe
(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Tools\Services\WoW\coherence.exe
(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc.) C:\Users\user004\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\user004\Documents\swap-alt-ctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\user004\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Users\user004\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Mega Limited) C:\Users\user004\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) \\psf\Home\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TRACKPADPLUSPLUS] => C:\Program Files\TrackpadPlusPlus\Trackpad++ Control Module.exe
HKLM\...\Run: [POWER PLAN ASSISTANT] => C:\Program Files\PowerPlanAssistant\PowerPlanAssistantLauncher.exe
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-01-31] (Intel Corporation)
HKLM-x32\...\Run: [kbdsprt] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1053656 2017-07-04] (DivX, LLC)
HKLM-x32\...\Run: [Parallels Tools Center] => C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe [176384 2013-12-03] (Parallels Holdings, Ltd. and its affiliates.)
HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\Run: [Dropbox Update] => C:\Users\user004\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\MountPoints2: {1fdec409-3a07-11e4-96ba-ff2cc2ae6fba} - G:\autorun.exe
HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\MountPoints2: {78f634ff-2fd7-11e4-96c5-ed77ab4b4f28} - F:\AutoRun.exe
HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\MountPoints2: {8e10b2fe-a6da-11e5-bfd4-b598b9708d02} - F:\DTLplus_Launcher.exe
HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\MountPoints2: {a3006e08-b0a7-11e3-a545-b5824887b316} - I:\DTLplus_Launcher.exe
HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\MountPoints2: {a3006e15-b0a7-11e3-a545-b5824887b316} - F:\TotalLock.exe
HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\MountPoints2: {a4e49f39-21ec-11e7-b48c-7831c1bf1c61} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\MountPoints2: {c945137f-8a94-11e5-bae4-005056c00008} - G:\SETUP.EXE
HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\MountPoints2: {f49b9265-aff8-11e7-b600-7831c1bf1c61} - F:\startme.exe
Startup: C:\Users\user004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-08-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\user004\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\user004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2018-08-12]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swap-alt-ctrl.lnk [2015-01-25]
ShortcutTarget: swap-alt-ctrl.lnk -> C:\Users\user004\Documents\swap-alt-ctrl.exe ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.211.55.1
Tcpip\..\Interfaces\{0620070F-23AC-4057-906D-3998733E861A}: [DhcpNameServer] 10.211.55.1
Tcpip\..\Interfaces\{160254E6-FAA0-4641-86AA-8F5EA40B793E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2D6AAAE2-00D8-4CB2-A9E3-80532065C97A}: [DhcpNameServer] 192.168.9.1
Tcpip\..\Interfaces\{900FBA4E-9DE5-4312-B2F5-D5FB3C76E460}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9724E84C-FA45-4C10-8EAB-F4DFAEED5D2B}: [DhcpNameServer] 192.168.9.1 192.168.9.1
Tcpip\..\Interfaces\{DBF8FD45-542A-4783-B55E-CC07B0EF28DC}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2237259298-907951129-3901279771-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP9896D535-F7D7-40BC-838A-649D9F32BF57&q={searchTerms}&SSPV=
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Internet Download Manager, Tonec Inc.)
BHO: CutThePrice -> {53363EE6-045B-4055-BE67-DAFE71F765F6} -> C:\Program Files (x86)\CutThePrice\kMgGMuKzETL6ou.x64.dll => No File
BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2015-10-08] (Mindjet)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Internet Download Manager, Tonec Inc.)
BHO-x32: Show Naturalreader Bar -> {127AD70F-B2B7-4f6a-ACD9-C7B1FE48C8C0} -> C:\Windows\syswow64\MsiExec.exe [2015-06-15] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL [2013-10-21] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2237259298-907951129-3901279771-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2237259298-907951129-3901279771-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} hxxps://webvpn.aston.ac.uk/+CSCOL+/relayp.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1495454167556

FireFox:
========
FF DefaultProfile: cqwdbnmq.default-1398488437497
FF DefaultProfile: yxu1r30w.default
FF ProfilePath: C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497 [2018-07-28]
FF NetworkProxy: Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497 -> autoconfig_url", "hxxp://proxy-url.here/proxy.pac"
FF Extension: (Scribd Downloader Free) - C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497\Extensions\@scribddownload.xpi [2017-08-23] [Legacy]
FF Extension: (FoxyProxy Standard) - C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497\Extensions\foxyproxy@eric.h.jung [2017-02-11] [Legacy]
FF Extension: (Translate This!) - C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2016-11-11] [Legacy]
FF Extension: (To Google Translate) - C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2016-04-29] [Legacy]
FF Extension: (AdBlock for Firefox) - C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-12-16] [Legacy]
FF Extension: (storeTab) - C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497\Extensions\nicktco@gmail.com.xpi [2016-04-30] [Legacy]
FF Extension: (Surf Anonymous Free) - C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497\Extensions\support@surfanonymous-free.com.xpi [2017-04-28] [Legacy] [not signed]
FF Extension: (Text to Voice) - C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497\Extensions\text2voice@vik.josh.xpi [2016-01-22] [Legacy]
FF Extension: (EPUBReader) - C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-03-02] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-12] [Legacy]
FF Extension: (Show my Password) - C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497\Extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2016-12-31] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-27] [Legacy]
FF Extension: (Greasemonkey) - C:\Users\user004\AppData\Roaming\Mozilla\Firefox\Profiles\cqwdbnmq.default-1398488437497\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-04-30] [Legacy]
FF ProfilePath: C:\Users\user004\AppData\Roaming\Comodo\IceDragon\Profiles\yxu1r30w.default [2017-04-23]
FF Homepage: Comodo\IceDragon\Profiles\yxu1r30w.default -> hxxps://uk.yahoo.com/?fr=fp-comodo&type=25050004003_id_hp
FF Extension: (Hoxx VPN Proxy) - C:\Users\user004\AppData\Roaming\Comodo\IceDragon\Profiles\yxu1r30w.default\Extensions\@hoxx-vpn.xpi [2017-04-17] [Legacy]
FF Extension: (SetupVPN) - C:\Users\user004\AppData\Roaming\Comodo\IceDragon\Profiles\yxu1r30w.default\Extensions\@setupvpncom.xpi [2017-04-21] [Legacy]
FF Extension: (Hide My IP) - C:\Users\user004\AppData\Roaming\Comodo\IceDragon\Profiles\yxu1r30w.default\Extensions\admin@myprivacytools.com.xpi [2017-04-17] [Legacy]
FF Extension: (No Name) - C:\Program Files (x86)\Comodo\IceDragon\browser\features\@csb [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Comodo\IceDragon\browser\features\DnD@comodo.com [not found]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-08-31] [Legacy] [not signed]
FF HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26] [Legacy]
FF HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\user004\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\user004\AppData\Roaming\IDM\idmmzcc5 [2017-12-24] [Legacy] [not signed]
FF HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2017-08-07] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2237259298-907951129-3901279771-1000: SkypePlugin -> C:\Users\user004\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2237259298-907951129-3901279771-1000: SkypePlugin64 -> C:\Users\user004\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.ie_
CHR Profile: C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
CHR Extension: (Google Translate) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2018-04-20]
CHR Extension: (Flash Video Downloader) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-02-24]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2018-04-20]
CHR Extension: (Select & translate - context menu) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapcampblfdohlgnilfjbmhjijhflbjf [2014-03-30]
CHR Extension: (ShowPassword) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiclfnbhommljbjcoelobnnnibemabl [2018-04-04]
CHR Extension: (YouTube) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (WebRTC Leak Shield) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppamachkoflopbagkdoflbgfjflfnfl [2018-06-20]
CHR Extension: (Adblock Plus) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-07-18]
CHR Extension: (Google Search) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabs Backup & Restore) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2016-04-24]
CHR Extension: (Volume Booster) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkiikneibegknkgimmihdpcbcedgmpo [2018-08-12]
CHR Extension: (Video Downloader professional) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-04-09]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2018-07-21]
CHR Extension: (Fullscreen Mirror) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffngemmnpcakpdhkfhhemmkdbfkinfbb [2016-07-16]
CHR Extension: (HTML Revealer and Password Revealer) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgeopcldenngppapceagonnenonklpbn [2017-08-14]
CHR Extension: (Speak It!) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\fginjphhpgkicbhibgafbpfjeahmjdfc [2018-03-27]
CHR Extension: (EditThisCookie) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2018-05-16]
CHR Extension: (Web Developer Form Filler) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbagmkohmhcjgbepncmehejaljoclpil [2017-03-16]
CHR Extension: (FoxyProxy Standard) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2015-11-09]
CHR Extension: (KProxy Extension) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdocgbfmddcfnlnpmnghmjicjognhonm [2018-06-20]
CHR Extension: (AdBlock) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-27]
CHR Extension: (Password Revealer) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\gldhelojchodefkemcnpaagnokhjlmia [2018-04-04]
CHR Extension: (Translate selection) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\goanabmlmgfinmjohhepcpffcnkeobjm [2016-02-18]
CHR Extension: (Dictionary Lookup) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipdjaafajlfiopcppipdinmcjbcpofhd [2015-11-14] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (Tabs saver) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmabfaomlcjlnplkoflgenkmmpilmead [2015-08-10]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-11-14] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Play Books) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2017-11-09]
CHR Extension: (Hoxx VPN Proxy) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2018-06-20]
CHR Extension: (GDictionary++) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbecbgockhikgaokdbalknlbcfbefgc [2014-03-17]
CHR Extension: (Autofill) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2018-08-12]
CHR Extension: (Google Wallet) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-14] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (Show and Hide Passwords) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\panhbjhhhpldcicghpekhonnmfnpgibd [2018-03-16]
CHR Extension: (Hide My IP) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\pekcnopmdcbjdgmpnpkndppflpldnkkp [2018-07-08]
CHR Extension: (SpeakIt!) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2015-11-14] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (KMPlayer) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\phimijbkckhapdpppdfiedfmngnpfpca [2015-11-14] [UpdateUrl: hxxps://mynamedomain.koko/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-29]
CHR Extension: (Free Video Downloader) - C:\Users\user004\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppgadljdflpomdcdacknofppeejgmjdn [2018-05-18]
CHR Profile: C:\Users\user004\AppData\Local\Google\Chrome\User Data\System Profile [2017-12-13]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-12-16]
CHR HKU\S-1-5-21-2237259298-907951129-3901279771-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\user004\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-11-12]
CHR HKU\S-1-5-21-2237259298-907951129-3901279771-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-12-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-02-06] ()
S4 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36752 2016-04-26] (Box, Inc.)
S2 DrvCovEx; C:\Windows\SysWOW64\DrvCovEx.exe [45056 2015-09-15] () [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S4 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2719864 2016-10-06] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe [103168 2016-10-06] ()
R2 i2p; C:\Program Files (x86)\i2p\I2Psvc.exe [389632 2017-04-15] (Tanuki Software, Ltd.) [File not signed]
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2018-01-22] () [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 prl_uprof; C:\Program Files (x86)\Parallels\Parallels Tools\prl_uprof.dll [86784 2013-12-03] (Parallels Holdings, Ltd. and its affiliates.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-10-21] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-10-21] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-10-21] (Symantec Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
S4 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465344 2015-08-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 OVPNService; "C:\Users\user004\AppData\Local\TotalVPN\OVPN.Service.exe" [X]
R2 PrlVssProvider; C:\Windows\system32\dllhost.exe /Processid:{E9ECCFFD-85C8-45F5-A738-90DCBCFAB0CC}
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]
S3 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [48624 2018-03-06] (The OpenVPN Project)
S3 AMDAC97; C:\Windows\System32\drivers\AMDAC97.sys [53248 2006-09-18] (AMD)
S3 AppleCamera; C:\Windows\System32\DRIVERS\AppleCamera.sys [1793664 2013-12-04] (Apple Inc.)
S3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2013-09-06] (Apple Inc.)
S3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [39424 2013-09-06] (Apple Inc.)
S3 AppleSDR; C:\Windows\System32\DRIVERS\AppleSDR.sys [12800 2013-09-03] (Apple Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49560 2012-09-17] (Asmedia Technology)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20180731.001\BHDrvx64.sys [1919568 2018-07-31] (Symantec Corporation)
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-10-21] (Symantec Corporation)
S3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFD.sys [56720 2013-10-17] (Cirrus Logic Inc.)
S3 CirrusUFD; C:\Windows\System32\DRIVERS\CSUFD.sys [11928 2013-10-17] (Cirrus Logic Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-04-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153168 2018-04-27] (Symantec Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44648 2015-09-18] (AnchorFree Inc.)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20180810.061\IDSvia64.sys [1298000 2018-07-17] (Symantec Corporation)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2014-01-31] (Intel Corporation)
S3 mpszfilt; C:\Windows\System32\DRIVERS\mpszfilt.sys [20632 2015-09-15] (Generic)
S3 MT_TRACKPAD; C:\Windows\System32\drivers\MT_Trackpad.sys [16384 2011-12-02] (n/a) [File not signed]
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20180811.002\ENG64.SYS [138832 2018-08-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20180811.002\EX64.SYS [2153040 2018-08-11] (Symantec Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\neo_vpn.sys [29744 2016-12-20] (PureVPN)
R3 prl_memdev; C:\Windows\System32\DRIVERS\prl_memdev.sys [21760 2013-12-03] ()
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-10-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-10-21] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2013-10-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-10-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-10-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-02-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-10-21] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-10-21] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2015-02-13] (Symantec Corporation)
S3 tapexpressvpn; C:\Windows\System32\DRIVERS\tapexpressvpn.sys [26624 2016-12-01] (The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2017-06-15] (Anchorfree Inc.)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [92456 2013-10-21] (Symantec Corporation)
S3 trackpad_plus_plus_x64; C:\Windows\System32\DRIVERS\trackpad_plus_plus_x64.sys [11136 2013-12-22] (Windows (R) Win 7 DDK provider) [File not signed]
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102576 2015-11-10] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25904 2015-11-10] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701360 2015-11-10] ()
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-10-10] (Windows (R) Win 7 DDK provider)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-08-04] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 AFTrafMgr1.4; \??\C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [X]
U3 aswbdisk; no ImagePath
S3 FT_TRACKPAD; system32\drivers\FT_Trackpad.sys [X]
S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: prl_uprof -> C:\Program Files (x86)\Parallels\Parallels Tools\prl_uprof.dll (Parallels Holdings, Ltd. and its affiliates.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-01 19:10 - 2018-08-01 19:10 - 000000000 ____D C:\Users\user004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-29 01:25 - 2018-07-29 01:25 - 000000000 ____D C:\Windows\AutoKMS
2018-07-24 23:21 - 2018-07-24 23:21 - 000006148 ____H C:\Users\usersLD\.DS_Store
2018-07-24 23:21 - 2018-07-24 23:21 - 000004096 ____H C:\Users\usersLD\._.DS_Store
2018-07-24 17:45 - 2018-07-24 17:45 - 000000078 _____ C:\Windows\system32\Drivers\etc\lmhosts
2018-07-24 17:45 - 2018-07-24 17:45 - 000000000 ____D C:\Users\user004\AppData\Roaming\appgate
2018-07-24 17:45 - 2018-07-24 17:45 - 000000000 ____D C:\Program Files (x86)\AppGate
2018-07-24 00:50 - 2018-07-24 00:50 - 000000000 ____D C:\MATS

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-12 18:31 - 2018-03-20 00:50 - 000000000 ____D C:\FRST
2018-08-12 18:21 - 2009-07-14 05:45 - 000028272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-12 18:21 - 2009-07-14 05:45 - 000028272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-12 18:15 - 2016-04-19 17:26 - 000000000 ___RD C:\Users\user004\Mega
2018-08-12 18:10 - 2014-05-18 02:20 - 000754596 _____ C:\Windows\system32\perfh00C.dat
2018-08-12 18:10 - 2014-05-18 02:20 - 000551156 _____ C:\Windows\system32\perfh001.dat
2018-08-12 18:10 - 2014-05-18 02:20 - 000157824 _____ C:\Windows\system32\perfc00C.dat
2018-08-12 18:10 - 2014-05-18 02:20 - 000122498 _____ C:\Windows\system32\perfc001.dat
2018-08-12 18:10 - 2009-07-14 06:13 - 002461892 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-12 18:10 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-08-12 18:05 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2018-08-12 17:59 - 2015-06-19 01:05 - 000000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2237259298-907951129-3901279771-1000UA.job
2018-08-12 17:36 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\tracing
2018-08-12 17:10 - 2018-03-08 14:55 - 000021508 ____H C:\Users\user004\.DS_Store
2018-08-12 17:10 - 2014-03-16 23:22 - 000000000 ___RD C:\Users\user004\Dropbox
2018-08-12 17:00 - 2017-07-01 20:15 - 000000000 ____D C:\KMPlayer
2018-08-12 17:00 - 2015-07-23 07:37 - 000000000 ____D C:\Users\user004\AppData\Roaming\Audacity
2018-08-12 16:59 - 2015-06-19 01:05 - 000000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2237259298-907951129-3901279771-1000Core.job
2018-08-12 16:57 - 2016-04-19 17:25 - 000000000 ____D C:\Users\user004\AppData\Local\MEGAsync
2018-08-12 16:50 - 2017-04-15 20:39 - 000000000 ____D C:\ProgramData\i2p
2018-08-12 16:21 - 2017-04-16 15:19 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-08-12 16:21 - 2015-11-14 15:45 - 000000000 ____D C:\ProgramData\VMware
2018-08-12 16:21 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-12 16:21 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Registration
2018-08-12 02:40 - 2015-07-22 09:26 - 000000328 _____ C:\Windows\Tasks\LiveBlog.job
2018-08-12 02:00 - 2014-03-16 23:08 - 000000000 ____D C:\Users\user004\AppData\Local\Adobe
2018-08-12 01:59 - 2017-10-28 20:15 - 000000000 ____D C:\Users\user004\AppData\Roaming\Anki2
2018-08-12 01:37 - 2014-03-16 23:09 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-08-11 21:46 - 2014-11-02 00:06 - 000015364 ____H C:\Users\.DS_Store
2018-08-11 21:45 - 2014-03-17 07:47 - 000000000 ____D C:\ProgramData\Symantec
2018-08-11 14:34 - 2015-11-11 05:09 - 000000000 ____D C:\Users\user004\AppData\Roaming\Skype
2018-08-11 02:42 - 2017-12-13 00:55 - 000002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-04 16:40 - 2014-03-23 03:32 - 000000000 ____D C:\Users\user004\AppData\Roaming\vlc
2018-08-01 19:10 - 2014-03-16 23:20 - 000000000 ____D C:\Users\user004\AppData\Roaming\Dropbox
2018-07-29 01:25 - 2018-01-23 13:44 - 000003606 _____ C:\Windows\System32\Tasks\autokms
2018-07-26 22:45 - 2017-08-15 13:47 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-26 22:45 - 2015-01-14 16:54 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-07-24 23:21 - 2017-12-19 00:36 - 000000000 ___SD C:\Users\usersLD\Protect user004
2018-07-24 23:21 - 2017-12-14 01:04 - 000000000 ____D C:\Users\usersLD
2018-07-24 23:13 - 2014-03-16 23:10 - 000000000 ____D C:\Users\usersLD\Default
2018-07-24 23:11 - 2018-03-08 14:53 - 000015364 ____H C:\.DS_Store
2018-07-24 01:33 - 2016-06-07 16:04 - 000000000 ____D C:\temp
2018-07-24 00:54 - 2018-04-30 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-07-24 00:54 - 2014-03-16 23:09 - 000000000 ____D C:\Program Files\Google
2018-07-24 00:51 - 2014-07-18 00:35 - 000000000 ____D C:\Users\user004\AppData\Local\ElevatedDiagnostics
2018-07-24 00:30 - 2014-03-16 22:30 - 000000000 ____D C:\Users\user004
2018-07-23 23:28 - 2014-03-16 23:09 - 000000000 ____D C:\Users\user004\AppData\Local\Google
2018-07-23 18:18 - 2018-06-15 03:18 - 000000000 ____D C:\Program Files (x86)\HMA! Pro VPN
2018-07-23 18:18 - 2015-12-20 03:53 - 000000000 ____D C:\Users\user004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Parallels Shared Applications
2018-07-19 23:04 - 2017-07-29 03:42 - 000003180 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2237259298-907951129-3901279771-1000
2018-07-19 23:04 - 2014-09-28 08:28 - 000002132 _____ C:\Users\user004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-07-19 23:04 - 2014-09-28 08:28 - 000000000 ___RD C:\Users\user004\OneDrive
2018-07-18 19:30 - 2018-06-14 16:31 - 000004482 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-07-18 19:30 - 2018-06-14 16:31 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-07-18 19:30 - 2014-03-16 23:09 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-07-18 19:30 - 2014-03-16 23:09 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-18 19:30 - 2014-03-16 23:09 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-18 19:22 - 2018-06-14 17:46 - 000000000 ____D C:\Program Files\Opera
2018-07-18 19:18 - 2018-06-14 18:30 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-18 15:45 - 2015-09-26 23:07 - 000001421 _____ C:\Users\user004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-07-18 15:45 - 2015-09-26 23:00 - 000000000 ____D C:\Users\user004\AppData\Local\Opera Software
2018-07-18 15:44 - 2014-10-06 21:26 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2018-07-18 15:43 - 2015-03-10 23:18 - 000000000 ____D C:\Users\user004\AppData\LocalLow\Unity
2018-07-18 15:43 - 2015-03-10 23:18 - 000000000 ____D C:\Users\user004\AppData\Local\Unity
2018-07-18 15:42 - 2014-03-17 07:59 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2018-07-18 15:41 - 2018-01-09 07:19 - 000000000 ____D C:\Users\user004\AppData\Roaming\Easeware
2018-07-18 15:41 - 2018-01-09 07:19 - 000000000 ____D C:\Program Files\Easeware
2018-07-18 15:40 - 2017-12-06 03:28 - 000000000 ____D C:\ProgramData\Citrix
2018-07-18 15:40 - 2015-12-20 23:49 - 000000000 ____D C:\ProgramData\eMule
2018-07-18 15:40 - 2014-03-23 02:04 - 000000000 ____D C:\Users\user004\AppData\Local\Citrix
2018-07-18 15:40 - 2014-03-23 02:04 - 000000000 ____D C:\Program Files (x86)\Citrix
2018-07-18 15:28 - 2017-04-15 20:39 - 000000000 ____D C:\Program Files (x86)\i2p

==================== Files in the root of some directories =======

2016-06-26 03:09 - 2018-06-09 19:16 - 000000040 _____ () C:\Users\user004\license.dat
2018-07-18 15:40 - 2018-07-18 15:40 - 000000093 _____ () C:\Users\user004\AppData\Roaming\ARCompanion.log
2017-05-02 17:57 - 2017-06-17 11:37 - 000000112 _____ () C:\Users\user004\AppData\Roaming\JP2K CS6 Prefs
2017-03-14 19:03 - 2017-08-07 04:12 - 000000584 _____ () C:\Users\user004\AppData\Roaming\onecal.xml
2015-10-10 23:00 - 2017-04-22 00:23 - 000002822 _____ () C:\Users\user004\AppData\Roaming\VoiceMeeterDefault.xml
2014-12-25 16:23 - 2014-12-25 16:23 - 000004608 _____ () C:\Users\user004\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-12-27 03:33 - 2017-12-27 03:33 - 000000001 _____ () C:\Users\user004\AppData\Local\llftool.4.40.agreement
2017-10-15 16:17 - 2017-10-15 16:24 - 049979264 _____ (Sony) C:\Users\user004\AppData\Local\pcc.exe
2014-08-14 03:07 - 2018-05-06 03:55 - 000007633 _____ () C:\Users\user004\AppData\Local\Resmon.ResmonCfg
2016-11-12 13:03 - 2016-11-12 13:03 - 011744256 _____ () C:\Users\user004\AppData\Local\Sync-1478952191.msi
2016-11-12 13:03 - 2016-11-12 13:04 - 000205914 _____ () C:\Users\user004\AppData\Local\Sync-1478952191.msi.log
2016-11-01 03:43 - 2016-11-01 03:43 - 000000000 _____ () C:\Users\user004\AppData\Local\{95D40A5C-4A1C-4321-8150-62845FF4DD10}
2015-04-06 16:13 - 2015-04-06 16:13 - 000000000 _____ () C:\Users\user004\AppData\Local\{BC27F833-B5FC-434D-8E15-864F1798D667}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <==== ATTENTION

LastRegBack: 2017-07-04 23:34

==================== End of FRST.txt ============================

Addition.txt shown below as well..

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by user004 (12-08-2018 18:36:04)
Running from \\psf\Home\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-03-16 21:30:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2237259298-907951129-3901279771-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2237259298-907951129-3901279771-501 - Limited - Disabled)
user004 (S-1-5-21-2237259298-907951129-3901279771-1000 - Administrator - Enabled) => C:\Users\user004

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Accent OFFICE Password Recovery (HKLM-x32\...\{7541AA22-F543-45B2-81C3-BF90274FAA0E}) (Version: 9.50.48.3568 - Passcovery Co. Ltd.)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_1_0) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\Adobe Connect 9 Add-in) (Version: 11.9.979.366 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1) (Version: 18.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Advanced Office Password Breaker (HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\Advanced Office Password Breaker) (Version: 3.02 - ElcomSoft Co. Ltd.)
Agent Ransack x64 (HKLM\...\{FD8C1365-2229-4F37-A126-558DB2471CBE}) (Version: 7.0.828.1 - Mythicsoft Ltd)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Asterisk Password Spy (HKLM-x32\...\{5BFD743C-669F-4151-A76B-516EB613A137}) (Version: 6.0 - SecurityXploded) Hidden
Asterisk Password Spy (HKLM-x32\...\Asterisk Password Spy 6.0) (Version: 6.0 - SecurityXploded)
AT&T Natural Voices Audrey v. 1.4 (HKLM-x32\...\AT&T Natural Voice Audrey_is1) (Version: 1.4 - NextUp Technologies)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AutoHotkey 1.1.14.03 (HKLM\...\AutoHotkey) (Version: 1.1.14.03 - Lexikos)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
BDE_ENT (HKLM-x32\...\{E966F0CC-76B3-11D3-945B-00C04FB1760A}) (Version: 5.1.1 - Borland Software Corp.) Hidden
Boot Camp Services (HKLM\...\{FA2B2C2A-EA41-495A-9308-60726125D562}) (Version: 5.1.5640 - Apple Inc.)
Box Sync (HKLM\...\{EB055068-B6D3-45E0-82A7-B32F9A48C0EA}) (Version: 4.0.7791.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{78bd23dc-5207-4a19-a205-75117c0f8c6c}) (Version: 4.0.6746.0 - Box Inc.) Hidden
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.253 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\Dropbox) (Version: 54.4.90 - Dropbox, Inc.)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.0.0.7072 - Thomson Reuters)
Enthought Canopy (64-bit) (HKLM\...\{93D7DF53-FDD4-4270-B83C-1EBC15FA1A87}) (Version: 1.3.0.134 - Enthought, Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
FlashBack Express 5 (HKLM-x32\...\FlashBack Express 5) (Version: 5.30.0.4329 - Blueberry Software (UK) Ltd.)
FlashBack Pro 5 (HKLM-x32\...\FlashBack Pro 5) (Version: 5.25.0.4229 - Blueberry Software (UK) Ltd.)
Foxit PhantomPDF Business (HKLM-x32\...\{BC99D091-67DA-419D-BB72-D64B94203917}) (Version: 7.1.5.425 - Foxit Software Inc.)
FredV2Step1 (HKLM-x32\...\{D6BCD6F1-85F1-43AD-A5A8-FC7C070546DD}) (Version: 1.00.0000 - USMLE)
FREE Word and Excel password recovery Wizard version 2.1.15 (HKLM-x32\...\{BEE8AFD4-907F-4BD5-B2E9-6606291415E8}_is1) (Version: 2.1.15 - FREE Password Recovery Software)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GraphPad Prism 6 (HKLM-x32\...\{606443B0-9831-11DC-5F90-015CFB7A6952}) (Version: 6.01 - GraphPad Software)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Hotspot Shield 6.0.3 (HKLM-x32\...\HotspotShield) (Version: 6.0.3 - )
Hotspot Shield 6.0.3 Embedded (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925B127D98D}) (Version: 6.0.3.9834 - Buildbot) Hidden
Hotspot Shield 7.8.1 (HKLM-x32\...\{7bb10120-a10c-4c8a-a33e-86aff3193732}) (Version: 7.8.1.10967 - AnchorFree Inc.)
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
Inspyder Web2Disk (HKLM\...\{52499A80-CF9A-4F3D-9E83-D7CC2F011686}_is1) (Version:  - Inspyder Software Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{557D160E-2085-4D38-BDA3-1D5D3F74A3A4}) (Version: 6.0.4 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Johnny (HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\{944c399f-b79d-44b6-acbd-4a12cce158f5}) (Version: 2.2.0 - Openwall)
KateVoice (HKLM-x32\...\{3ACA2514-480B-4774-B986-AE4546B00381}) (Version: 1.00.0000 - naturalsoft)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.5.3 - PandoraTV)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
LowRateVoip (HKLM-x32\...\LowRateVoip_is1) (Version: 4.14 build 745 - Finarea S.A. Switzerland)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
MicroDicom DICOM viewer 2.0.0 (HKLM-x32\...\MicroDicom) (Version: 2.0.0 - MicroDicom)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2017 (HKLM-x32\...\Microsoft SQL Server SQL2017) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2017 Policies  (HKLM-x32\...\{256EDCB9-A64D-433C-A1DC-C76F02475915}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service  (HKLM\...\{F19EAF2B-3405-47FE-B918-92C8A2C62008}) (Version: 14.0.17224.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{F13867E5-6039-44C7-9569-77A6E7CD560E}) (Version: 14.0.3953.4 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 17.5 (HKLM-x32\...\{240f5a1a-97f3-41f3-bc7a-f5817f00f3e4}) (Version: 14.0.17224.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 (HKLM\...\{9D78F5D4-79D2-4FC6-AC56-F364A0ABC54F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mindjet MindManager 2016 (HKLM\...\{2B218B30-3403-4617-898A-E0FA74C221CB}) (Version: 16.0.152 - Mindjet)
MiniTool Partition Wizard Free 10.2.2 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MySQL Workbench 6.3 CE (HKLM\...\{E90FE565-E4A2-49E7-94D9-5B8025C972A1}) (Version: 6.3.10 - Oracle Corporation)
NaturalReader11 (HKLM-x32\...\{A97657A7-A685-4EC4-AB91-534819E88EF9}) (Version: 11 - NaturalSoft)
NextUp-Acapela Elan Lucy22 UK English Voice (HKLM-x32\...\{1D87A9A8-62B0-486D-BA10-69A1F8963F43}) (Version: 1.00.0000 - NextUp Technologies, LLC)
NextUp-ScanSoft Emily British Voice (HKLM-x32\...\{784536A4-9AC3-4811-9456-9BF0B56C2531}) (Version: 4.0.0 - NextUp.com)
NVIDIA Graphics Driver 332.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.28 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Paragon Hard Disk Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Parallels Tools (HKLM\...\{9791A40D-A72F-47A6-B2F5-FCE26CAC487E}) (Version: 9.0.24172 - Parallels Software International Inc)
Passware Kit Forensic 13.5 (64-bit) (HKLM\...\{AB953328-443B-4565-809E-0ABB201E5A31}) (Version: 13.5.8557 - Passware)
PDF Password Remover v5.0 (HKLM-x32\...\PDF Password Remover v5.0_is1) (Version:  - VeryPDF.com Inc.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
PhoneBrowse 3.2.0 (HKLM-x32\...\{6A4F3A46-FC4A-4B5C-917C-B9BAAB99FE01}}_is1) (Version: 3.2.0 - iMobie Inc.)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.1.0 - Popcorn Time) <==== ATTENTION
Python 2.7.6 (64-bit) (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}) (Version: 2.7.6150 - Python Software Foundation)
QuestionBank 3.1.1.1798 (HKLM-x32\...\QuestionBank_is1) (Version: 3.1.1.1798 - Speedwell)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
R for Windows 2.15.1 (HKLM\...\R for Windows 2.15.1_is1) (Version: 2.15.1 - R Core Team)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
Rachel (HKLM-x32\...\{4C2FFF92-0B63-4D18-9690-ED310E3A604D}) (Version: 1.00.0000 - Naturalsoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.507 - RStudio)
Scapple (HKLM-x32\...\Scapple 1000) (Version: 1000 - Literature and Latte)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version:  - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{CD62BCB9-02D2-443F-AC7A-443377DA5B38}) (Version: 7.31.0.56 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{4FC332FE-CBE3-4AE0-B531-35048FD81912}) (Version: 12.4.1 - TechSmith Corporation) Hidden
Snagit 12 (HKLM-x32\...\{ec29af82-9c9e-420e-ab18-53821c36ac3c}) (Version: 12.4.1.3036 - TechSmith Corporation)
SQL Server 2008 R2 Common Files (HKLM\...\{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Common Files (HKLM\...\{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (HKLM\...\{FA7394B8-CE65-4F9E-AC99-F372AD365424}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (HKLM\...\{FBD367D1-642F-47CF-B79B-9BE48FB34007}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (HKLM\...\{A2122A9C-A699-4365-ADF8-68FEAC125D61}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (HKLM\...\{C942A025-A840-4BF2-8987-849C0DD44574}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{06324A5D-66BB-4FAC-8D0B-9FEC1B230FFF}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{200F38B2-1492-4576-B08C-78F2C2C953FC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM-x32\...\{6CE9A8AA-C478-4706-BD28-95993D52B5A1}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM-x32\...\{D17B5D3D-3BC7-4AFA-AD90-600B5453826E}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Integration Services Scale Out Management Portal (HKLM\...\{6BD8D100-B16C-409E-B0EA-BF508D7874EC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Integration Services Scale Out Management Portal (HKLM\...\{91C5EE43-29D1-4720-AB65-5E2E0FE25990}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Management Studio Extensions (HKLM-x32\...\{6492E746-1C5D-48C2-A92A-97D431F74664}) (Version: 14.0.3006.16 - Microsoft Corporation) Hidden
SQL Server 2017 Management Studio Extensions (HKLM-x32\...\{70C24F35-7E36-45FC-B289-3D2849E5556B}) (Version: 14.0.3006.16 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{2505505B-176A-41B3-91CA-99F2D59DAC4F}) (Version: 14.0.17224.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{9BBE717B-128F-4470-9032-F373273DD237}) (Version: 14.0.17224.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Analysis Services (HKLM\...\{6680F55E-0564-4B8E-BC77-46F860C21EB0}) (Version: 14.0.17224.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Reporting Services (HKLM\...\{91B14D7B-3242-47E2-B5E9-87DE45FA564F}) (Version: 14.0.17224.0 - Microsoft Corporation) Hidden
SSMS Post Install Tasks (HKLM\...\{C1241E94-FCC4-4C40-A3F3-5FD7F79CB0D1}) (Version: 14.0.17224.0 - Microsoft Corporation) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{B53661DC-CD94-4B14-B15F-D9DDCFF72558}) (Version: 12.1.4013.4013 - Symantec Corporation)
Sync (HKLM-x32\...\{96855E80-23DA-11E2-BDFB-09006188709B}) (Version: 1.1.9.1135 - Sync)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
The Best Keylogger (HKLM-x32\...\{D2EA2C4F-5385-428A-8599-17724D2C410F}) (Version: 3.54.06 - The Best Keylogger) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VB-Audio VoiceMeeter VAIO (HKLM\...\VB:VBVOICEMEETER {87459874-1236-4469}) (Version:  - VB-Audio Software)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version:  - )
Viber (HKLM-x32\...\{01B68243-D530-42B0-97D4-DB4DDF236E2F}) (Version: 6.4.2.15 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\{d924dc86-33fe-49b3-9439-8b0e69ec7216}) (Version: 6.4.2.15 - Viber Media Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Workstation (HKLM\...\{132E3257-14F1-411A-BC6C-0CA32D3A9BC6}) (Version: 12.0.0 - VMware, Inc.)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
VT-Bridget-M16-SAPI5 (HKLM-x32\...\{C4367E67-52FE-45C6-889C-F48CE7883CA8}) (Version: 3.11.1.0 - VW)
Windows Driver Package - Apple Inc. (AppleCamera) Image  (11/21/2013 5.0.22.0) (HKLM\...\1FCF3C93707C46D648F0B00E216A55E96DEB5A17) (Version: 11/21/2013 5.0.22.0 - Apple Inc.)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (01/10/2014 5.0.8.0) (HKLM\...\ABCCA6C3F97A148D7C69114CB55DFA9D46053BEA) (Version: 01/10/2014 5.0.8.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (06/30/2015 3.1.0.3) (HKLM\...\AF30EB72B0C568FA3CE1D6CE32BA174F4760C582) (Version: 06/30/2015 3.1.0.3 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (09/04/2013 5.0.2.0) (HKLM\...\277F15E06E6EEB458048F41BCB8FB843B3241E95) (Version: 09/04/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0) (HKLM\...\742CB1BDA52EA9F1BBE482DA6DAA17944652B476) (Version: 09/11/2012 4.0.3.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple SD Card Reader (07/22/2013 1.0.0.1) (HKLM\...\D323E2C0C5E4948B07EE346CF62161281B0A8578) (Version: 07/22/2013 1.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple System Device (05/20/2013 5.0.2.0) (HKLM\...\1A9F109A8ACEE4CA1F898708DBB0FBA6EF0587FC) (Version: 05/20/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0) (HKLM\...\551732BB0872DA97E26385C221B172A5BD4DE93C) (Version: 10/29/2011 5.0.0.0 - Apple Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net  (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows Driver Package - Broadcom (b57nd60a) Net  (09/04/2012 15.4.0.17) (HKLM\...\75E64992A03EC5E73D33586790CC506561DCC5DB) (Version: 09/04/2012 15.4.0.17 - Broadcom)
Windows Driver Package - Broadcom (B57ports) Net  (06/16/2009 1.0.0.1) (HKLM\...\FC2077892425ED71A137B1CB6D99A9CA7475435D) (Version: 06/16/2009 1.0.0.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net  (11/13/2012 5.106.199.1) (HKLM\...\3D6DDDCF8961C8C866F6660579A59B5B6CFA281F) (Version: 11/13/2012 5.106.199.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net  (12/13/2013 6.30.223.215) (HKLM\...\A5E73046BA905B7B0235AB40FA98A4E3AB96E00E) (Version: 12/13/2013 6.30.223.215 - Broadcom)
Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost  (08/14/2012 1.0.0.243) (HKLM\...\ADF3AD5C5705E56E7DEA1447D58EFF216BA1223D) (Version: 08/14/2012 1.0.0.243 - Broadcom Corporation)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (02/19/2013 6.6001.1.40) (HKLM\...\969EFE1D5E95B01D3C42B9D0363FA64AF9E336E7) (Version: 02/19/2013 6.6001.1.40 - Cirrus Logic, Inc.)
Windows Driver Package - Cirrus Logic, Inc. (CirrusLFD) MEDIA  (10/03/2013 6.6001.3.13) (HKLM\...\9EBC96DD99F2C854D540FBF6A16A557BADDBC228) (Version: 10/03/2013 6.6001.3.13 - Cirrus Logic, Inc.)
Windows Driver Package - Intel (e1express) Net  (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows Driver Package - Intel (e1kexpress) Net  (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows Driver Package - Intel (e1qexpress) Net  (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows Driver Package - Intel (e1rexpress) Net  (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows Driver Package - Intel (e1yexpress) Net  (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows Driver Package - Intel System  (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows Driver Package - Marvell (yukonx64) Net  (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
Windows Driver Package - Trackpad++ Team (trackpad_plus_plus_x64) Mouse  (06/30/2015 3.1.0.3) (HKLM\...\8A6BD836B557E4CD2D903A6C4CD35335CC2EEFB5) (Version: 06/30/2015 3.1.0.3 - Trackpad++ Team)
Windows Driver Package - Vladimir Plenskiy Software (trackpad_plus_plus_x64) Mouse  (12/12/2013 3.0.0.0) (HKLM\...\16DED8CB2C71112EEE06DC739FC288B342AE52B5) (Version: 12/12/2013 3.0.0.0 - Vladimir Plenskiy Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
دليل الهاتف (HKLM-x32\...\دليل الهاتف2.0) (Version: 2.0 - Arena Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user004\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\user004\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\user004\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{60813F68-E9F7-4B3C-80B4-A76A66211660}\localserver32 -> C:\Users\user004\AppData\Local\SkypePlugin\7.32.6.278\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{A62E09B4-6467-4E0F-9B52-E61D8BC9FC69}\localserver32 -> C:\Users\user004\AppData\Local\SkypePlugin\7.31.0.56\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\user004\AppData\Local\SkypePlugin\7.32.6.278\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{E5A7A7B5-9D06-4DBE-BAC0-04B69FF070B5}\InprocServer32 -> C:\Users\user004\AppData\Local\SkypePlugin\7.31.0.56\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2237259298-907951129-3901279771-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [			IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.)
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {07b40172-9807-3c1c-ba59-6079a4aac108} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {04594f02-32ea-3587-9086-f41d8e0913ce} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {89dd0924-32ad-3eef-af9e-47999ec8e5ea} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {6186e773-c867-3e53-bafc-97618c51f764} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {cb7cb4c9-490e-3599-b355-e16ba7b83aa6} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AAASyncNo] -> {CD0DD5EC-23D2-4AE0-A111-C7B89038E695} => C:\Program Files (x86)\Sync\ASyncOverlay64.dll [2016-11-03] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   AAASyncProg] -> {9A1FA446-6778-4A02-883B-3100549CF193} => C:\Program Files (x86)\Sync\ASyncOverlay64.dll [2016-11-03] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   AAASyncRoot] -> {B57A832B-F40A-4A9D-A0F5-49E7D17B8EE4} => C:\Program Files (x86)\Sync\ASyncOverlay64.dll [2016-11-03] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   AAASyncSkip] -> {AFE40DBB-AB20-4979-B0D2-483B6866C8C9} => C:\Program Files (x86)\Sync\ASyncOverlay64.dll [2016-11-03] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   AAASyncYes] -> {9C569020-57C0-4CE0-9605-8AD42F4B1C7F} => C:\Program Files (x86)\Sync\ASyncOverlay64.dll [2016-11-03] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\user004\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-30] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\user004\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-30] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\user004\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-30] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [PrlToolsShellExt] -> {456C7CE2-DAAA-4333-A715-898D4671BBD4} => C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll [2013-12-03] (Parallels Holdings, Ltd. and its affiliates.)
ShellIconOverlayIdentifiers-x32: [   AAASyncNo] -> {CD0DD5EC-23D2-4AE0-A111-C7B89038E695} => C:\Program Files (x86)\Sync\ASyncOverlay64.dll [2016-11-03] (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [   AAASyncProg] -> {9A1FA446-6778-4A02-883B-3100549CF193} => C:\Program Files (x86)\Sync\ASyncOverlay64.dll [2016-11-03] (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [   AAASyncRoot] -> {B57A832B-F40A-4A9D-A0F5-49E7D17B8EE4} => C:\Program Files (x86)\Sync\ASyncOverlay64.dll [2016-11-03] (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [   AAASyncSkip] -> {AFE40DBB-AB20-4979-B0D2-483B6866C8C9} => C:\Program Files (x86)\Sync\ASyncOverlay64.dll [2016-11-03] (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [   AAASyncYes] -> {9C569020-57C0-4CE0-9605-8AD42F4B1C7F} => C:\Program Files (x86)\Sync\ASyncOverlay64.dll [2016-11-03] (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\user004\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-30] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\user004\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-30] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\user004\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-30] ()
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\user004\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-30] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [BoxContextMenuClient] -> {fecb08a0-0b4b-3804-94f3-ea1e5f80fd9c} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ContextMenuHandlers1: [DivXShellExtensionItem] -> {48A8A3B0-57E8-4F2B-A49D-19E02B92377B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2017-05-25] (DivX, LLC)
ContextMenuHandlers1: [DivXShellExtensionItem64] -> {6B49A276-0DBA-43F4-BC96-A841AD11B40B} => C:\Program Files (x86)\Common Files\DivX Shared\DivXShellExtension64.dll [2017-05-25] (DivX, LLC)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-04-24] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\vpshell2.dll [2013-10-21] (Symantec Corporation)
ContextMenuHandlers1: [PrlToolsShellExt] -> {456C7CE2-DAAA-4333-A715-898D4671BBD4} => C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll [2013-12-03] (Parallels Holdings, Ltd. and its affiliates.)
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2015-08-14] (TechSmith Corporation)
ContextMenuHandlers1: [SyncComContextShlExt] -> {0dcd9583-eb2f-4e08-a146-885c923c0833} => C:\Program Files (x86)\Sync\SyncComCtx64.dll [2016-11-03] ()
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2008-11-20] (Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] ()
ContextMenuHandlers2: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\vpshell2.dll [2013-10-21] (Symantec Corporation)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2008-11-20] (Elaborate Bytes AG)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2015-08-14] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2015-08-14] (VMware, Inc.)
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\user004\AppData\Local\MEGAsync\ShellExtX64.dll [2017-11-30] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers4: [BoxContextMenuClient] -> {fecb08a0-0b4b-3804-94f3-ea1e5f80fd9c} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2015-08-14] (TechSmith Corporation)
ContextMenuHandlers4: [SyncComContextShlExt] -> {0dcd9583-eb2f-4e08-a146-885c923c0833} => C:\Program Files (x86)\Sync\SyncComCtx64.dll [2016-11-03] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-12-24] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2014-11-21] (Mythicsoft Ltd)
ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\vpshell2.dll [2013-10-21] (Symantec Corporation)
ContextMenuHandlers6: [PrlToolsShellExt] -> {456C7CE2-DAAA-4333-A715-898D4671BBD4} => C:\Program Files (x86)\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll [2013-12-03] (Parallels Holdings, Ltd. and its affiliates.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-02-17] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-02-17] ()
ContextMenuHandlers1_S-1-5-21-2237259298-907951129-3901279771-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2237259298-907951129-3901279771-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2237259298-907951129-3901279771-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\user004\AppData\Roaming\Dropbox\bin\DropboxExt64.22.0.dll [2018-07-31] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {012DE9BD-4555-4ECF-883D-42080D224B6A} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2017-03-27] (Adobe Systems Incorporated)
Task: {0223768D-03A0-45C7-BBB4-E2A3B2ED8892} - System32\Tasks\{FD8B6521-3045-4BC2-8C67-25145B8DAE00} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {0A220196-29E1-453C-977E-892958E9CFB3} - System32\Tasks\{AF4EB095-D3A6-46E7-9887-C506F3B0B539} => C:\Windows\system32\pcalua.exe -a "C:\Users\user004\Downloads\PS3 Controller to PC (2015) - TechLabs\SCP DS3 Driver Package\vcredist_x86.exe" -d "C:\Users\user004\Downloads\PS3 Controller to PC (2015) - TechLabs\SCP DS3 Driver Package"
Task: {10321305-4184-4791-A849-21F8DC99797A} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {1A063400-9694-4008-9972-2AF5BFDF41C2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2237259298-907951129-3901279771-1000Core => C:\Users\user004\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {1A3FFA86-ECD5-417E-B5F7-512177A5C5A1} - System32\Tasks\AdobeAAMUpdater-1.0-user004-PC-user004 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-20] (Adobe Systems Incorporated)
Task: {23E556A0-ECF2-46DB-BA22-F3093982A8CD} - System32\Tasks\{13B03986-0FE3-4CCE-B7BF-50D95E333BA3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Uninstall.exe" -c -remove
Task: {26B62AA0-F8C4-4CB7-8F6A-98756A0A4D27} - System32\Tasks\PowerPlanAssistantLibrary\PowerPlanAssistantStart => C:\Program Files\PowerPlanAssistant\PowerPlanAssistant.exe
Task: {300DF4AF-CB19-46EA-9BD0-3C4BF59A272E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-18] (Adobe Systems Incorporated)
Task: {358A3623-264E-4C84-94BD-5967AD83405E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-10] (Google Inc.)
Task: {3797E500-B9C3-4456-821B-78E6F036406F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-18] (Adobe Systems Incorporated)
Task: {3AE72793-5604-4EB7-A064-9C231DD9193A} - System32\Tasks\{678BC680-D1AB-48D0-98B5-E7E1138050E6} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\PlotSoft\PDFill\PDFWriter\WriterSetup.exe" -d "C:\Program Files (x86)\PlotSoft\PDFill\PDFWriter"
Task: {44815534-B257-4A36-B6DA-EFCB01973CDA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2237259298-907951129-3901279771-1000
Task: {46669E49-F5CB-474A-A858-ED004F711B75} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-21] ()
Task: {4A7811C1-373E-4BD9-B485-C0DE100223D9} - System32\Tasks\{CAB3F306-C4EA-4FEC-82B9-D2D5D914A86C} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {4EDF12DE-27D7-4288-804A-5E3D6EE299EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-18] (Adobe Systems Incorporated)
Task: {4FE2ECCA-9D2A-4815-9F62-BD3A78F22B69} - System32\Tasks\{49F6EE04-AC79-4375-9B04-46722A7D5120} => C:\Windows\system32\pcalua.exe -a C:\Users\user004\Downloads\BootCamp5.1.5640\BootCamp\Drivers\Apple\AppleKeyboardInstaller64.exe -d C:\Users\user004\Downloads\BootCamp5.1.5640\BootCamp\Drivers\Apple
Task: {546047E3-055E-4804-B0E9-DB3CA0548CBE} - System32\Tasks\{B14187B9-A814-4A82-8822-C20D288319DF} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.21.0.100/en/abandoninstall?page=tsProgressBar
Task: {6200BA1E-9235-4B0F-8FD7-455A8D1764CE} - System32\Tasks\{4C42C1E5-6AFC-42B9-A887-440131BEC416} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {683C2BCA-CFC0-4435-A3DD-B49BAEDC4581} - System32\Tasks\AdobeGCInvoker-1.0-user004-PC-user004 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {7C2FB52C-1161-4853-A597-4C2F6E8EF407} - System32\Tasks\LiveBlog => c:\programdata\{58a1a362-63b0-9892-58a1-1a36263b8d89}\setup.exe <==== ATTENTION
Task: {7EE63CD1-37FF-44AE-8C67-5D75586E551D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {7EE63CD1-37FF-44AE-8C67-5D75586E551D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {7EE63CD1-37FF-44AE-8C67-5D75586E551D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-09-30] (Microsoft Corporation)
Task: {8619F957-10EB-4E3B-8290-1801038C2728} - System32\Tasks\{AF86923F-5955-4B2B-90E1-F787F092C3BE} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.25.0.106/en/abandoninstall?page=tsProgressBar
Task: {8C5F744B-B51B-49B4-8F4A-0FF4FAB4BC9A} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2237259298-907951129-3901279771-1000 => C:\Users\user004\AppData\Local\MEGAsync\MEGAupdater.exe [2018-08-12] (Mega Limited)
Task: {8D7E53EA-160B-4C3F-B260-ED52220D3AF6} - System32\Tasks\{D95BB9F9-5E6D-41A3-B14E-AADFC484D8D1} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\VideoDownloaderUltimateWinApp\Uninstall.exe
Task: {8DA5DFA6-E759-4E2D-9CCF-1F2FBB57F569} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {8DA5DFA6-E759-4E2D-9CCF-1F2FBB57F569} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-09-30] (Microsoft Corporation)
Task: {951C8EF2-C0AB-4CD4-922B-5CC80C97DB42} - System32\Tasks\TrackpadPlusPlusLibrary\TrackpadPlusPlusStart => C:\Program Files\TrackpadPlusPlus\Trackpad++ Control Module Initializer.exe
Task: {9E77BAF1-E570-44FC-A41A-BF3EE9802789} - System32\Tasks\{5273AC55-583C-4D03-996F-34DC945BC384} => C:\Windows\system32\pcalua.exe -a "C:\Users\user004\Downloads\natural reader 11\paul852974635b.exe" -d "C:\Users\user004\Downloads\natural reader 11"
Task: {A399A45F-B0F2-49E3-825B-67637935FE9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-10] (Google Inc.)
Task: {B58D203D-127B-469B-8E7F-2CD656CD43FC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {B7BF204F-6F0A-4F09-A23B-A28BC591F39D} - System32\Tasks\{FDFD2771-9922-4CD7-9204-ADED0D5AA297} => C:\Program Files\TrackpadPlusPlus\Trackpad++ Control Module.exe
Task: {C3352897-90FD-4CB8-B263-8CD39896AF0B} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2015-08-11] (TechSmith Corporation)
Task: {CB018299-9D2B-40E0-AC4B-BAA1E4A0F177} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {CC312F59-915C-44F3-9D30-FC700C301C6C} - System32\Tasks\Restart Snagit => C:\Program Files (x86)\TechSmith\Snagit 12\snagit32.exe [2015-08-14] (TechSmith Corporation)
Task: {CC85D48B-A205-4D3F-9E49-4A03EA299980} - System32\Tasks\{65C520D5-7038-4E93-A156-7FF60D0FD903} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.31.0.104/en/abandoninstall?page=tsProgressBar
Task: {D86694FD-F140-4812-868C-5FFB79A2E0B5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {D86694FD-F140-4812-868C-5FFB79A2E0B5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-09-30] (Microsoft Corporation)
Task: {DB1A80C1-8AF3-4190-8598-AD818F1996A0} - System32\Tasks\AnySendUpdateLogin => C:\Program Files (x86)\AnySend\AnySendUpdater.exe
Task: {DF42C53B-4808-402B-961D-A16475E64305} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2237259298-907951129-3901279771-1000UA => C:\Users\user004\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {EBE3892F-34F2-42FE-B01C-42F511597EBE} - System32\Tasks\PPI Update => C:\Windows\explorer.exe "hxxp://windowsdefender.site/download/download.php?mn=9996" <==== ATTENTION
Task: {F2179871-ED1A-4D9D-AFE3-F0E036CBEBEF} - System32\Tasks\{23D0AA08-2886-4173-BBB1-08C43EB3BB20} => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
Task: {F879B175-9074-4319-BC56-B382D04387B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FAE61889-758A-489C-ABAE-E017BCFDD400} - System32\Tasks\AnySendUpdate => C:\Program Files (x86)\AnySend\AnySendUpdater.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2237259298-907951129-3901279771-1000Core.job => C:\Users\user004\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2237259298-907951129-3901279771-1000UA.job => C:\Users\user004\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\LiveBlog.job => c:\programdata\{58a1a362-63b0-9892-58a1-1a36263b8d89}\setup.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\user004\Desktop\UWorld Qbank.lnk -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www2.uworld.com/clients/QbankClient.jnlp "C:\Users\user004\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\44e172a1-3a253b2f"
ShortcutWithArgument: C:\Users\user004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UWorld Qbank\UWorld Qbank.lnk -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www2.uworld.com/clients/QbankClient.jnlp "C:\Users\user004\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\44e172a1-3a253b2f"
ShortcutWithArgument: C:\Users\user004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Passcovery\Accent OFFICE Password Recovery\AccentOPR homepage.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /c start hxxp://passwordrecoverytools.com/

==================== Loaded Modules (Whitelisted) ==============

2014-02-06 13:36 - 2014-02-06 13:36 - 000226112 _____ () C:\Windows\system32\AppleOSSMgr.exe
2015-08-14 15:02 - 2015-08-14 15:02 - 012465344 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2014-03-17 07:32 - 2012-02-17 21:55 - 000193536 _____ () C:\Program Files\WinRAR\rarext.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2010-10-20 16:23 - 2010-10-20 16:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-11 20:43 - 2015-06-11 20:44 - 001180672 _____ () C:\Users\user004\Documents\swap-alt-ctrl.exe
2018-05-30 11:03 - 2018-05-30 11:03 - 046281248 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2017-04-15 20:39 - 2017-04-15 20:39 - 000009742 _____ () C:\Program Files (x86)\i2p\jcpuid.dll
2017-04-15 20:39 - 2017-04-15 20:39 - 000212992 _____ () C:\Program Files (x86)\i2p\jbigi.dll
2015-08-14 15:02 - 2015-08-14 15:02 - 001301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-08-14 15:02 - 2015-08-14 15:02 - 000191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-08-14 15:02 - 2015-08-14 15:02 - 000388800 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-08-14 15:02 - 2015-08-14 15:02 - 000165056 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2018-08-01 19:10 - 2018-07-31 02:25 - 001108672 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-08-01 19:10 - 2018-07-31 02:25 - 002247872 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-05-15 01:10 - 2018-07-31 02:28 - 000021704 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\tornado.speedups.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:26 - 000022752 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000135840 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\_cffi_backend.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:26 - 001881816 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:26 - 000023768 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:25 - 000111760 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\pywintypes35.dll
2018-05-15 01:10 - 2018-07-31 02:25 - 000103576 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32api.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 000069320 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:26 - 000080064 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\fastpath.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:25 - 000400016 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\pythoncom35.dll
2018-05-15 01:10 - 2018-07-31 02:25 - 000024728 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32event.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000043680 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32process.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:25 - 000021656 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\mmapfile.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000125080 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32file.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000114848 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32security.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:28 - 000392392 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32com.shell.shell.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:28 - 000030432 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000024736 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32clipboard.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000175768 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32gui.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000024728 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32pipe.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000026264 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000048800 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32service.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000058016 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32evtlog.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:28 - 000024784 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:26 - 000022728 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:28 - 000026336 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:28 - 000070360 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:26 - 000025296 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:28 - 000029904 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winreindex.compiled._winreindex.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 003866304 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:28 - 000089272 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\sip.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 001800896 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 001960640 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000028824 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32ts.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 000155856 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 000521920 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 000051400 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 000043720 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 000131264 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 000220872 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 000205512 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000061080 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32print.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:28 - 000056536 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000024224 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\win32profile.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:28 - 000025304 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:28 - 000023776 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:28 - 000022752 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:28 - 000023768 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:26 - 000028392 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:25 - 000348312 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winxpgui.cp35-win32.pyd
2018-05-15 01:10 - 2018-07-31 02:28 - 000024800 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:26 - 000026840 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:25 - 000036496 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\librsync.dll
2018-05-15 01:10 - 2018-07-31 02:28 - 000023776 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:26 - 000181432 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-05-15 01:10 - 2018-07-31 02:28 - 000031952 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:26 - 000024752 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-08-01 19:10 - 2018-07-31 02:26 - 001638576 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-05-15 01:10 - 2018-07-31 02:28 - 000027352 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 000547008 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 000360128 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.cp35-win32.pyd
2018-08-01 19:10 - 2018-07-31 02:27 - 000038600 _____ () C:\Users\user004\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.cp35-win32.pyd
2018-01-09 08:12 - 2014-01-31 18:54 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\$RECYCLE.BIN:Mac_Metadata [42]
AlternateDataStreams: C:\.apdisk:Mac_Metadata [42]
AlternateDataStreams: C:\.DS_Store:Mac_Metadata [42]
AlternateDataStreams: C:\.fseventsd:Mac_Metadata [42]
AlternateDataStreams: C:\.TemporaryItems:AFP_AfpInfo [130]
AlternateDataStreams: C:\.TemporaryItems:com.apple.quarantine [37]
AlternateDataStreams: C:\.TemporaryItems:Mac_Metadata [42]
AlternateDataStreams: C:\.Trashes:AFP_AfpInfo [130]
AlternateDataStreams: C:\.Trashes:Mac_Metadata [42]
AlternateDataStreams: C:\._.apdisk:Mac_Metadata [42]
AlternateDataStreams: C:\._.DS_Store:Mac_Metadata [42]
AlternateDataStreams: C:\Boot:Mac_Metadata [42]
AlternateDataStreams: C:\bootmgr:Mac_Metadata [42]
AlternateDataStreams: C:\Config.Msi:Mac_Metadata [42]
AlternateDataStreams: C:\found.000:Mac_Metadata [42]
AlternateDataStreams: C:\HOBDR:Mac_Metadata [42]
AlternateDataStreams: C:\MSOCache:Mac_Metadata [42]
AlternateDataStreams: C:\ProgramData:Mac_Metadata [42]
AlternateDataStreams: C:\Recovery:Mac_Metadata [42]
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Program Files\desktop.ini:Mac_Metadata [42]
AlternateDataStreams: C:\Program Files\Uninstall Information:Mac_Metadata [42]
AlternateDataStreams: C:\Program Files (x86)\desktop.ini:Mac_Metadata [42]
AlternateDataStreams: C:\Program Files (x86)\InstallShield Installation Information:Mac_Metadata [42]
AlternateDataStreams: C:\Program Files (x86)\Kaseya:Mac_Metadata [42]
AlternateDataStreams: C:\Program Files (x86)\Temp:Mac_Metadata [42]
AlternateDataStreams: C:\Program Files (x86)\Uninstall Information:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\BitLockerDiscoveryVolumeContents:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\inf:AFP_AfpInfo [130]
AlternateDataStreams: C:\Windows\inf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\Installer:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\msdownld.tmp:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\WindowsShell.Manifest:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-ums-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-lsalookup-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-sddl-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-service-core-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-service-management-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-service-management-l2-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\api-ms-win-service-winsvc-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\desktop.ini:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\GroupPolicy:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\AI_RecycleBin:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-lsalookup-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-sddl-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-service-core-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-service-management-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-service-management-l2-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-service-winsvc-l1-1-0.dll:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\drivers:AFP_AfpInfo [130]
AlternateDataStreams: C:\Windows\SysWOW64\drivers:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\DriverStore:AFP_AfpInfo [130]
AlternateDataStreams: C:\Windows\SysWOW64\DriverStore:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\mlfcache.dat:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\servdat.slm:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\BCD-Template.LOG:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS.LOG:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS.LOG1:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS.LOG2:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{0abf187d-ad53-11e4-84e1-de46ae4aa8e7}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{0abf187d-ad53-11e4-84e1-de46ae4aa8e7}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{0abf187d-ad53-11e4-84e1-de46ae4aa8e7}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{13c2166d-c823-11e3-ac43-cf2592e67c10}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{13c2166d-c823-11e3-ac43-cf2592e67c10}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{13c2166d-c823-11e3-ac43-cf2592e67c10}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{1fdd165c-9186-11e5-a9f7-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{1fdd165c-9186-11e5-a9f7-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{1fdd165c-9186-11e5-a9f7-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{23ac4814-3f98-11e5-a091-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{23ac4814-3f98-11e5-a091-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{23ac4814-3f98-11e5-a091-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{2bb66bf1-6a99-11e5-9826-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{2bb66bf1-6a99-11e5-9826-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{2bb66bf1-6a99-11e5-9826-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{2d8b0783-5ebd-11e5-9833-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{2d8b0783-5ebd-11e5-9833-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{2d8b0783-5ebd-11e5-9833-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{37408794-a4e2-11e5-bac7-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{37408794-a4e2-11e5-bac7-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{37408794-a4e2-11e5-bac7-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{3f177539-64a4-11e5-98c4-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{3f177539-64a4-11e5-98c4-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{3f177539-64a4-11e5-98c4-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{54cd246c-9ad2-11e5-bae9-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{54cd246c-9ad2-11e5-bae9-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{54cd246c-9ad2-11e5-bae9-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{562b4819-79c4-11e5-a900-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{562b4819-79c4-11e5-a900-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{562b4819-79c4-11e5-a900-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{5e1236cb-6cf4-11e5-a0dd-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{5e1236cb-6cf4-11e5-a0dd-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{5e1236cb-6cf4-11e5-a0dd-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{5ef2b4f7-80aa-11e5-8fc7-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{5ef2b4f7-80aa-11e5-8fc7-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{5ef2b4f7-80aa-11e5-8fc7-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{77db2f58-8654-11e5-a938-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{77db2f58-8654-11e5-a938-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{77db2f58-8654-11e5-a938-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{7b20f498-3eb5-11e5-a851-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{7b20f498-3eb5-11e5-a851-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{7b20f498-3eb5-11e5-a851-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{7db7f73c-1f6e-11e5-a0b1-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{7db7f73c-1f6e-11e5-a0b1-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{7db7f73c-1f6e-11e5-a0b1-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{a30662df-86d6-11e5-a9d9-eb1f07dd343f}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{a30662df-86d6-11e5-a9d9-eb1f07dd343f}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{a30662df-86d6-11e5-a9d9-eb1f07dd343f}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{a93e7cac-8af0-11e5-a983-005056c00008}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{a93e7cac-8af0-11e5-a983-005056c00008}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{a93e7cac-8af0-11e5-a983-005056c00008}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{d69788af-a466-11e4-9791-bb03f8e40dc8}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{d69788af-a466-11e4-9791-bb03f8e40dc8}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{d69788af-a466-11e4-9791-bb03f8e40dc8}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{fd539103-304c-11e5-8fb8-7831c1bf1c61}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{fd539103-304c-11e5-8fb8-7831c1bf1c61}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{fd539103-304c-11e5-8fb8-7831c1bf1c61}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\DEFAULT.LOG:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\DEFAULT.LOG1:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\DEFAULT.LOG2:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\SAM.LOG:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\SAM.LOG1:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\SAM.LOG2:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\SECURITY.LOG:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\SECURITY.LOG1:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\SECURITY.LOG2:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\SOFTWARE.LOG:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\SOFTWARE.LOG1:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\SOFTWARE.LOG2:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\SYSTEM.LOG:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\SYSTEM.LOG1:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\config\SYSTEM.LOG2:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\.com.greenworldsoft.syncfolderspro:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\.com.greenworldsoft.syncfolderspro:com.apple.TextEncoding [15]
AlternateDataStreams: C:\Windows\system32\Drivers\.com.greenworldsoft.syncfolderspro:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\hssdrv6.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\hssdrv6.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\idmwfp.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\idmwfp.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\IntelHaxm.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\IntelHaxm.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\mpszfilt.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\mpszfilt.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_AppleBtBc_01005.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_applemtm_01005.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_applemtp_01005.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_AppleSDR_01005.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_CSLFD_01011.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_CSUFD_01011.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_KeyMagic_01005.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_trackpad_plus_plus_x64_01011.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_User_SensorsAlsDriver_01_09_00.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\neo_vpn.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\neo_vpn.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\netr28ux.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\netr28ux.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\rndismpx.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\rndismpx.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\UimBus.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\UimBus.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\UimFIO.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\UimFIO.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\uim_devim.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\uim_devim.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\uim_im.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\uim_im.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023x.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023x.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\ar-SA:AFP_AfpInfo [130]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\ar-SA:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\en-US:AFP_AfpInfo [130]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\en-US:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\fr-FR:AFP_AfpInfo [130]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\fr-FR:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\gm.dls:AFP_AfpInfo [130]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\gm.dls:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\gmreadme.txt:AFP_AfpInfo [130]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\gmreadme.txt:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\mpfilt.sys:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\mpfilt.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\UMDF:AFP_AfpInfo [130]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\UMDF:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\vstor2-mntapi20-shared.sys:AFP_AfpInfo [130]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\vstor2-mntapi20-shared.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\wimmount.sys:AFP_AfpInfo [130]
AlternateDataStreams: C:\Windows\SysWOW64\Drivers\wimmount.sys:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\etc\hosts - Copy:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\etc\hosts - Copy:Mac_Metadata [42]
AlternateDataStreams: C:\Windows\system32\Drivers\etc\HOSTS.BACKUP:com.apple.quarantine [30]
AlternateDataStreams: C:\Windows\system32\Drivers\etc\HOSTS.BACKUP:Mac_Metadata [42]
AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\.DS_Store:Mac_Metadata [42]
AlternateDataStreams: C:\Users\All Users:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default User:Mac_Metadata [42]
AlternateDataStreams: C:\Users\desktop.ini:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Administrator\AppData:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Administrator\Cookies:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Administrator\NTUSER.DAT:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Administrator\AppData\Local\History:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Administrator\AppData\Local\Temporary Internet Files:Mac_Metadata [42]
AlternateDataStreams: C:\ProgramData\Application Data:Mac_Metadata [42]
AlternateDataStreams: C:\ProgramData\Desktop:Mac_Metadata [42]
AlternateDataStreams: C:\ProgramData\Favorites:Mac_Metadata [42]
AlternateDataStreams: C:\ProgramData\TEMP:8927A071 [394]
AlternateDataStreams: C:\ProgramData\TEMP:D05E2C0A [126]
AlternateDataStreams: C:\ProgramData\TEMP:EE2590EC [268]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:Mac_Metadata [42]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default\AppData:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default\Cookies:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default\NTUSER.DAT:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default\NTUSER.DAT.LOG:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default\NTUSER.DAT.LOG1:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default\NTUSER.DAT.LOG2:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default\AppData\Local\History:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default\AppData\Local\Temporary Internet Files:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default User\AppData\Local\History:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Default User\AppData\Local\Temporary Internet Files:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Public\Desktop:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Public\desktop.ini:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Public\Favorites:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Public\Libraries:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Public\Downloads\desktop.ini:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\.DS_Store:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\.obs32:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\._.DS_Store:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\AppData:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\Cookies:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\NTUSER.DAT:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\ntuser.dat.LOG1:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\ntuser.dat.LOG2:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\ntuser.ini:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\Downloads\.TemporaryItems:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\user004\Downloads\.TemporaryItems:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\Downloads\._56HGckIETn2txxHP69PSd67y.jpg:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\Downloads\._avatar.jpg:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\Downloads\20 Feb 2017 day 1 schedule.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\20101124113756_PartB Yellow Oral Candidate gu.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\20140820105852_Guide to Marking System (B) 20.doc:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\20_hzamo_yaas.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\42837481064AH.DIC:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\42837481068AH.DIC:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\42837486659AH.DIC:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\Ahmed Hawwa Statement of Account (1).pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\Ahmed Hawwa Statement of Account (2).pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\Ahmed Hawwa Statement of Account (3).pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\Ahmed Hawwa Statement of Account (4).pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\Ahmed Hawwa Statement of Account.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\desktop.ini:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\Downloads\elebda3.net-wq-3438.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\HijackThis.exe:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\IMG_3980.JPG:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\la-tahzn.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\Oxford Handbook of General Practice.zip:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\PEDIATRICSATAGLANCE.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\SC1 Opthalmology - Waterford- Rotation 2 -2016.xlsx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\SC1 Paeds Peripheral Accommodation List - Rotation 2-2017.xlsx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\StatementArchive_19 February 2017 (1).pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\StatementArchive_19 February 2017 (2).pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\StatementArchive_19 February 2017 (3).pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\StatementArchive_19 February 2017 (4).pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\StatementArchive_19 February 2017 (5).pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\StatementArchive_19 February 2017.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\Downloads\Thumbs.db:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\Downloads\trolls_HI_english-1490260.zip:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\user004\AppData\Local\EmieBrowserModeList:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\AppData\Local\EmieSiteList:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\AppData\Local\EmieUserList:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\AppData\Local\History:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\AppData\Local\IconCache.db.backup2:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\AppData\Local\IconCache.dbnew:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\AppData\Local\Temporary Internet Files:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\AppData\LocalLow\EmieSiteList:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\AppData\LocalLow\EmieUserList:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\AppData\LocalLow\Microsoft:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini:Mac_Metadata [42]
AlternateDataStreams: C:\Users\user004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\AppData:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\Cookies:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\NTUSER.DAT:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\ntuser.dat.LOG1:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\ntuser.dat.LOG2:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\NTUSER.DAT{c7a4e6a5-53c7-11e2-a6ba-005056c00008}.TM.blf:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\NTUSER.DAT{c7a4e6a5-53c7-11e2-a6ba-005056c00008}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\NTUSER.DAT{c7a4e6a5-53c7-11e2-a6ba-005056c00008}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\ntuser.ini:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\AppData\Local\History:Mac_Metadata [42]
AlternateDataStreams: C:\Users\_typetecadmin\AppData\Local\Temporary Internet Files:Mac_Metadata [42]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KATYPRLN72939440383015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KATYPRLN72939440383015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2237259298-907951129-3901279771-1000\Software\Classes\.exe: exefile =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\aston.ac.uk -> hxxps://webvpn.aston.ac.uk
IE trusted site: HKU\S-1-5-21-2237259298-907951129-3901279771-1000\...\hola.org -> hxxp://hola.org

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-06-15 03:12 - 000001010 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 www.mefeedia.com
0.0.0.0 www.mefeedia.com
0.0.0.0 delivery.anchorfree.us/land.php
0.0.0.0 www.mefeedia.com
0.0.0.0 www.mefeedia.com
0.0.0.0 delivery.anchorfree.us/land.php

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2237259298-907951129-3901279771-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user004\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.211.55.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BoxSyncUpdateService => 3
MSCONFIG\Services: nltfxifflsrnkg => 2
MSCONFIG\Services: TechSmith Uploader Service => 2
MSCONFIG\Services: TunnelBearMaintenance => 3
MSCONFIG\Services: vpnagent => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^user004^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user004^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user004^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user004^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PureVPN.lnk => C:\Windows\pss\PureVPN.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user004^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TotalVPN.lnk => C:\Windows\pss\TotalVPN.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: BoxSync => "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
MSCONFIG\startupreg: chromebrowser => "C:\Windows\chromebrowser.exe"
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Dropbox Update => "C:\Users\user004\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: EaseUS Cleanup => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe" 10 300
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: GoogleChromeAutoLaunch_B77E507318394D440D8878740FDABD6D => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MMReminderService => C:\Program Files\Mindjet\MindManager 16\MMReminderService.exe
MSCONFIG\startupreg: Parallels Tools Center => "C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: VideoDownloaderUltimate => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe /repair
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1ABFEB15-2FD0-4711-A36E-9AEE092FEB11}] => (Allow) C:\Users\user004\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FAFD6050-A156-4565-8D15-FAF05323E932}] => (Allow) C:\Users\user004\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0054AACB-DFBE-4ADC-B62D-FCD21FBA18A2}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{223A270B-C0F2-4B7B-8D2E-8C93D7AB55B4}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{1394971C-8E87-4FEE-84B1-C9B327485562}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{93C5E52E-8562-401C-8E02-8550F28D6CBF}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{0F1D0DAD-00D0-46AA-A8E9-484BDD281783}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{108AFBED-A151-45D6-80BA-37E22103C1F1}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{7CF32DA3-21F8-4D88-8541-E2058593E272}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{EF658A1A-5C47-4D52-8EE8-57D629695E68}] => (Allow) LPort=8298
FirewallRules: [{0BCD887C-A44E-45D7-B0BC-E0A428B66783}] => (Allow) C:\Users\user004\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{C8AF9CA3-F0CB-4E81-BB9D-0BEFF5480D23}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5AA5D22C-EFD4-4CC8-9093-0DBAEF95C6F5}] => (Allow) LPort=2869
FirewallRules: [{BB7AFE7D-1D8F-4016-858D-147C3F7A3D6A}] => (Allow) LPort=1900
FirewallRules: [{97ED929B-D7E2-49DC-BB52-2599583E55A1}] => (Allow) C:\Program Files (x86)\LowRateVoip.com\LowRateVoip\LowRateVoip.exe
FirewallRules: [{625856C4-F186-46C8-9204-7A2D3410D8AE}] => (Allow) C:\Program Files (x86)\LowRateVoip.com\LowRateVoip\LowRateVoip.exe
FirewallRules: [{022F35D6-D326-4D59-A9DD-F1F7E0B550ED}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{6CB8D5A9-4AD1-42C4-B70A-014633204C7D}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{86804C31-BD32-404D-9D89-11C3F823A24F}] => (Allow) C:\Users\user004\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{C06CBC6C-25BE-4AEC-AE49-01D5894283FB}] => (Allow) C:\Users\user004\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{B80F4E03-739F-40D8-BBBC-D1EC84DAE40B}] => (Allow) C:\Users\user004\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{A9759DDF-5D90-400F-A317-1B2AA79C5E47}] => (Allow) C:\Users\user004\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{44E5CEC8-2354-4C4D-BA54-6F8F5A695ED5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{FE37EF18-1EC0-47DD-BF37-097BDEA4DA30}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{D798F9E5-0103-4CBA-B1E5-17F1437F2044}] => (Allow) C:\Program Files (x86)\LowRateVoip.com\LowRateVoip\LowRateVoip.exe
FirewallRules: [{3A3365F6-DE68-48FE-99E4-0C98A88D0164}] => (Allow) C:\Program Files (x86)\LowRateVoip.com\LowRateVoip\LowRateVoip.exe
FirewallRules: [{421DD6C2-6D94-45EB-B8F7-74E2B68197C2}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
FirewallRules: [{4BA27AC4-BCE3-483F-AD31-78CCA0771742}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
FirewallRules: [{9EF124A0-C0B4-4053-86E5-738C76E2886C}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
FirewallRules: [{905D2BE4-A350-4D57-9342-40E55191F091}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
FirewallRules: [{7C74D730-BCFB-4416-B5ED-3446A81A01F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{10B1E5F6-C78C-4116-9B16-D0881FA0A0EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{864BA5A5-E3AE-4442-9206-0A6D32D6E86F}C:\users\user004\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\user004\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{65E2265A-4491-44D6-84D2-0E487D6DBBCB}C:\users\user004\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\user004\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{7A5FE13A-A4A7-4B9E-8C00-F4F88557CD44}] => (Allow) C:\Users\user004\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D0825C2C-92F4-4B35-ACD5-63D71D1943DE}] => (Allow) C:\Users\user004\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{09CA0575-F93D-4F8A-9D05-5F136D28A9A6}] => (Allow) C:\Users\user004\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5AF32ADC-08F8-48A3-82A2-FFE146D9DF08}] => (Allow) C:\Users\user004\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F658AD50-ADAB-4AF1-ACF0-035B729536EB}] => (Allow) C:\Users\user004\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{290B688E-564A-4F31-A8AA-3BCA1D630318}] => (Allow) C:\Users\user004\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ADCE10DA-175B-4223-9F3D-50E5932E9823}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{509AE90F-F644-44B9-BCDC-5AB67C2EA701}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{1662DA5F-6942-43BD-A44D-75DD1C08558B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{D7626264-C916-4C66-9EEA-21963DDA9DBE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{5CD00663-6C42-40FB-BE06-9DDCF6D4BA9B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{F25E40C6-BC1E-4AA7-946F-795CA7F843B7}] => (Allow) C:\Users\user004\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{785FC55F-3998-48AA-A230-5AC82AB61B00}] => (Allow) C:\Users\user004\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CFC5FAA7-8F7E-47BC-9A5C-5847A4AD3705}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A590B857-ABCC-4C28-9649-82832B1F5E4D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{10DAB649-4E9A-419C-ACEA-5D29B218411D}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{E82C226A-8365-433E-8F27-80D031F1D542}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{B82356BC-A5A6-4966-BF51-B3B1A4147061}] => (Allow) LPort=10777
FirewallRules: [{45659FB4-69B7-4EBA-9B85-EC0761A1D65D}] => (Allow) LPort=11555
FirewallRules: [{C56E25F9-FDAB-4D92-B862-8EE1C9E4A4F6}] => (Allow) C:\Program Files (x86)\PureVPN\vpnclient.exe
FirewallRules: [{2A826AFE-666A-4F03-AC4E-9000EEC56AB8}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{DE5806C9-1381-4506-BE14-B9E19DA66E26}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{09FDBDE0-D4E4-4AAA-B077-EDD2617F843D}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{59370BA9-A4B0-4375-8D26-07E6167CDF9B}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{800E3033-373C-4290-B1D7-B34FF4D28B4A}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{9BA90B86-A2E9-4C8E-92A3-5A4C5C87CBEC}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{61595661-880A-4D23-9F87-D50ACAD15AA8}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [{815B14C7-CFE5-41E8-9F9F-5F2449B3EF5C}] => (Allow) C:\Users\user004\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{40288301-D40D-4B5E-BDA0-14646AD6F988}] => (Allow) C:\Users\user004\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{00176033-FAD5-45CF-97FF-BFD0A6B56898}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{26CB8B12-BA8A-41CC-8BCA-01C5FF821BB1}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{9542D904-E367-4421-9427-6CC70F1976EB}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{7CB19D4C-088D-4CF4-948F-84EB45F7C226}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{51247A18-201F-4BD4-ACF0-4DE23753AB25}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{A2ED6181-62E3-4E3C-B139-7EA3C24C2A43}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{C25A3067-A4A3-4D1E-B684-4150250D4E42}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-07-2018 00:49:50 Installed Microsoft Solution - B4164D8C-3813-495A-BBBC-BA51D122A226
24-07-2018 00:50:00 Restore Point before Corrupt Patch Registry keys
24-07-2018 00:50:35 Restore Point before Google Drive was removed using Program Install and Uninstall troubleshooter
24-07-2018 00:50:45 Final Restore Point for Google Drive using Program Install and Uninstall troubleshooter.

==================== Faulty Device Manager Devices =============

Name: Intel HAXM Service
Description: Intel HAXM Service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: IntelHaxm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Block device mounter
Description: Block device mounter
Class Guid: {54f3637b-4777-4f96-970c-6bfa5477b542}
Manufacturer: Paragon Software Group
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

The system cannot find message text for message number 0x1069 in the message file for (null).

More help is available by typing NET HELPMSG 4201.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz
Percentage of memory in use: 42%
Total physical RAM: 6067.55 MB
Available physical RAM: 3488.53 MB
Total Virtual: 12433.29 MB
Available Virtual: 10008.48 MB

==================== Drives ================================

Drive c: (BOOTCAMP) (Fixed) (Total:330.07 GB) (Free:33.83 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive x: (Shared Folders) (Network) (Total:3725.73 GB) (Free:3452.36 GB) PrlSF
Drive y: (Shared Folders) (Network) (Total:135.05 GB) (Free:10.89 GB) PrlSF
Drive z: (Shared Folders) (Network) (Total:135.05 GB) (Free:10.89 GB) PrlSF


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.9 GB) (Disk ID: 2761163D)

Partition: GPT.
Partition 2: (Not Active) - (Size=135 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AF)
Partition 4: (Active) - (Size=330.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 AM

Posted 17 August 2018 - 12:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/682047 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 alinato

alinato
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 26 August 2018 - 01:54 PM

Still need help; have done step 2 already.

Let me know if you need anything else please



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:33 AM

Posted 28 August 2018 - 04:00 PM

Greetings alinato and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall all products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan after removal and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:33 AM

Posted 31 August 2018 - 09:56 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:33 AM

Posted 02 September 2018 - 08:18 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users