Jump to content

rezalini

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Here we go... C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting C:\Users\Reza\AppData\Roaming\IDM2\Setup.exe Win32/Idmsq.A potentially unwanted application cleaned by deleting Should i delete them?
  2. I'm still getting redirected ..also my Shredder keeps popping up, even when i only left click. I'm not sure if i did a part of the process incorrectly. It's still the same. Thank You Android8888 p.s. please let me know if i did something incorrect or if i should repeat the process.
  3. Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 Ran by Reza (27-02-2017 11:46:12) Run:1 Running from C:\Users\Reza\Downloads Loaded Profiles: Reza (Available Profiles: Reza) Boot Mode: Normal ============================================== fixlist content: ***************** Start CloseProcesses: CreateRestorePoint: EmptyTemp: ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid=%7B8540FAAA-3170-403B-BDB1-B8CF3242468A%7D&mid=7fb02da0e2c947cdadf9326578a59a8a-16f97391bdb3fd8b1dda9ef65c20f39780e8ace4&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2015-03-04%2019:06:43&v=4.1.5.143&pid=wtu&sg=&sap=hp SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=20121129181019354&tb_oid=29-11-2012&tb_mrud=29-11-2012 SearchScopes: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8540FAAA-3170-403B-BDB1-B8CF3242468A}&mid=7fb02da0e2c947cdadf9326578a59a8a-16f97391bdb3fd8b1dda9ef65c20f39780e8ace4&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2015-03-04 19:06:43&v=4.1.5.143&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File Toolbar: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File] CHR Extension: (Chrome Web Store Payments) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Chrome Media Router) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-25] CHR Extension: (Chrome Web Store Payments) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [16152 2014-06-26] () U3 aspnet_state; no ImagePath CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File Task: {195B9241-56B8-47BF-AF57-522F80AC7EC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {1F343AE1-F994-4A01-A553-A429D94DF3D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {25A88B16-6D40-40B2-AB4F-C013393836E8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {2AA441AF-1C39-44D3-B7FA-9A5A39C64976} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {3D5B6403-E35F-4CF1-9F17-E34C0AD34763} - System32\Tasks\1015avUpdateInfo => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe [2015-10-11] () Task: {46D7E8D5-2116-48F8-B25F-5FFE8B63F1DD} - \PassShow Update -> No File <==== ATTENTION Task: {706164FA-1B7D-45A0-BF3B-6549035B76C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {9369AF83-2DD2-4F8E-A640-220B6289A2EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {A0AE359D-1DE7-4641-93C1-F4A9FB318E8A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {B305C3E0-5245-4C39-A853-1A0623D77245} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {C148FFC7-C767-41D5-BD4A-9DB42752A336} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {C8E863F2-B72E-4725-B66D-B6FA98CA8A67} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {DCECC6D0-3473-4C5E-9557-16BDF02FDF38} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {F31DEFDF-E414-47D7-AC13-A7A928F6B4B4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [170] FirewallRules: [{7EFA68E4-5207-47C5-8F2B-1ED09FEB2229}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{7E21B876-BA4B-4A3C-A5D6-46D204F38017}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{E40E1F07-B915-4605-89F8-C0731211EC8A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{06DE4B17-98FA-47D8-9829-43EF27ACAA66}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{D15C6520-3FCD-48DC-B694-90E34BECEFAB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{5B44694B-FCCC-401B-8AA1-76AB0B782820}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{B814E440-75CA-41BE-BA24-8C6FA3790622}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{88A56846-3068-401C-B9C8-DE3DCAE5B3E5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{0B488E95-3363-4B0F-832C-CFA63936DBD7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{CB4E149C-60A5-4769-9B66-D01644DFF126}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{51297A57-31D0-4E54-B2CA-20C1D5FF87E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{0DE1BFF3-F392-4835-AEFA-D4F1B4C3A44E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{FBAB83AC-763C-427B-B60D-4E76EE4525B8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{316750C9-A053-4121-82F9-CA1AD801E3A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{FE1A037A-6EFC-44CA-B418-852D1CE1F17E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{077B0BFF-2E7B-44B4-A9DE-6C1C1D8D3C40}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{776EBE4C-FB49-4B48-B95F-F63F2B576B39}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{4808F9BE-687B-4014-AA64-578068F5B338}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe CMD: ipconfig /flushdns End ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key removed successfully HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. HKLM\SOFTWARE\Policies\Google => key removed successfully HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => key removed successfully HKCR\Wow6432Node\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => key not found. HKU\S-1-5-21-3294675276-783259607-3426699991-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-3294675276-783259607-3426699991-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. HKU\S-1-5-21-3294675276-783259607-3426699991-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0 => key removed successfully C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully HKLM\System\CurrentControlSet\Services\SWDUMon => key removed successfully SWDUMon => service removed successfully HKLM\System\CurrentControlSet\Services\aspnet_state => key removed successfully aspnet_state => service removed successfully HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key removed successfully HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key removed successfully HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key removed successfully HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{195B9241-56B8-47BF-AF57-522F80AC7EC1} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{195B9241-56B8-47BF-AF57-522F80AC7EC1} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F343AE1-F994-4A01-A553-A429D94DF3D0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F343AE1-F994-4A01-A553-A429D94DF3D0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25A88B16-6D40-40B2-AB4F-C013393836E8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25A88B16-6D40-40B2-AB4F-C013393836E8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AA441AF-1C39-44D3-B7FA-9A5A39C64976} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AA441AF-1C39-44D3-B7FA-9A5A39C64976} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D5B6403-E35F-4CF1-9F17-E34C0AD34763} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D5B6403-E35F-4CF1-9F17-E34C0AD34763} => key removed successfully C:\WINDOWS\System32\Tasks\1015avUpdateInfo => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1015avUpdateInfo => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46D7E8D5-2116-48F8-B25F-5FFE8B63F1DD} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46D7E8D5-2116-48F8-B25F-5FFE8B63F1DD} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PassShow Update => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{706164FA-1B7D-45A0-BF3B-6549035B76C4} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{706164FA-1B7D-45A0-BF3B-6549035B76C4} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9369AF83-2DD2-4F8E-A640-220B6289A2EA} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9369AF83-2DD2-4F8E-A640-220B6289A2EA} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0AE359D-1DE7-4641-93C1-F4A9FB318E8A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0AE359D-1DE7-4641-93C1-F4A9FB318E8A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B305C3E0-5245-4C39-A853-1A0623D77245} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B305C3E0-5245-4C39-A853-1A0623D77245} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C148FFC7-C767-41D5-BD4A-9DB42752A336} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C148FFC7-C767-41D5-BD4A-9DB42752A336} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8E863F2-B72E-4725-B66D-B6FA98CA8A67} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8E863F2-B72E-4725-B66D-B6FA98CA8A67} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCECC6D0-3473-4C5E-9557-16BDF02FDF38} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCECC6D0-3473-4C5E-9557-16BDF02FDF38} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F31DEFDF-E414-47D7-AC13-A7A928F6B4B4} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F31DEFDF-E414-47D7-AC13-A7A928F6B4B4} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully C:\ProgramData\Temp => ":0FF263E8" ADS removed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7EFA68E4-5207-47C5-8F2B-1ED09FEB2229} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E21B876-BA4B-4A3C-A5D6-46D204F38017} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E40E1F07-B915-4605-89F8-C0731211EC8A} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06DE4B17-98FA-47D8-9829-43EF27ACAA66} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D15C6520-3FCD-48DC-B694-90E34BECEFAB} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B44694B-FCCC-401B-8AA1-76AB0B782820} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B814E440-75CA-41BE-BA24-8C6FA3790622} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88A56846-3068-401C-B9C8-DE3DCAE5B3E5} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B488E95-3363-4B0F-832C-CFA63936DBD7} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB4E149C-60A5-4769-9B66-D01644DFF126} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51297A57-31D0-4E54-B2CA-20C1D5FF87E9} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0DE1BFF3-F392-4835-AEFA-D4F1B4C3A44E} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FBAB83AC-763C-427B-B60D-4E76EE4525B8} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{316750C9-A053-4121-82F9-CA1AD801E3A2} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE1A037A-6EFC-44CA-B418-852D1CE1F17E} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{077B0BFF-2E7B-44B4-A9DE-6C1C1D8D3C40} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{776EBE4C-FB49-4B48-B95F-F63F2B576B39} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4808F9BE-687B-4014-AA64-578068F5B338} => value removed successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 225733886 B Java, Flash, Steam htmlcache => 8639 B Windows/system/drivers => 180389398 B Edge => 250246889 B Chrome => 1489482076 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6152 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 108844 B NetworkService => 46749606 B Reza => 483716040 B RecycleBin => 0 B EmptyTemp: => 2.5 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 11:59:54 ==== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 10 Home x64 Ran by Reza (Administrator) on Mon 02/27/2017 at 12:48:09.45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 02/27/2017 at 12:53:50.93 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v6.043 - Logfile created 27/02/2017 at 12:38:25 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-27.1 [Server] # Operating System : Windows 10 Home (X64) # Username : Reza - ACERRM # Running from : C:\Users\Reza\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\ProgramData\Avg_Update_0116avz [-] Folder deleted: C:\ProgramData\Avg_Update_0116tb [-] Folder deleted: C:\ProgramData\Avg_Update_0215tb [-] Folder deleted: C:\ProgramData\Avg_Update_0615tb [-] Folder deleted: C:\Users\Reza\AppData\Roaming\NCdownloader [-] Folder deleted: C:\ProgramData\Performance Optimizer [#] Folder deleted on reboot: C:\ProgramData\Application Data\Performance Optimizer [-] Folder deleted: C:\Program Files (x86)\Common Files\freemake shared ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\Conduit [-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\GlobalUpdate [-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\ImInstaller [-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\OutfoxTV [-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\SlimWare Utilities Inc [-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\Yahoo\Companion [#] Key deleted on reboot: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\AppDataLow\Software\Smart Suggestor [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: HKCU\Software\Conduit [#] Key deleted on reboot: HKCU\Software\GlobalUpdate [#] Key deleted on reboot: HKCU\Software\ImInstaller [#] Key deleted on reboot: HKCU\Software\OutfoxTV [#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc [#] Key deleted on reboot: HKCU\Software\Yahoo\Companion [-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater [#] Key deleted on reboot: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Smart Suggestor [-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC. [-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} [-] Key deleted: HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKLM\SOFTWARE\firstsearch [-] Key deleted: HKLM\SOFTWARE\GlobalUpdate [-] Key deleted: HKLM\SOFTWARE\OutfoxTV [-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc [-] Key deleted: HKLM\SOFTWARE\SP Global [-] Key deleted: HKLM\SOFTWARE\SProtector [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F} [#] Key deleted on reboot: [x64] HKCU\Software\Conduit [#] Key deleted on reboot: [x64] HKCU\Software\GlobalUpdate [#] Key deleted on reboot: [x64] HKCU\Software\ImInstaller [#] Key deleted on reboot: [x64] HKCU\Software\OutfoxTV [#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc [#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Smart Suggestor [-] Key deleted: [x64] HKLM\SOFTWARE\AVG Secure Search [-] Key deleted: [x64] HKLM\SOFTWARE\Tarma Installer [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com [-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt] [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE ***** [ Web browsers ] ***** [-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com [-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: speedial.com [-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ask.com [-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: conduit.search [-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: debut-video-capture.en.softonic.com [-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2] [startup_urls] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=hdr_s_15_33_orgnl&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0FtB0D0DyEyB0CtCtDtAtN0D0Tzu0StCtAtBtAtN1L2XzutAtFtCtBtFyDtFyCtN1L1Czu1M1Q1CtDzytN1L1G1B1V1N2Y1L1Qzu2StCtA0B0E0F0DyEzytGyDyByC0CtGtB0EyCtAtGyCtByE0AtGzyyE0CtCtC0AtA0DtAtC0C0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCzyyCtAyE0FtBtGzzzzyDyBtGyE0BtAyCtGzytD0C0AtG0B0CtBtCtAyByC0CyD0E0A0C2QtN0A0LzuyE%26cr%3D1662870051%26a%3Dhdr_s_15_33_orgnl%26os%3DWindows%2B7%2BHome%2BPremium&uref=chmm [-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: ajkgkhepjponelmnplpciplmhagpknbg [-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: gafhhbahpojnjfhpepjjfjojbphnogmn [-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: gjkpcnacdgdlpfejlgflolpaigoicibh [-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: lekgiimbfodefdaoofhlckefjbgpeilo [-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: ocifcogajbgikalbpphmoedjlcfjkhgh ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [11761 Bytes] - [27/02/2017 12:38:25] C:\AdwCleaner\AdwCleaner[S0].txt - [11010 Bytes] - [27/02/2017 12:24:10] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11909 Bytes] ##########
  4. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017 Ran by Reza (26-02-2017 13:53:16) Running from C:\Users\Reza\Downloads Windows 10 Home Version 1607 (X64) (2016-09-27 08:41:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3294675276-783259607-3426699991-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3294675276-783259607-3426699991-503 - Limited - Disabled) Guest (S-1-5-21-3294675276-783259607-3426699991-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3294675276-783259607-3426699991-1002 - Limited - Enabled) Reza (S-1-5-21-3294675276-783259607-3426699991-1000 - Administrator - Enabled) => C:\Users\Reza ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ableton Live 9 Suite (HKLM\...\{F6238EAB-3AD7-4B0E-B0AD-E533A93A5C32}) (Version: 9.0.0.0 - Ableton) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3501.00 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.5.3501.00 - CyberLink Corp.) Hidden ACID Music Studio 9.0 (HKLM-x32\...\{FAD22280-8DD6-11E3-A36E-F04DA23A5C58}) (Version: 9.0.40 - Sony) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ArcadeMovie (HKLM-x32\...\InstallShield_{E670F1F2-A882-4EE5-90E1-EFBF46AB5A01}) (Version: 4.00.0000 - CyberLink Corp.) ArcadeMovie (x32 Version: 4.00.0000 - CyberLink Corp.) Hidden ArtRage 4 Demo (HKLM-x32\...\ArtRage 4 Demo 4.5.2.0) (Version: 4.5.2.0 - Ambient Design) ArtRage 4 Demo (Version: 4.5.2.0 - Ambient Design) Hidden AudioBox version 1.2 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.2 - PreSonus) Avid Mbox 2 USB Drivers (x64) (HKLM\...\{F9242D4E-09E7-45C7-A53A-83375D0FAD42}) (Version: 9.0.2 - Avid Technology, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.49.150 - OSToto Co., Ltd.) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack) Freemake Video Converter version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation) Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.) Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Max 6.1.8 (x64) (HKLM\...\{B3071CEA-6555-4660-BBC9-A3A28F00197A}) (Version: 136.1.8 - Cycling '74) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft OneDrive (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Moo0 Audio Converter 1.32 (HKLM-x32\...\Moo0 AudioTypeConverter) (Version: - ) Moo0 Voice Recorder 1.43 (HKLM-x32\...\Moo0 VoiceRecorder) (Version: - ) Moo0 YouTube Downloader 1.06 (HKLM-x32\...\Moo0 Utube-DL) (Version: - ) MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden PreSonus Studio One 2 (HKLM-x32\...\PreSonus Studio One 2) (Version: 2.5.2.22258 - PreSonus Audio Electronics) R8 Driver (HKLM\...\{C68DB659-6046-41FD-B163-E7208C1718A4}) (Version: 2.2.0.8 - ZOOM) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) Studio Devil BVC 1.1 (HKLM-x32\...\Studio Devil BVC - Acid Music Studio Edition_is1) (Version: - StudioDevil) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated) Telegram Desktop version 1.0 (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0 - Telegram Messenger LLP) TruePianos Amber Lite (ACID Music Studio) 1.5.0 (HKLM-x32\...\TruePianos Amber Lite (ACID Music Studio)_is1) (Version: - 4Front Technologies) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Viber (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\{7de2db6a-6f4b-4b45-82b9-57d5d7f1c952}) (Version: 5.4.0.1664 - Viber Media Inc.) Viber (x32 Version: 5.4.0.1664 - Viber Media Inc.) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Reza\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03DF55EB-3619-4B37-B7BE-3820E691F8FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {0DCF04DE-D69D-45C8-BD57-2D806BDD143C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {1569EA35-B689-4777-85C9-5218161CD92B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core1d27b77a4243672 => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.) Task: {15FCD86A-9B5E-4271-8311-1AD8BC28BEEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.) Task: {16E25E59-475C-48FE-B049-5ECF1A0C1E14} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {1869619F-C32D-41ED-9922-DFED88E1DCAB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {18E80EE4-A648-430B-A4A4-CE0F9E597067} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe Task: {195B9241-56B8-47BF-AF57-522F80AC7EC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {19B44E58-C3E5-4213-8CC3-37B115C5FA1F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {1B860AE4-B749-4262-B13F-C8D3ADC39234} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Moo0\VideoToAudio 1.12\VideoToAudio.exe Task: {1D9E9F21-73F1-4A9F-A1B3-A7D3A0BAA2C0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {1F343AE1-F994-4A01-A553-A429D94DF3D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {206F523C-7DE4-49DD-8F9F-E7A8B31A1A4B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {25A88B16-6D40-40B2-AB4F-C013393836E8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {2AA441AF-1C39-44D3-B7FA-9A5A39C64976} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {3D5B6403-E35F-4CF1-9F17-E34C0AD34763} - System32\Tasks\1015avUpdateInfo => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe [2015-10-11] () Task: {4104424B-3B41-4B4E-A5EB-A8C02C7B6733} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{58B3C879-B7DD-4F4D-9C5B-6641E0D5C976}.exe [2015-06-21] () Task: {424402F0-137B-40BC-A26B-67770BEAD723} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {46D7E8D5-2116-48F8-B25F-5FFE8B63F1DD} - \PassShow Update -> No File <==== ATTENTION Task: {480DFD45-D0D0-494B-A55E-706225534F7D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {4C7C8F6E-D0A2-4C74-87BC-F9E8D4B33BF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.) Task: {5D71C62C-F951-40AF-A8F4-102EE8D8F7D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA1d27b77a46e800e => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.) Task: {5E49009D-BBE0-4A6C-A37E-05DD3E5884F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {62AB2B64-F460-46D0-BD39-69A5414D7884} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {699BE71C-44CC-4760-8317-1B208718B9E0} - System32\Tasks\{13284ABE-CCA2-438F-8AC9-A005719A3BCB} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe" Task: {6EA1D2C9-3830-494E-82D6-A7AD22A9F7C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {706164FA-1B7D-45A0-BF3B-6549035B76C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {70757ED2-6922-48D5-9FFF-5CA448387BBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {7467B9B3-1F9C-49EF-8F44-6ED0F5CB09E8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {7BEB9549-FDEF-4F27-8BB9-B1C49AF7EB15} - System32\Tasks\{B5B1A3A2-5A1C-46C3-A4B9-C6CC6A571974} => pcalua.exe -a C:\Users\Reza\Downloads\sp48051.exe -d C:\Users\Reza\Downloads Task: {8981AD63-D56E-4485-8C6D-5822CCF498A4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {8CAB513F-BD45-4996-BF93-B2D788DECF3A} - System32\Tasks\{AE807DAD-E234-4EB5-AC9F-3EDE7A230F12} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar Task: {9369AF83-2DD2-4F8E-A640-220B6289A2EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {975A74FE-A436-4189-8B2E-7C6A9DCCEA81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated) Task: {999D62C5-ADC6-4AD5-9C30-0E18C452E800} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {9DBE96E0-C863-4ADB-A9A0-929CD16CDAFB} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {9F440B3B-0ABF-4F7D-BD33-BFAD9D7B5BDD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {A0AE359D-1DE7-4641-93C1-F4A9FB318E8A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {A0E9FE00-CF13-49AF-A8ED-FB904B5E08A0} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe Task: {AA00C774-1830-4188-83BD-19E393F2D566} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {B305C3E0-5245-4C39-A853-1A0623D77245} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {B5ADC499-1E0D-4053-8B7F-2164F78552C0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {B73D26A7-40FA-4A80-9714-BFB07E62B52D} - System32\Tasks\{B34FB2E0-B5B6-4D2C-A4D7-2D06C94C5B7B} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E670F1F2-A882-4EE5-90E1-EFBF46AB5A01}\Setup.exe" -c -runfromtemp -l0x0409 Task: {B77C219D-C393-4D2F-B3F7-171DD5602E6F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {C148FFC7-C767-41D5-BD4A-9DB42752A336} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {C8E863F2-B72E-4725-B66D-B6FA98CA8A67} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {D3BC833F-C1B5-4719-96DB-923E49F91C25} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {D5F2CC07-A4D9-4E78-9B3A-71B6FDE756C0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-01-17] (Apple Inc.) Task: {D94450E2-03B5-4C0D-9C9D-74068B33A50C} - System32\Tasks\{A3AAE776-EE26-4896-8B32-8839CB93443A} => C:\Program Files (x86)\iTunes\iTunes.exe Task: {DCECC6D0-3473-4C5E-9557-16BDF02FDF38} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {E19B804A-E4CF-476C-9C78-70B8CE34C098} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {EE5A851C-14B1-442D-9C8C-089F40A34085} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {F1F42CF6-8BD4-41EB-9F37-811707C08B5B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {F2FA259D-50B4-4107-A6B5-5A7523C6940F} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Reza\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {F31DEFDF-E414-47D7-AC13-A7A928F6B4B4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {F67BC5BC-9B8A-4B61-ADDA-9ED0535E0D85} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{58B3C879-B7DD-4F4D-9C5B-6641E0D5C976}.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core.job => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA.job => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Cut the Rope.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=jfbadlndcminbkfojhlimnkgaackjmdo ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Happy Friday!.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=lagckjdgadpknikjoegcibbollkafpid ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Scratch for Holiday.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=ggfniphganolbedpcfmpjmnnfhgaoein ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\So Many Me - Demo.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=bgjkhidjaocnkjchjfpgbfdegeiljcdn ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=mhagnkphcmpkmabhocgimoncfaihkpof ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Touch Drawing App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=knegnmjmhjjnmpfidlhnjcajmbmhdnbm ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Fu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=pofoighmmpljaikjiidkkfhldjndfdbk ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Meloetta - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" ==================== Loaded Modules (Whitelisted) ============== 2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-01-30 15:48 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-01-30 15:48 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2017-01-30 15:48 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-27 00:33 - 2016-09-27 00:33 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-10 16:51 - 2016-12-20 23:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-10 16:50 - 2016-12-20 22:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-10 16:50 - 2016-12-20 22:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-10 16:50 - 2016-12-20 22:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-10 16:50 - 2016-12-20 22:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-10 16:50 - 2016-12-20 22:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-10 16:50 - 2016-12-20 22:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-02-22 10:00 - 2017-02-22 10:02 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-02-22 10:00 - 2017-02-22 10:02 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-02-22 10:00 - 2017-02-22 10:02 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-02-06 21:04 - 2017-02-06 21:06 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll 2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-10-24 14:25 - 2015-10-09 15:56 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe 2017-02-01 20:12 - 2017-02-01 01:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-01 20:12 - 2017-02-01 01:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2017-02-17 00:45 - 2017-01-19 22:34 - 00181928 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll 2017-02-17 00:45 - 2017-01-19 22:34 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll 2017-02-17 00:46 - 2017-01-19 22:34 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll 2017-02-17 00:45 - 2017-01-19 22:34 - 00112296 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll 2017-02-17 00:46 - 2017-01-19 22:34 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2017-02-26 13:13 - 2017-02-26 13:13 - 00098816 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32api.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00110080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\pywintypes27.dll 2017-02-26 13:13 - 2017-02-26 13:13 - 00364544 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\pythoncom27.dll 2017-02-26 13:13 - 2017-02-26 13:13 - 00320512 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32com.shell.shell.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00914432 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_hashlib.pyd 2017-02-26 13:14 - 2017-02-26 13:14 - 01176576 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._core_.pyd 2017-02-26 13:14 - 2017-02-26 13:14 - 00806400 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._gdi_.pyd 2017-02-26 13:14 - 2017-02-26 13:14 - 00816128 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._windows_.pyd 2017-02-26 13:14 - 2017-02-26 13:14 - 01067008 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._controls_.pyd 2017-02-26 13:14 - 2017-02-26 13:14 - 00733184 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._misc_.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00682496 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\pysqlite2._sqlite.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00088064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_ctypes.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00686080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\unicodedata.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00119808 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32file.pyd 2017-02-26 13:14 - 2017-02-26 13:14 - 00108544 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32security.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00007168 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\hashobjs_ext.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00017920 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\thumbnails_ext.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00088064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\usb_ext.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00012800 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\common.time34.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00018432 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32event.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00167936 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32gui.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00046080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_socket.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 01303552 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_ssl.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00128512 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_elementtree.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00127488 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\pyexpat.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00038912 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32inet.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00036864 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_psutil_windows.pyd 2017-02-26 13:14 - 2017-02-26 13:14 - 00524248 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\windows._lib_cacheinvalidation.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00011264 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32crypt.pyd 2017-02-26 13:14 - 2017-02-26 13:14 - 00123392 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._wizard.pyd 2017-02-26 13:14 - 2017-02-26 13:14 - 00077312 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._html2.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00027648 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_multiprocessing.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00020480 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_yappi.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00035840 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32process.pyd 2017-02-26 13:14 - 2017-02-26 13:14 - 00078848 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._animate.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00024064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32pipe.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00010240 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\select.pyd 2017-02-26 13:13 - 2017-02-26 13:13 - 00025600 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32pdh.pyd 2017-02-26 13:13 - 2017-02-26 13:14 - 00017408 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32profile.pyd 2017-02-26 13:14 - 2017-02-26 13:14 - 00022528 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32ts.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [170] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Reza\Desktop\ENTER\GILLIANHARTART\seahorse.png DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AudioBox VSL => C:\Program Files\PreSonus\AudioBox\AudioBox.exe -startup MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: Google Update => "C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe HKLM\...\StartupApproved\Run32: => "AVG_UI" HKLM\...\StartupApproved\Run32: => "LWS" HKLM\...\StartupApproved\Run32: => "AvgUi" HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\StartupApproved\Run: => "AudioBox VSL" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{7EFA68E4-5207-47C5-8F2B-1ED09FEB2229}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{7E21B876-BA4B-4A3C-A5D6-46D204F38017}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{E40E1F07-B915-4605-89F8-C0731211EC8A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{06DE4B17-98FA-47D8-9829-43EF27ACAA66}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{D15C6520-3FCD-48DC-B694-90E34BECEFAB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{5B44694B-FCCC-401B-8AA1-76AB0B782820}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [UDP Query User{9747D755-5ECE-4533-9860-DCA8CD671F15}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [TCP Query User{39AAE125-947D-48AE-8DBC-CD6D3065FD40}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [UDP Query User{AE0DD836-7B33-48BF-B29B-C1C21D7E3AFD}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [TCP Query User{91CBAB0B-B902-4630-809E-3DAE4146B961}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [{E5153C5F-AA0F-41B1-9946-28674C067F38}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{B814E440-75CA-41BE-BA24-8C6FA3790622}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{88A56846-3068-401C-B9C8-DE3DCAE5B3E5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{0B488E95-3363-4B0F-832C-CFA63936DBD7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{CB4E149C-60A5-4769-9B66-D01644DFF126}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{51297A57-31D0-4E54-B2CA-20C1D5FF87E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{0DE1BFF3-F392-4835-AEFA-D4F1B4C3A44E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{FBAB83AC-763C-427B-B60D-4E76EE4525B8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{316750C9-A053-4121-82F9-CA1AD801E3A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{60C793C1-94BA-4E8C-A783-40BDB3A71EF7}] => (Block) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [{DE58BC30-7D09-41EA-838C-366EADF8739D}] => (Block) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [UDP Query User{6CF3B5FD-3F3B-48B4-A0AA-D14592ACDE94}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [TCP Query User{C276646A-0992-4E48-A97D-6D836B0BDBD9}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [{5466733C-131F-4904-A15B-FC1772DCF6BD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{32C1309A-41CB-4B7B-9430-1E15678A3710}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [UDP Query User{02CCDD33-7EF1-4A2A-819D-1B56B32AB8B9}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe FirewallRules: [TCP Query User{F5445A46-312F-4C81-AD89-B26B80C2246A}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe FirewallRules: [UDP Query User{89578634-2123-41A5-8C2D-154DDFF72934}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [TCP Query User{886F6B67-FBF9-4DC1-8FE3-86AE8D4BB2BC}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [UDP Query User{9DC3B462-8F85-4181-82D8-E96CEA35A010}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [TCP Query User{48D8D9E0-A709-411D-9BFF-CFAEEA8455FD}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [{45C518A1-5AF5-40AF-8B18-7A9EDA12CC4F}] => (Allow) LPort=51001 FirewallRules: [{D9750CC1-49FB-49EC-938E-4E95D37E49C1}] => (Allow) LPort=37675 FirewallRules: [{060877D4-BDC4-499B-9E6A-FE38162D1CE0}] => (Allow) LPort=37674 FirewallRules: [{44BDB300-EF73-4CC8-A0CB-6F428D9CEBB7}] => (Allow) LPort=37674 FirewallRules: [{83A02CBD-1437-48CE-B520-54D181C37228}] => (Allow) LPort=443 FirewallRules: [{0F0080DF-5CCB-47DA-B3E2-929462C595D9}] => (Allow) LPort=443 FirewallRules: [{72E71537-A64B-4913-8379-0E3D0B25E531}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe FirewallRules: [{965697C2-3AFC-4609-BF56-08F96B1EEEC4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe FirewallRules: [{61EA5BA8-FFE8-4C54-82D5-8DD41A68818D}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe FirewallRules: [{13A0A512-A8F7-4C5B-94CA-43F8BC92212B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe FirewallRules: [{AD40F0BD-F40E-4606-8F45-8663B09AC87C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe FirewallRules: [{6A6B01AA-5DAC-4821-8F4A-A1D302804496}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe FirewallRules: [{1D6D0113-BCF8-484C-8967-7AFC7A691B56}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe FirewallRules: [{5D489336-C113-4D15-B3A8-0CAE4A4AE923}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe FirewallRules: [{8440651C-DF0A-4C6E-8E37-96F8593DD308}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{B16BD899-7EBF-490B-9436-A0F60B53C533}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{30124E73-E94B-4911-83FC-022D4E216A5E}] => (Allow) LPort=1900 FirewallRules: [{B13AA4C6-50D3-420B-9874-6E867BD24A1E}] => (Allow) LPort=2869 FirewallRules: [{70969C10-61F7-42B4-BDC8-917270BE7C33}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{C463FBE6-69FC-4D61-B8C4-64BC228DACED}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{4356AC76-7E6F-41A7-87D1-EA2A40FA059C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{FE1A037A-6EFC-44CA-B418-852D1CE1F17E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{077B0BFF-2E7B-44B4-A9DE-6C1C1D8D3C40}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{776EBE4C-FB49-4B48-B95F-F63F2B576B39}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{4808F9BE-687B-4014-AA64-578068F5B338}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{7D9EC392-0B9F-49C0-B553-9245401D32CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E25F77AC-A2D1-47C9-8F82-09EC253E1A4B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{F6CD1ADD-C5F1-4534-A0FD-B9CCAF3269A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9ABF9C80-E5E4-4B19-A322-4F53A52110FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0F7D4A0F-3259-4A48-B0AB-C364C79300A5}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{A0E262CF-904B-47B0-AF36-E72AF5504BC8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{91DB7801-5D28-4B60-BC75-615C3B700A89}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe FirewallRules: [{B537BF97-705B-463F-957F-271BD68C4F09}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe FirewallRules: [{BF5373B6-52F1-4D13-B59D-7E801A1A8EC5}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe ==================== Restore Points ========================= 03-02-2017 09:27:24 Scheduled Checkpoint 12-02-2017 14:43:58 Scheduled Checkpoint 14-02-2017 10:56:50 Removed Visual Studio 2012 x86 Redistributables 21-02-2017 13:18:15 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/26/2017 01:39:41 PM) (Source: MsiInstaller) (EventID: 11706) (User: ACERRM) Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder. The Windows Installer cannot continue. Error: (02/26/2017 01:12:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 46787094 Error: (02/26/2017 01:12:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 46787094 Error: (02/26/2017 01:12:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/26/2017 12:12:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3625 Error: (02/26/2017 12:12:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3625 Error: (02/26/2017 12:12:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/26/2017 12:12:49 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2312 Error: (02/26/2017 12:12:49 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2312 Error: (02/26/2017 12:12:49 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (02/26/2017 01:49:10 PM) (Source: DCOM) (EventID: 10016) (User: ACERRM) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user AcerRM\Reza SID (S-1-5-21-3294675276-783259607-3426699991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool. Error: (02/26/2017 01:38:01 PM) (Source: DCOM) (EventID: 10016) (User: ACERRM) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user AcerRM\Reza SID (S-1-5-21-3294675276-783259607-3426699991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool. Error: (02/26/2017 01:30:04 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/26/2017 01:30:01 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/26/2017 01:29:59 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/26/2017 01:29:56 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/26/2017 01:29:54 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/26/2017 01:29:51 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/26/2017 01:29:48 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/26/2017 01:29:46 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. CodeIntegrity: =================================== Date: 2017-02-25 14:02:04.528 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-25 14:02:04.516 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-20 17:08:56.569 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-20 17:08:56.562 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 21:22:41.335 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 21:22:41.326 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 18:55:58.903 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 18:55:58.899 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 15:24:23.580 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 15:24:23.569 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Percentage of memory in use: 58% Total physical RAM: 3947.86 MB Available physical RAM: 1652.05 MB Total Virtual: 13163.86 MB Available Virtual: 3590.72 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:125.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 281C6927) Partition 1: (Not Active) - (Size=14 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  5. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017 Ran by Reza (administrator) on ACERRM (26-02-2017 13:50:00) Running from C:\Users\Reza\Downloads Loaded Profiles: Reza (Available Profiles: Reza) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\CastSrv.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Red Cell Innovation Inc.) C:\Program Files\WindowsApps\F8782640.SoundPanel_81.4.0.15_neutral__w2cjas5qe94m2\RedCell.App.Media.SoundPanel.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-27] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.) HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [71680 2015-10-09] () Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google) HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7591424 2012-05-24] () HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.) HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.) HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.) HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [Flvto YouTube Downloader] => "C:\Users\Reza\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.Redesign.exe" /minimize HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [Google Update] => C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2017-01-30] (Google Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{d36828dc-cb12-44b2-a1ec-3bb517782dc4}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid=%7B8540FAAA-3170-403B-BDB1-B8CF3242468A%7D&mid=7fb02da0e2c947cdadf9326578a59a8a-16f97391bdb3fd8b1dda9ef65c20f39780e8ace4&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2015-03-04%2019:06:43&v=4.1.5.143&pid=wtu&sg=&sap=hp SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=20121129181019354&tb_oid=29-11-2012 &tb_mrud=29-11-2012 SearchScopes: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8540FAAA-3170-403B-BDB1-B8CF3242468A}&mid=7fb02da0e2c947cdadf9326578a59a8a-16f97391bdb3fd8b1dda9ef65c20f39780e8ace4&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2015-03-04 19:06:43&v=4.1.5.143&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation) Toolbar: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) Edge: ====== Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-01-22] FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll [2014-11-26] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File] FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-20] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll [2014-11-26] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-30] (Google Inc.) FF Plugin HKU\S-1-5-21-3294675276-783259607-3426699991-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-30] (Google Inc.) FF Plugin HKU\S-1-5-21-3294675276-783259607-3426699991-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-30] (Google Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default [2017-02-26] CHR Extension: (Duolingo on the Web) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-05-23] CHR Extension: (Google Drive) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20] CHR Extension: (Facebook Messenger button) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\beolecgbalbkgmkhlghjbpaboagipmla [2017-01-15] CHR Extension: (Audiotool) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2015-08-05] CHR Extension: (YouTube) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-03] CHR Extension: (Telegram) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2016-06-27] CHR Extension: (Google Search) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Clipchamp - convert, compress, record video) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\delkpojpfkkfgmknffmblbhmlamkjioi [2016-12-04] CHR Extension: (Text To Speech with Google Drive) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogdgjickfenmhihlgiedkadbbabiagm [2016-06-27] CHR Extension: (Google Docs Offline) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-11] CHR Extension: (Planetarium) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2015-08-09] CHR Extension: (Save to Facebook) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-02-23] CHR Extension: (Google Voice (by Google)) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-05-23] CHR Extension: (Google Hangouts) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-21] CHR Extension: (Little Alchemy) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-08] CHR Extension: (Webcam Toy) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-12-27] CHR Extension: (Google Maps) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Gmail) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-23] CHR Extension: (Chrome Media Router) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-25] CHR Profile: C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-10-23] CHR Extension: (Google Slides) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-23] CHR Extension: (Google Docs) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-23] CHR Extension: (Google Drive) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-23] CHR Extension: (Google Search) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-23] CHR Extension: (Google Sheets) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-23] CHR Extension: (Google Docs Offline) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-23] CHR Extension: (Skype Click to Call) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-23] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-23] CHR Extension: (Gmail) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-23] CHR Profile: C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-03] CHR Extension: (Google Slides) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-12] CHR Extension: (Bejeweled) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2016-02-12] CHR Extension: (Theme Creator) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\akpelnjfckgfiplcikojhomllgombffc [2016-02-12] CHR Extension: (pikachu theme) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\amdbigfofckhdmnfjapophoghiallgop [2016-02-12] CHR Extension: (Google Docs) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-12] CHR Extension: (Google Drive) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-13] CHR Extension: (BeFunky Photo Editor) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2016-02-12] CHR Extension: (Fotor Photo Editor) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2016-02-12] CHR Extension: (So Many Me - Demo) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bgjkhidjaocnkjchjfpgbfdegeiljcdn [2016-02-12] CHR Extension: (YouTube) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-12] CHR Extension: (Classic Games) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2016-02-12] CHR Extension: (Bouncy Mouse) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cgdllcbmneiklcmbeclfegccdjholomb [2016-02-12] CHR Extension: (Virtual Piano) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cohgcponedmbhgbbdinajeoapmoaifdj [2016-02-12] CHR Extension: (Google Search) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-12] CHR Extension: (VUDU Movies) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\daomabnenlgkenegngdblacoobnncgib [2016-02-12] CHR Extension: (One-click Nyan) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ddcgjoogiiojdbepiggmlpcjfopnmikd [2016-02-12] CHR Extension: (Clipchamp - convert, compress, record video) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\delkpojpfkkfgmknffmblbhmlamkjioi [2016-03-04] CHR Extension: (Find your way to Oz) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2016-02-12] CHR Extension: (Give Up) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\diippoclinjdbklinhchgedilfncehbi [2016-02-12] CHR Extension: (OMGpop) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\djainknkigahmnoncinbopomacdjbmle [2016-02-12] CHR Extension: (Word Search) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2016-02-12] CHR Extension: (VoxelWright) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efbjmcfhipbdlpkmniipgfdknaddpibn [2016-02-12] CHR Extension: (Pandora) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fbangkleohkafngihneedemihgfeikcl [2016-02-12] CHR Extension: (Google Sheets) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-12] CHR Extension: (Causality Games) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2016-02-12] CHR Extension: (Stupeflix Video Maker) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fkdmcfnoimoilncpjchamnenebopocem [2016-02-12] CHR Extension: (Burp and Fart Piano) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gchjpdindcbdfbnhpmaflnbhjggjifeh [2016-02-12] CHR Extension: (World tv) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gdejljjjgegbbgoopclmcaabkjlbcmdm [2016-03-23] CHR Extension: (Scratch for Holiday) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ggfniphganolbedpcfmpjmnnfhgaoein [2016-02-12] CHR Extension: (Google Docs Offline) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Cut the Rope) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2016-02-12] CHR Extension: (FabCam) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hejilffmihldhlfocnabcgndjjpgadfl [2016-02-12] CHR Extension: (Flixster) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2016-02-12] CHR Extension: (Pathuku - Connect the lines) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hkiilmogcdkeefnbemdagpmcediekadb [2016-02-12] CHR Extension: (Downloads Button) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icjnlenabmgdlpoooddamihhachcfgcg [2016-02-12] CHR Extension: (Color Piano!) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh [2016-02-12] CHR Extension: (Cut the Rope) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2016-02-12] CHR Extension: (Pixect) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jgdeoagndhabdnoenpdcagbkkmjeibmh [2016-02-12] CHR Extension: (Google Voice (by Google)) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2016-02-12] CHR Extension: (Sketch Swap) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kkhinjhigjeegmjhffibeelpmokhljop [2016-02-12] CHR Extension: (Pokemon Card Maker) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\klanmedmjgiebagececoekdajmcgmikl [2016-02-12] CHR Extension: (Touch Drawing App) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\knegnmjmhjjnmpfidlhnjcajmbmhdnbm [2016-02-12] CHR Extension: (CanvasDraw) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\knfimpamngmggpbamfoomdpebdoleghe [2016-02-12] CHR Extension: (Little Alchemy) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-12] CHR Extension: (Google Play) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-02-12] CHR Extension: (Happy Friday!) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lagckjdgadpknikjoegcibbollkafpid [2016-02-12] CHR Extension: (Build with Chrome) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2016-02-12] CHR Extension: (Raindrop.io - Smart Bookmarks) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ldgfbffkinooeloadekpmfoklnobpien [2016-05-08] CHR Extension: (Webcam Toy) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-02-12] CHR Extension: (Comic Webcam) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lfffhmndpldceogndeognocbpmlgdemi [2016-02-12] CHR Extension: (Skype) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-07] CHR Extension: (Chime) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lkdfkbkkfdhhfnhgbphecddnpfnoedke [2016-02-12] CHR Extension: (Sketchpad) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2016-02-12] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-12] CHR Extension: (Pixelatr) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lnldimmdabnoicjagjmbmedmmcpohkce [2016-02-12] CHR Extension: (Clickable Links) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mgamelhnfokapndfdodnmfiningckjia [2016-02-12] CHR Extension: (Spelunky HTML5) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof [2016-02-12] CHR Extension: (Screencastify (Screen Video Recorder)) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2016-05-10] CHR Extension: (Q) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mpmgdjodojphjkmdlchbipmeenkpljkj [2016-02-12] CHR Extension: (deviantART muro) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\namljbfbglehfnlonjmebceimaalofei [2016-02-12] CHR Extension: (Google Hangouts) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-02-12] CHR Extension: (SculptGL) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nekbajpiaklffelkfhkjgfbggpehnpcp [2016-02-12] CHR Extension: (PHP Console) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nfhmhhlpfleoednkpnnnkolmclajemef [2016-02-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Foto Rulez) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\odahhdimpaeigjcdbgcnhemlkejclmmk [2016-02-12] CHR Extension: (Picky Wallpapers) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\odklcfojpedohplkimfdpcamkjnhanaj [2016-02-12] CHR Extension: (My Chrome Theme) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-02-12] CHR Extension: (OokiCookie) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohjmnhgnkikbajikhhbplekfmljhdhjm [2016-02-12] CHR Extension: (SEO Global For Google Search™) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ojgmigafbpedhdilmemphfklkbghlphi [2016-02-12] CHR Extension: (Pink My Facebook) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\okcdpfndmnjdijikpehblfeancekjcgo [2016-02-15] CHR Extension: (Psykopaint) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2016-02-12] CHR Extension: (Bloxorz Block Puzzle) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\phiaicokjaoaobiobphcfkmbeiejdang [2016-02-12] CHR Extension: (Gmail) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-12] CHR Extension: (Super Sync Sports) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pnlmjnkflmmhllfnhanahmmnodfcpabf [2016-02-12] CHR Extension: (Type Fu) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pofoighmmpljaikjiidkkfhldjndfdbk [2016-03-05] CHR Profile: C:\Users\Reza\AppData\Local\Google\Chrome\User Data\System Profile [2016-02-23] CHR HKU\S-1-5-21-3294675276-783259607-3426699991-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Reza\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-20] CHR HKU\S-1-5-21-3294675276-783259607-3426699991-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-10-09] (Freemake) [File not signed] R2 LDrvSvc; C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll [181928 2017-01-19] () R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S4 wlcrasvc; C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-22] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare) S3 debutfilter; C:\WINDOWS\System32\DRIVERS\debutfilterx64.sys [33488 2013-10-26] () R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] () R1 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-30] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-25] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-25] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-25] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-25] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 paeusbaudio; C:\WINDOWS\System32\drivers\paeusbaudio_x64.sys [252280 2012-05-24] () S3 paeusbaudiodsp; C:\WINDOWS\System32\drivers\paeusbaudiodsp_x64.sys [71544 2012-05-24] () S3 paeusbaudioks; C:\WINDOWS\system32\DRIVERS\paeusbaudioks_x64.sys [53112 2012-05-24] () R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-05] (Synaptics Incorporated) S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [16152 2014-06-26] () S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 ZOOM_R8MTR; C:\WINDOWS\system32\Drivers\zmr8usbaudio.sys [120960 2016-11-23] (ZOOM Corporation.) U3 aspnet_state; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-26 13:14 - 2017-02-26 13:14 - 00000000 ___HD C:\OneDriveTemp 2017-02-25 14:13 - 2017-02-25 14:29 - 00058217 _____ C:\Users\Reza\Downloads\Addition.txt 2017-02-25 14:10 - 2017-02-26 13:52 - 00034986 _____ C:\Users\Reza\Downloads\FRST.txt 2017-02-25 14:03 - 2017-02-26 13:50 - 00000000 ____D C:\FRST 2017-02-25 14:01 - 2017-02-25 14:02 - 02423296 _____ (Farbar) C:\Users\Reza\Downloads\FRST64.exe 2017-02-17 00:52 - 2017-02-17 00:52 - 00000000 ____D C:\Users\Public\Thunder Network 2017-02-17 00:52 - 2017-02-17 00:52 - 00000000 ____D C:\ProgramData\Thunder Network 2017-02-17 00:46 - 2017-02-17 01:05 - 00000000 ____D C:\ProgramData\DriverTalent 2017-02-17 00:46 - 2017-02-17 00:46 - 00000000 ____D C:\Users\Reza\AppData\Roaming\DriverTalent 2017-02-17 00:46 - 2017-02-17 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Talent 2017-02-17 00:46 - 2017-02-17 00:46 - 00000000 ____D C:\OSTotoFolder 2017-02-17 00:45 - 2017-02-17 00:45 - 00000000 ____D C:\Program Files (x86)\OSTotoSoft 2017-02-04 10:59 - 2017-02-04 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2017-01-30 20:08 - 2017-01-30 20:08 - 00003704 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA1d27b77a46e800e 2017-01-30 20:08 - 2017-01-30 20:08 - 00003436 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core1d27b77a4243672 2017-01-30 19:26 - 2017-01-30 19:26 - 00001049 _____ C:\Users\Reza\AppData\Roaming\downloads.json 2017-01-30 19:24 - 2017-01-30 19:26 - 00000000 ____D C:\Users\Reza\AppData\Roaming\FlvtoConverter 2017-01-30 19:24 - 2017-01-30 19:24 - 00002333 _____ C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto YouTube Downloader.lnk 2017-01-30 19:24 - 2017-01-30 19:24 - 00001627 _____ C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Flvto YouTube Downloader.lnk 2017-01-30 19:24 - 2017-01-30 19:24 - 00000000 ____D C:\Users\Reza\Documents\YouTubeDownloads 2017-01-30 19:24 - 2017-01-30 19:24 - 00000000 ____D C:\Users\Reza\AppData\Local\FlvtoYoutubeDownloader 2017-01-30 19:24 - 2017-01-30 19:24 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-30 19:21 - 2017-02-07 21:13 - 00000000 ____D C:\Users\Reza\AppData\Local\Flvto YouTube Downloader 2017-01-30 15:49 - 2017-02-25 20:05 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-01-30 15:49 - 2017-02-25 14:48 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-01-30 15:49 - 2017-02-25 14:48 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-01-30 15:49 - 2017-01-30 15:49 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-01-30 15:48 - 2017-02-25 14:48 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-01-30 15:48 - 2017-01-30 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-01-30 15:48 - 2017-01-30 15:48 - 00000000 ____D C:\Program Files\Malwarebytes 2017-01-30 15:48 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-01-27 16:35 - 2017-01-27 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-01-27 16:34 - 2017-01-27 16:35 - 00000000 ____D C:\Program Files\iTunes 2017-01-27 16:34 - 2017-01-27 16:34 - 00000000 ____D C:\Program Files\iPod 2017-01-27 16:29 - 2017-01-27 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-26 13:34 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-26 13:33 - 2016-09-26 23:48 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-26 13:28 - 2014-06-30 18:48 - 00000000 ____D C:\Users\Reza\AppData\Local\Packages 2017-02-26 13:26 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-26 13:15 - 2013-06-07 10:06 - 00000000 ___RD C:\Users\Reza\Google Drive 2017-02-26 13:14 - 2016-05-11 12:29 - 00000000 ___RD C:\Users\Reza\iCloudDrive 2017-02-26 13:14 - 2015-08-05 19:52 - 00000000 ___RD C:\Users\Reza\OneDrive 2017-02-26 13:12 - 2016-09-26 23:56 - 00000000 ____D C:\Users\Reza 2017-02-25 14:48 - 2016-09-27 00:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-25 14:47 - 2016-07-15 22:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-02-22 15:45 - 2013-08-13 21:18 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-22 15:39 - 2012-09-19 21:06 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-21 14:56 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-17 00:24 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-14 10:54 - 2015-04-03 22:30 - 00000000 ____D C:\Users\Reza\AppData\Local\Unity 2017-02-14 10:54 - 2012-11-27 00:39 - 00002987 _____ C:\WINDOWS\wininit.ini 2017-02-14 10:52 - 2014-05-06 19:01 - 00000000 ____D C:\Program Files (x86)\Audacity 2017-02-14 08:04 - 2016-07-24 18:45 - 00000000 ____D C:\Users\Reza\AppData\Roaming\5kplayer 2017-02-11 01:41 - 2014-08-31 01:46 - 00000000 ____D C:\Users\Reza\Desktop\ENTER 2017-02-09 00:38 - 2012-09-18 22:58 - 00000000 ____D C:\Users\Reza\AppData\Local\ElevatedDiagnostics 2017-02-07 21:13 - 2014-06-10 00:50 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA.job 2017-02-07 21:13 - 2014-06-10 00:50 - 00000852 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core.job 2017-02-06 11:48 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-02-06 11:48 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-02-04 10:59 - 2012-11-27 00:19 - 00000000 ____D C:\Program Files (x86)\Google 2017-02-03 12:03 - 2015-05-23 10:24 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-30 15:48 - 2015-02-04 14:11 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-01-30 15:48 - 2015-02-04 14:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-01-27 16:34 - 2015-12-20 03:11 - 00000000 ____D C:\Program Files\Common Files\Apple ==================== Files in the root of some directories ======= 2015-01-14 16:04 - 2015-01-14 16:04 - 32371688 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe 2017-01-30 19:26 - 2017-01-30 19:26 - 0001049 _____ () C:\Users\Reza\AppData\Roaming\downloads.json 2012-10-22 17:47 - 2012-11-17 13:44 - 0001759 _____ () C:\Users\Reza\AppData\Roaming\SAS7_000.DAT 2013-10-22 23:56 - 2013-10-26 01:19 - 0001181 _____ () C:\Users\Reza\AppData\Roaming\trace_FilterInstaller.1.txt 2013-10-22 23:56 - 2013-10-22 23:57 - 0001181 _____ () C:\Users\Reza\AppData\Roaming\trace_FilterInstaller.2.txt 2013-10-22 23:56 - 2014-05-27 16:17 - 0001003 _____ () C:\Users\Reza\AppData\Roaming\trace_FilterInstaller.txt 2013-10-22 23:56 - 2014-05-27 16:17 - 0000000 _____ () C:\Users\Reza\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2013-11-25 11:25 - 2014-12-27 08:47 - 0009728 _____ () C:\Users\Reza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-02 11:45 - 2013-10-02 11:45 - 0006113 _____ () C:\Users\Reza\AppData\Local\recently-used.xbel 2014-07-10 20:44 - 2014-07-10 20:44 - 0007606 _____ () C:\Users\Reza\AppData\Local\Resmon.ResmonCfg 2012-01-17 07:48 - 2012-10-09 18:24 - 0012894 _____ () C:\ProgramData\ArcadeDeluxe5.log 2016-09-26 23:51 - 2016-09-26 23:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2012-11-27 00:36 - 2012-11-27 00:37 - 0000032 _____ () C:\ProgramData\PS.log 2012-09-18 15:35 - 2012-09-18 15:35 - 0000032 _____ () C:\ProgramData\Temp.log ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-18 01:04 ==================== End of FRST.txt ============================
  6. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017 Ran by Reza (25-02-2017 14:25:27) Running from C:\Users\Reza\Downloads Windows 10 Home Version 1607 (X64) (2016-09-27 08:41:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3294675276-783259607-3426699991-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3294675276-783259607-3426699991-503 - Limited - Disabled) Guest (S-1-5-21-3294675276-783259607-3426699991-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3294675276-783259607-3426699991-1002 - Limited - Enabled) Reza (S-1-5-21-3294675276-783259607-3426699991-1000 - Administrator - Enabled) => C:\Users\Reza ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ableton Live 9 Suite (HKLM\...\{F6238EAB-3AD7-4B0E-B0AD-E533A93A5C32}) (Version: 9.0.0.0 - Ableton) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3501.00 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.5.3501.00 - CyberLink Corp.) Hidden ACID Music Studio 9.0 (HKLM-x32\...\{FAD22280-8DD6-11E3-A36E-F04DA23A5C58}) (Version: 9.0.40 - Sony) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ArcadeMovie (HKLM-x32\...\InstallShield_{E670F1F2-A882-4EE5-90E1-EFBF46AB5A01}) (Version: 4.00.0000 - CyberLink Corp.) ArcadeMovie (x32 Version: 4.00.0000 - CyberLink Corp.) Hidden ArtRage 4 Demo (HKLM-x32\...\ArtRage 4 Demo 4.5.2.0) (Version: 4.5.2.0 - Ambient Design) ArtRage 4 Demo (Version: 4.5.2.0 - Ambient Design) Hidden AudioBox version 1.2 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.2 - PreSonus) Avid Mbox 2 USB Drivers (x64) (HKLM\...\{F9242D4E-09E7-45C7-A53A-83375D0FAD42}) (Version: 9.0.2 - Avid Technology, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.49.150 - OSToto Co., Ltd.) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack) Freemake Video Converter version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation) Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.) Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Max 6.1.8 (x64) (HKLM\...\{B3071CEA-6555-4660-BBC9-A3A28F00197A}) (Version: 136.1.8 - Cycling '74) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft OneDrive (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Moo0 Audio Converter 1.32 (HKLM-x32\...\Moo0 AudioTypeConverter) (Version: - ) Moo0 Voice Recorder 1.43 (HKLM-x32\...\Moo0 VoiceRecorder) (Version: - ) Moo0 YouTube Downloader 1.06 (HKLM-x32\...\Moo0 Utube-DL) (Version: - ) MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden PreSonus Studio One 2 (HKLM-x32\...\PreSonus Studio One 2) (Version: 2.5.2.22258 - PreSonus Audio Electronics) R8 Driver (HKLM\...\{C68DB659-6046-41FD-B163-E7208C1718A4}) (Version: 2.2.0.8 - ZOOM) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) Studio Devil BVC 1.1 (HKLM-x32\...\Studio Devil BVC - Acid Music Studio Edition_is1) (Version: - StudioDevil) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated) Telegram Desktop version 1.0 (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0 - Telegram Messenger LLP) Telegram Desktop version 1.0 (HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0 - Telegram Messenger LLP) TruePianos Amber Lite (ACID Music Studio) 1.5.0 (HKLM-x32\...\TruePianos Amber Lite (ACID Music Studio)_is1) (Version: - 4Front Technologies) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Viber (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\{7de2db6a-6f4b-4b45-82b9-57d5d7f1c952}) (Version: 5.4.0.1664 - Viber Media Inc.) Viber (HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\...\{7de2db6a-6f4b-4b45-82b9-57d5d7f1c952}) (Version: 5.4.0.1664 - Viber Media Inc.) Viber (x32 Version: 5.4.0.1664 - Viber Media Inc.) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Reza\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Reza\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03DF55EB-3619-4B37-B7BE-3820E691F8FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {0DCF04DE-D69D-45C8-BD57-2D806BDD143C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {1569EA35-B689-4777-85C9-5218161CD92B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core1d27b77a4243672 => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.) Task: {15FCD86A-9B5E-4271-8311-1AD8BC28BEEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.) Task: {16E25E59-475C-48FE-B049-5ECF1A0C1E14} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {1869619F-C32D-41ED-9922-DFED88E1DCAB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {18E80EE4-A648-430B-A4A4-CE0F9E597067} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe Task: {195B9241-56B8-47BF-AF57-522F80AC7EC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {19B44E58-C3E5-4213-8CC3-37B115C5FA1F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {1B860AE4-B749-4262-B13F-C8D3ADC39234} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Moo0\VideoToAudio 1.12\VideoToAudio.exe Task: {1D9E9F21-73F1-4A9F-A1B3-A7D3A0BAA2C0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {1F343AE1-F994-4A01-A553-A429D94DF3D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {206F523C-7DE4-49DD-8F9F-E7A8B31A1A4B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {25A88B16-6D40-40B2-AB4F-C013393836E8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {2AA441AF-1C39-44D3-B7FA-9A5A39C64976} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {3D5B6403-E35F-4CF1-9F17-E34C0AD34763} - System32\Tasks\1015avUpdateInfo => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe [2015-10-11] () Task: {4104424B-3B41-4B4E-A5EB-A8C02C7B6733} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{58B3C879-B7DD-4F4D-9C5B-6641E0D5C976}.exe [2015-06-21] () Task: {424402F0-137B-40BC-A26B-67770BEAD723} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {46D7E8D5-2116-48F8-B25F-5FFE8B63F1DD} - \PassShow Update -> No File <==== ATTENTION Task: {480DFD45-D0D0-494B-A55E-706225534F7D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {4C7C8F6E-D0A2-4C74-87BC-F9E8D4B33BF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.) Task: {5D71C62C-F951-40AF-A8F4-102EE8D8F7D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA1d27b77a46e800e => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.) Task: {5E49009D-BBE0-4A6C-A37E-05DD3E5884F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {62AB2B64-F460-46D0-BD39-69A5414D7884} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {699BE71C-44CC-4760-8317-1B208718B9E0} - System32\Tasks\{13284ABE-CCA2-438F-8AC9-A005719A3BCB} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe" Task: {6EA1D2C9-3830-494E-82D6-A7AD22A9F7C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {706164FA-1B7D-45A0-BF3B-6549035B76C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {70757ED2-6922-48D5-9FFF-5CA448387BBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {7467B9B3-1F9C-49EF-8F44-6ED0F5CB09E8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {7BEB9549-FDEF-4F27-8BB9-B1C49AF7EB15} - System32\Tasks\{B5B1A3A2-5A1C-46C3-A4B9-C6CC6A571974} => pcalua.exe -a C:\Users\Reza\Downloads\sp48051.exe -d C:\Users\Reza\Downloads Task: {8981AD63-D56E-4485-8C6D-5822CCF498A4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {8CAB513F-BD45-4996-BF93-B2D788DECF3A} - System32\Tasks\{AE807DAD-E234-4EB5-AC9F-3EDE7A230F12} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar Task: {9369AF83-2DD2-4F8E-A640-220B6289A2EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {975A74FE-A436-4189-8B2E-7C6A9DCCEA81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated) Task: {999D62C5-ADC6-4AD5-9C30-0E18C452E800} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {9DBE96E0-C863-4ADB-A9A0-929CD16CDAFB} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {9F440B3B-0ABF-4F7D-BD33-BFAD9D7B5BDD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {A0AE359D-1DE7-4641-93C1-F4A9FB318E8A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {A0E9FE00-CF13-49AF-A8ED-FB904B5E08A0} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe Task: {AA00C774-1830-4188-83BD-19E393F2D566} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {B305C3E0-5245-4C39-A853-1A0623D77245} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {B5ADC499-1E0D-4053-8B7F-2164F78552C0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {B73D26A7-40FA-4A80-9714-BFB07E62B52D} - System32\Tasks\{B34FB2E0-B5B6-4D2C-A4D7-2D06C94C5B7B} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E670F1F2-A882-4EE5-90E1-EFBF46AB5A01}\Setup.exe" -c -runfromtemp -l0x0409 Task: {B77C219D-C393-4D2F-B3F7-171DD5602E6F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {C148FFC7-C767-41D5-BD4A-9DB42752A336} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {C8E863F2-B72E-4725-B66D-B6FA98CA8A67} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {D3BC833F-C1B5-4719-96DB-923E49F91C25} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {D5F2CC07-A4D9-4E78-9B3A-71B6FDE756C0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-01-17] (Apple Inc.) Task: {D94450E2-03B5-4C0D-9C9D-74068B33A50C} - System32\Tasks\{A3AAE776-EE26-4896-8B32-8839CB93443A} => C:\Program Files (x86)\iTunes\iTunes.exe Task: {DCECC6D0-3473-4C5E-9557-16BDF02FDF38} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {E19B804A-E4CF-476C-9C78-70B8CE34C098} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {EE5A851C-14B1-442D-9C8C-089F40A34085} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {F1F42CF6-8BD4-41EB-9F37-811707C08B5B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {F2FA259D-50B4-4107-A6B5-5A7523C6940F} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Reza\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {F31DEFDF-E414-47D7-AC13-A7A928F6B4B4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {F67BC5BC-9B8A-4B61-ADDA-9ED0535E0D85} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{58B3C879-B7DD-4F4D-9C5B-6641E0D5C976}.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core.job => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA.job => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Cut the Rope.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=jfbadlndcminbkfojhlimnkgaackjmdo ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Happy Friday!.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=lagckjdgadpknikjoegcibbollkafpid ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Scratch for Holiday.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=ggfniphganolbedpcfmpjmnnfhgaoein ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\So Many Me - Demo.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=bgjkhidjaocnkjchjfpgbfdegeiljcdn ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=mhagnkphcmpkmabhocgimoncfaihkpof ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Touch Drawing App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=knegnmjmhjjnmpfidlhnjcajmbmhdnbm ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Fu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=pofoighmmpljaikjiidkkfhldjndfdbk ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Meloetta - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" ==================== Loaded Modules (Whitelisted) ============== 2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-01-30 15:48 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-01-30 15:48 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2017-01-30 15:48 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-27 00:33 - 2016-09-27 00:33 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-10 16:51 - 2016-12-20 23:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-10 16:50 - 2016-12-20 22:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-10 16:50 - 2016-12-20 22:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-10 16:50 - 2016-12-20 22:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-10 16:50 - 2016-12-20 22:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-10 16:50 - 2016-12-20 22:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-10 16:50 - 2016-12-20 22:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-02-22 10:00 - 2017-02-22 10:02 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-02-22 10:00 - 2017-02-22 10:02 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-02-22 10:00 - 2017-02-22 10:02 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-02-06 21:04 - 2017-02-06 21:06 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll 2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-10-24 14:25 - 2015-10-09 15:56 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe 2017-01-10 16:50 - 2016-12-20 22:49 - 04046848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll 2017-02-17 00:45 - 2017-01-19 22:34 - 00181928 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll 2017-02-17 00:45 - 2017-01-19 22:34 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll 2017-02-17 00:46 - 2017-01-19 22:34 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll 2017-02-17 00:45 - 2017-01-19 22:34 - 00112296 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll 2017-02-17 00:46 - 2017-01-19 22:34 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2017-02-25 13:50 - 2017-02-25 13:50 - 00098816 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32api.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00110080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pywintypes27.dll 2017-02-25 13:50 - 2017-02-25 13:50 - 00364544 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pythoncom27.dll 2017-02-25 13:50 - 2017-02-25 13:50 - 00320512 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32com.shell.shell.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00914432 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_hashlib.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 01176576 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._core_.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00806400 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._gdi_.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00816128 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._windows_.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 01067008 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._controls_.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00733184 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._misc_.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00682496 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pysqlite2._sqlite.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00088064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_ctypes.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00686080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\unicodedata.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00119808 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32file.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00108544 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32security.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00007168 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\hashobjs_ext.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00017920 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\thumbnails_ext.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00088064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\usb_ext.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00012800 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\common.time34.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00018432 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32event.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00167936 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32gui.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00046080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_socket.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 01303552 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_ssl.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00128512 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_elementtree.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00127488 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pyexpat.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00038912 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32inet.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00036864 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_psutil_windows.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00524248 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\windows._lib_cacheinvalidation.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00011264 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32crypt.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00123392 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._wizard.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00077312 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._html2.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00027648 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_multiprocessing.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00020480 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_yappi.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00035840 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32process.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00078848 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._animate.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00024064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32pipe.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00010240 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\select.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00025600 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32pdh.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00017408 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32profile.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00022528 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32ts.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [170] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350518\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350722\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Reza\Desktop\ENTER\GILLIANHARTART\seahorse.png HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\Control Panel\Desktop\\Wallpaper -> C:\Users\Reza\Desktop\ENTER\GILLIANHARTART\seahorse.png DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AudioBox VSL => C:\Program Files\PreSonus\AudioBox\AudioBox.exe -startup MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: Google Update => "C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe HKLM\...\StartupApproved\Run32: => "AVG_UI" HKLM\...\StartupApproved\Run32: => "LWS" HKLM\...\StartupApproved\Run32: => "AvgUi" HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\StartupApproved\Run: => "AudioBox VSL" HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\...\StartupApproved\Run: => "AudioBox VSL" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{7EFA68E4-5207-47C5-8F2B-1ED09FEB2229}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{7E21B876-BA4B-4A3C-A5D6-46D204F38017}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{E40E1F07-B915-4605-89F8-C0731211EC8A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{06DE4B17-98FA-47D8-9829-43EF27ACAA66}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{D15C6520-3FCD-48DC-B694-90E34BECEFAB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{5B44694B-FCCC-401B-8AA1-76AB0B782820}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [UDP Query User{9747D755-5ECE-4533-9860-DCA8CD671F15}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [TCP Query User{39AAE125-947D-48AE-8DBC-CD6D3065FD40}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [UDP Query User{AE0DD836-7B33-48BF-B29B-C1C21D7E3AFD}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [TCP Query User{91CBAB0B-B902-4630-809E-3DAE4146B961}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [{E5153C5F-AA0F-41B1-9946-28674C067F38}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{B814E440-75CA-41BE-BA24-8C6FA3790622}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{88A56846-3068-401C-B9C8-DE3DCAE5B3E5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{0B488E95-3363-4B0F-832C-CFA63936DBD7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{CB4E149C-60A5-4769-9B66-D01644DFF126}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{51297A57-31D0-4E54-B2CA-20C1D5FF87E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{0DE1BFF3-F392-4835-AEFA-D4F1B4C3A44E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{FBAB83AC-763C-427B-B60D-4E76EE4525B8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{316750C9-A053-4121-82F9-CA1AD801E3A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{60C793C1-94BA-4E8C-A783-40BDB3A71EF7}] => (Block) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [{DE58BC30-7D09-41EA-838C-366EADF8739D}] => (Block) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [UDP Query User{6CF3B5FD-3F3B-48B4-A0AA-D14592ACDE94}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [TCP Query User{C276646A-0992-4E48-A97D-6D836B0BDBD9}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [{5466733C-131F-4904-A15B-FC1772DCF6BD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{32C1309A-41CB-4B7B-9430-1E15678A3710}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [UDP Query User{02CCDD33-7EF1-4A2A-819D-1B56B32AB8B9}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe FirewallRules: [TCP Query User{F5445A46-312F-4C81-AD89-B26B80C2246A}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe FirewallRules: [UDP Query User{89578634-2123-41A5-8C2D-154DDFF72934}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [TCP Query User{886F6B67-FBF9-4DC1-8FE3-86AE8D4BB2BC}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [UDP Query User{9DC3B462-8F85-4181-82D8-E96CEA35A010}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [TCP Query User{48D8D9E0-A709-411D-9BFF-CFAEEA8455FD}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [{45C518A1-5AF5-40AF-8B18-7A9EDA12CC4F}] => (Allow) LPort=51001 FirewallRules: [{D9750CC1-49FB-49EC-938E-4E95D37E49C1}] => (Allow) LPort=37675 FirewallRules: [{060877D4-BDC4-499B-9E6A-FE38162D1CE0}] => (Allow) LPort=37674 FirewallRules: [{44BDB300-EF73-4CC8-A0CB-6F428D9CEBB7}] => (Allow) LPort=37674 FirewallRules: [{83A02CBD-1437-48CE-B520-54D181C37228}] => (Allow) LPort=443 FirewallRules: [{0F0080DF-5CCB-47DA-B3E2-929462C595D9}] => (Allow) LPort=443 FirewallRules: [{72E71537-A64B-4913-8379-0E3D0B25E531}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe FirewallRules: [{965697C2-3AFC-4609-BF56-08F96B1EEEC4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe FirewallRules: [{61EA5BA8-FFE8-4C54-82D5-8DD41A68818D}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe FirewallRules: [{13A0A512-A8F7-4C5B-94CA-43F8BC92212B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe FirewallRules: [{AD40F0BD-F40E-4606-8F45-8663B09AC87C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe FirewallRules: [{6A6B01AA-5DAC-4821-8F4A-A1D302804496}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe FirewallRules: [{1D6D0113-BCF8-484C-8967-7AFC7A691B56}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe FirewallRules: [{5D489336-C113-4D15-B3A8-0CAE4A4AE923}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe FirewallRules: [{8440651C-DF0A-4C6E-8E37-96F8593DD308}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{B16BD899-7EBF-490B-9436-A0F60B53C533}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{30124E73-E94B-4911-83FC-022D4E216A5E}] => (Allow) LPort=1900 FirewallRules: [{B13AA4C6-50D3-420B-9874-6E867BD24A1E}] => (Allow) LPort=2869 FirewallRules: [{70969C10-61F7-42B4-BDC8-917270BE7C33}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{C463FBE6-69FC-4D61-B8C4-64BC228DACED}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{4356AC76-7E6F-41A7-87D1-EA2A40FA059C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{FE1A037A-6EFC-44CA-B418-852D1CE1F17E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{077B0BFF-2E7B-44B4-A9DE-6C1C1D8D3C40}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{776EBE4C-FB49-4B48-B95F-F63F2B576B39}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{4808F9BE-687B-4014-AA64-578068F5B338}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{7D9EC392-0B9F-49C0-B553-9245401D32CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E25F77AC-A2D1-47C9-8F82-09EC253E1A4B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{F6CD1ADD-C5F1-4534-A0FD-B9CCAF3269A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9ABF9C80-E5E4-4B19-A322-4F53A52110FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0F7D4A0F-3259-4A48-B0AB-C364C79300A5}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{A0E262CF-904B-47B0-AF36-E72AF5504BC8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{91DB7801-5D28-4B60-BC75-615C3B700A89}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe FirewallRules: [{B537BF97-705B-463F-957F-271BD68C4F09}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe FirewallRules: [{BF5373B6-52F1-4D13-B59D-7E801A1A8EC5}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe ==================== Restore Points ========================= 03-02-2017 09:27:24 Scheduled Checkpoint 12-02-2017 14:43:58 Scheduled Checkpoint 14-02-2017 10:56:50 Removed Visual Studio 2012 x86 Redistributables 21-02-2017 13:18:15 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/25/2017 02:16:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x5617c71b Faulting module name: KERNELBASE.dll, version: 10.0.14393.479, time stamp: 0x58256d37 Exception code: 0xe0434352 Fault offset: 0x000da832 Faulting process id: 0x96c Faulting application start time: 0x01d28f364a5b206a Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: c88ad05f-3cff-41dd-90fd-1a095efc4d49 Faulting package full name: Faulting package-relative application ID: Error: (02/25/2017 02:16:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: FreemakeUtilsService.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Security.Principal.SecurityIdentifier..ctor(System.String) at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary() at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo) at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck() at FreemakeUtilsService.Statistics.Manager.SettingsSyncCompleted(System.Object, System.EventArgs) at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (02/25/2017 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9859 Error: (02/25/2017 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9859 Error: (02/25/2017 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/25/2017 02:14:19 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8593 Error: (02/25/2017 02:14:19 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8593 Error: (02/25/2017 02:14:19 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/25/2017 02:14:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7312 Error: (02/25/2017 02:14:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7312 System errors: ============= Error: (02/25/2017 02:16:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s). Error: (02/25/2017 02:13:51 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a118\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-3294675276-783259607-3426699991-1000-02252017141350880-ntuser.dat Error: (02/25/2017 02:01:23 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:20 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:17 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:15 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:12 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:10 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:07 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:04 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. CodeIntegrity: =================================== Date: 2017-02-25 14:02:04.528 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-25 14:02:04.516 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-20 17:08:56.569 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-20 17:08:56.562 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 21:22:41.335 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 21:22:41.326 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 18:55:58.903 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 18:55:58.899 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 15:24:23.580 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 15:24:23.569 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Percentage of memory in use: 80% Total physical RAM: 3947.86 MB Available physical RAM: 774.68 MB Total Virtual: 13163.86 MB Available Virtual: 9725.41 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:125.2 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 281C6927) Partition 1: (Not Active) - (Size=14 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  7. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017 Ran by Reza (25-02-2017 14:13:23) Running from C:\Users\Reza\Downloads Windows 10 Home Version 1607 (X64) (2016-09-27 08:41:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3294675276-783259607-3426699991-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3294675276-783259607-3426699991-503 - Limited - Disabled) Guest (S-1-5-21-3294675276-783259607-3426699991-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3294675276-783259607-3426699991-1002 - Limited - Enabled) Reza (S-1-5-21-3294675276-783259607-3426699991-1000 - Administrator - Enabled) => C:\Users\Reza ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ableton Live 9 Suite (HKLM\...\{F6238EAB-3AD7-4B0E-B0AD-E533A93A5C32}) (Version: 9.0.0.0 - Ableton) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3501.00 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.5.3501.00 - CyberLink Corp.) Hidden ACID Music Studio 9.0 (HKLM-x32\...\{FAD22280-8DD6-11E3-A36E-F04DA23A5C58}) (Version: 9.0.40 - Sony) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ArcadeMovie (HKLM-x32\...\InstallShield_{E670F1F2-A882-4EE5-90E1-EFBF46AB5A01}) (Version: 4.00.0000 - CyberLink Corp.) ArcadeMovie (x32 Version: 4.00.0000 - CyberLink Corp.) Hidden ArtRage 4 Demo (HKLM-x32\...\ArtRage 4 Demo 4.5.2.0) (Version: 4.5.2.0 - Ambient Design) ArtRage 4 Demo (Version: 4.5.2.0 - Ambient Design) Hidden AudioBox version 1.2 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.2 - PreSonus) Avid Mbox 2 USB Drivers (x64) (HKLM\...\{F9242D4E-09E7-45C7-A53A-83375D0FAD42}) (Version: 9.0.2 - Avid Technology, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.49.150 - OSToto Co., Ltd.) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack) Freemake Video Converter version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation) Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.) Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Max 6.1.8 (x64) (HKLM\...\{B3071CEA-6555-4660-BBC9-A3A28F00197A}) (Version: 136.1.8 - Cycling '74) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft OneDrive (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Moo0 Audio Converter 1.32 (HKLM-x32\...\Moo0 AudioTypeConverter) (Version: - ) Moo0 Voice Recorder 1.43 (HKLM-x32\...\Moo0 VoiceRecorder) (Version: - ) Moo0 YouTube Downloader 1.06 (HKLM-x32\...\Moo0 Utube-DL) (Version: - ) MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden PreSonus Studio One 2 (HKLM-x32\...\PreSonus Studio One 2) (Version: 2.5.2.22258 - PreSonus Audio Electronics) R8 Driver (HKLM\...\{C68DB659-6046-41FD-B163-E7208C1718A4}) (Version: 2.2.0.8 - ZOOM) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) Studio Devil BVC 1.1 (HKLM-x32\...\Studio Devil BVC - Acid Music Studio Edition_is1) (Version: - StudioDevil) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated) Telegram Desktop version 1.0 (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0 - Telegram Messenger LLP) TruePianos Amber Lite (ACID Music Studio) 1.5.0 (HKLM-x32\...\TruePianos Amber Lite (ACID Music Studio)_is1) (Version: - 4Front Technologies) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Viber (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\{7de2db6a-6f4b-4b45-82b9-57d5d7f1c952}) (Version: 5.4.0.1664 - Viber Media Inc.) Viber (x32 Version: 5.4.0.1664 - Viber Media Inc.) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Reza\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03DF55EB-3619-4B37-B7BE-3820E691F8FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {0DCF04DE-D69D-45C8-BD57-2D806BDD143C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {1569EA35-B689-4777-85C9-5218161CD92B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core1d27b77a4243672 => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.) Task: {15FCD86A-9B5E-4271-8311-1AD8BC28BEEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.) Task: {16E25E59-475C-48FE-B049-5ECF1A0C1E14} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {1869619F-C32D-41ED-9922-DFED88E1DCAB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {18E80EE4-A648-430B-A4A4-CE0F9E597067} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe Task: {195B9241-56B8-47BF-AF57-522F80AC7EC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {19B44E58-C3E5-4213-8CC3-37B115C5FA1F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {1B860AE4-B749-4262-B13F-C8D3ADC39234} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Moo0\VideoToAudio 1.12\VideoToAudio.exe Task: {1D9E9F21-73F1-4A9F-A1B3-A7D3A0BAA2C0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {1F343AE1-F994-4A01-A553-A429D94DF3D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {206F523C-7DE4-49DD-8F9F-E7A8B31A1A4B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {25A88B16-6D40-40B2-AB4F-C013393836E8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {2AA441AF-1C39-44D3-B7FA-9A5A39C64976} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {3D5B6403-E35F-4CF1-9F17-E34C0AD34763} - System32\Tasks\1015avUpdateInfo => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe [2015-10-11] () Task: {4104424B-3B41-4B4E-A5EB-A8C02C7B6733} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{58B3C879-B7DD-4F4D-9C5B-6641E0D5C976}.exe [2015-06-21] () Task: {424402F0-137B-40BC-A26B-67770BEAD723} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {46D7E8D5-2116-48F8-B25F-5FFE8B63F1DD} - \PassShow Update -> No File <==== ATTENTION Task: {480DFD45-D0D0-494B-A55E-706225534F7D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {4C7C8F6E-D0A2-4C74-87BC-F9E8D4B33BF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.) Task: {5D71C62C-F951-40AF-A8F4-102EE8D8F7D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA1d27b77a46e800e => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.) Task: {5E49009D-BBE0-4A6C-A37E-05DD3E5884F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {62AB2B64-F460-46D0-BD39-69A5414D7884} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {699BE71C-44CC-4760-8317-1B208718B9E0} - System32\Tasks\{13284ABE-CCA2-438F-8AC9-A005719A3BCB} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe" Task: {6EA1D2C9-3830-494E-82D6-A7AD22A9F7C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {706164FA-1B7D-45A0-BF3B-6549035B76C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {70757ED2-6922-48D5-9FFF-5CA448387BBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {7467B9B3-1F9C-49EF-8F44-6ED0F5CB09E8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {7BEB9549-FDEF-4F27-8BB9-B1C49AF7EB15} - System32\Tasks\{B5B1A3A2-5A1C-46C3-A4B9-C6CC6A571974} => pcalua.exe -a C:\Users\Reza\Downloads\sp48051.exe -d C:\Users\Reza\Downloads Task: {8981AD63-D56E-4485-8C6D-5822CCF498A4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {8CAB513F-BD45-4996-BF93-B2D788DECF3A} - System32\Tasks\{AE807DAD-E234-4EB5-AC9F-3EDE7A230F12} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar Task: {9369AF83-2DD2-4F8E-A640-220B6289A2EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {975A74FE-A436-4189-8B2E-7C6A9DCCEA81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated) Task: {999D62C5-ADC6-4AD5-9C30-0E18C452E800} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {9DBE96E0-C863-4ADB-A9A0-929CD16CDAFB} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {9F440B3B-0ABF-4F7D-BD33-BFAD9D7B5BDD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {A0AE359D-1DE7-4641-93C1-F4A9FB318E8A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {A0E9FE00-CF13-49AF-A8ED-FB904B5E08A0} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe Task: {AA00C774-1830-4188-83BD-19E393F2D566} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {B305C3E0-5245-4C39-A853-1A0623D77245} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {B5ADC499-1E0D-4053-8B7F-2164F78552C0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {B73D26A7-40FA-4A80-9714-BFB07E62B52D} - System32\Tasks\{B34FB2E0-B5B6-4D2C-A4D7-2D06C94C5B7B} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E670F1F2-A882-4EE5-90E1-EFBF46AB5A01}\Setup.exe" -c -runfromtemp -l0x0409 Task: {B77C219D-C393-4D2F-B3F7-171DD5602E6F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {C148FFC7-C767-41D5-BD4A-9DB42752A336} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {C8E863F2-B72E-4725-B66D-B6FA98CA8A67} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {D3BC833F-C1B5-4719-96DB-923E49F91C25} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {D5F2CC07-A4D9-4E78-9B3A-71B6FDE756C0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-01-17] (Apple Inc.) Task: {D94450E2-03B5-4C0D-9C9D-74068B33A50C} - System32\Tasks\{A3AAE776-EE26-4896-8B32-8839CB93443A} => C:\Program Files (x86)\iTunes\iTunes.exe Task: {DCECC6D0-3473-4C5E-9557-16BDF02FDF38} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {E19B804A-E4CF-476C-9C78-70B8CE34C098} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {EE5A851C-14B1-442D-9C8C-089F40A34085} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {F1F42CF6-8BD4-41EB-9F37-811707C08B5B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {F2FA259D-50B4-4107-A6B5-5A7523C6940F} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Reza\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {F31DEFDF-E414-47D7-AC13-A7A928F6B4B4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {F67BC5BC-9B8A-4B61-ADDA-9ED0535E0D85} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{58B3C879-B7DD-4F4D-9C5B-6641E0D5C976}.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core.job => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA.job => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Cut the Rope.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=jfbadlndcminbkfojhlimnkgaackjmdo ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Happy Friday!.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=lagckjdgadpknikjoegcibbollkafpid ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Scratch for Holiday.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=ggfniphganolbedpcfmpjmnnfhgaoein ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\So Many Me - Demo.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=bgjkhidjaocnkjchjfpgbfdegeiljcdn ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=mhagnkphcmpkmabhocgimoncfaihkpof ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Touch Drawing App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=knegnmjmhjjnmpfidlhnjcajmbmhdnbm ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Fu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=pofoighmmpljaikjiidkkfhldjndfdbk ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Meloetta - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" ==================== Loaded Modules (Whitelisted) ============== 2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-01-30 15:48 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-01-30 15:48 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2017-01-30 15:48 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-27 00:33 - 2016-09-27 00:33 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-10 16:51 - 2016-12-20 23:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-10 16:50 - 2016-12-20 22:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-10 16:50 - 2016-12-20 22:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-10 16:50 - 2016-12-20 22:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-10 16:50 - 2016-12-20 22:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-10 16:50 - 2016-12-20 22:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-10 16:50 - 2016-12-20 22:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-02-22 10:00 - 2017-02-22 10:02 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-02-22 10:00 - 2017-02-22 10:02 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-02-22 10:00 - 2017-02-22 10:02 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-02-06 21:04 - 2017-02-06 21:06 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll 2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-10-24 14:25 - 2015-10-09 15:56 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe 2017-01-10 16:50 - 2016-12-20 22:49 - 04046848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll 2017-02-17 00:45 - 2017-01-19 22:34 - 00181928 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll 2017-02-17 00:45 - 2017-01-19 22:34 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll 2017-02-17 00:46 - 2017-01-19 22:34 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll 2017-02-17 00:45 - 2017-01-19 22:34 - 00112296 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll 2017-02-17 00:46 - 2017-01-19 22:34 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2017-02-25 13:50 - 2017-02-25 13:50 - 00098816 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32api.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00110080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pywintypes27.dll 2017-02-25 13:50 - 2017-02-25 13:50 - 00364544 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pythoncom27.dll 2017-02-25 13:50 - 2017-02-25 13:50 - 00320512 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32com.shell.shell.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00914432 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_hashlib.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 01176576 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._core_.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00806400 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._gdi_.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00816128 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._windows_.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 01067008 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._controls_.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00733184 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._misc_.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00682496 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pysqlite2._sqlite.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00088064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_ctypes.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00686080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\unicodedata.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00119808 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32file.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00108544 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32security.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00007168 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\hashobjs_ext.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00017920 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\thumbnails_ext.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00088064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\usb_ext.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00012800 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\common.time34.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00018432 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32event.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00167936 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32gui.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00046080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_socket.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 01303552 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_ssl.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00128512 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_elementtree.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00127488 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pyexpat.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00038912 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32inet.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00036864 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_psutil_windows.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00524248 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\windows._lib_cacheinvalidation.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00011264 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32crypt.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00123392 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._wizard.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00077312 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._html2.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00027648 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_multiprocessing.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00020480 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_yappi.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00035840 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32process.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00078848 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._animate.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00024064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32pipe.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00010240 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\select.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00025600 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32pdh.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00017408 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32profile.pyd 2017-02-25 13:50 - 2017-02-25 13:50 - 00022528 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32ts.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [170] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350518\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350722\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Reza\Desktop\ENTER\GILLIANHARTART\seahorse.png HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\Control Panel\Desktop\\Wallpaper -> C:\Users\Reza\Desktop\ENTER\GILLIANHARTART\seahorse.png DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AudioBox VSL => C:\Program Files\PreSonus\AudioBox\AudioBox.exe -startup MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: Google Update => "C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe HKLM\...\StartupApproved\Run32: => "AVG_UI" HKLM\...\StartupApproved\Run32: => "LWS" HKLM\...\StartupApproved\Run32: => "AvgUi" HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\StartupApproved\Run: => "AudioBox VSL" HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\...\StartupApproved\Run: => "AudioBox VSL" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{7EFA68E4-5207-47C5-8F2B-1ED09FEB2229}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{7E21B876-BA4B-4A3C-A5D6-46D204F38017}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{E40E1F07-B915-4605-89F8-C0731211EC8A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{06DE4B17-98FA-47D8-9829-43EF27ACAA66}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{D15C6520-3FCD-48DC-B694-90E34BECEFAB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{5B44694B-FCCC-401B-8AA1-76AB0B782820}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [UDP Query User{9747D755-5ECE-4533-9860-DCA8CD671F15}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [TCP Query User{39AAE125-947D-48AE-8DBC-CD6D3065FD40}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [UDP Query User{AE0DD836-7B33-48BF-B29B-C1C21D7E3AFD}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [TCP Query User{91CBAB0B-B902-4630-809E-3DAE4146B961}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [{E5153C5F-AA0F-41B1-9946-28674C067F38}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{B814E440-75CA-41BE-BA24-8C6FA3790622}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{88A56846-3068-401C-B9C8-DE3DCAE5B3E5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{0B488E95-3363-4B0F-832C-CFA63936DBD7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{CB4E149C-60A5-4769-9B66-D01644DFF126}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{51297A57-31D0-4E54-B2CA-20C1D5FF87E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{0DE1BFF3-F392-4835-AEFA-D4F1B4C3A44E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{FBAB83AC-763C-427B-B60D-4E76EE4525B8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{316750C9-A053-4121-82F9-CA1AD801E3A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{60C793C1-94BA-4E8C-A783-40BDB3A71EF7}] => (Block) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [{DE58BC30-7D09-41EA-838C-366EADF8739D}] => (Block) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [UDP Query User{6CF3B5FD-3F3B-48B4-A0AA-D14592ACDE94}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [TCP Query User{C276646A-0992-4E48-A97D-6D836B0BDBD9}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [{5466733C-131F-4904-A15B-FC1772DCF6BD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{32C1309A-41CB-4B7B-9430-1E15678A3710}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [UDP Query User{02CCDD33-7EF1-4A2A-819D-1B56B32AB8B9}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe FirewallRules: [TCP Query User{F5445A46-312F-4C81-AD89-B26B80C2246A}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe FirewallRules: [UDP Query User{89578634-2123-41A5-8C2D-154DDFF72934}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [TCP Query User{886F6B67-FBF9-4DC1-8FE3-86AE8D4BB2BC}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [UDP Query User{9DC3B462-8F85-4181-82D8-E96CEA35A010}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [TCP Query User{48D8D9E0-A709-411D-9BFF-CFAEEA8455FD}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [{45C518A1-5AF5-40AF-8B18-7A9EDA12CC4F}] => (Allow) LPort=51001 FirewallRules: [{D9750CC1-49FB-49EC-938E-4E95D37E49C1}] => (Allow) LPort=37675 FirewallRules: [{060877D4-BDC4-499B-9E6A-FE38162D1CE0}] => (Allow) LPort=37674 FirewallRules: [{44BDB300-EF73-4CC8-A0CB-6F428D9CEBB7}] => (Allow) LPort=37674 FirewallRules: [{83A02CBD-1437-48CE-B520-54D181C37228}] => (Allow) LPort=443 FirewallRules: [{0F0080DF-5CCB-47DA-B3E2-929462C595D9}] => (Allow) LPort=443 FirewallRules: [{72E71537-A64B-4913-8379-0E3D0B25E531}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe FirewallRules: [{965697C2-3AFC-4609-BF56-08F96B1EEEC4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe FirewallRules: [{61EA5BA8-FFE8-4C54-82D5-8DD41A68818D}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe FirewallRules: [{13A0A512-A8F7-4C5B-94CA-43F8BC92212B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe FirewallRules: [{AD40F0BD-F40E-4606-8F45-8663B09AC87C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe FirewallRules: [{6A6B01AA-5DAC-4821-8F4A-A1D302804496}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe FirewallRules: [{1D6D0113-BCF8-484C-8967-7AFC7A691B56}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe FirewallRules: [{5D489336-C113-4D15-B3A8-0CAE4A4AE923}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe FirewallRules: [{8440651C-DF0A-4C6E-8E37-96F8593DD308}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{B16BD899-7EBF-490B-9436-A0F60B53C533}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{30124E73-E94B-4911-83FC-022D4E216A5E}] => (Allow) LPort=1900 FirewallRules: [{B13AA4C6-50D3-420B-9874-6E867BD24A1E}] => (Allow) LPort=2869 FirewallRules: [{70969C10-61F7-42B4-BDC8-917270BE7C33}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{C463FBE6-69FC-4D61-B8C4-64BC228DACED}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{4356AC76-7E6F-41A7-87D1-EA2A40FA059C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{FE1A037A-6EFC-44CA-B418-852D1CE1F17E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{077B0BFF-2E7B-44B4-A9DE-6C1C1D8D3C40}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{776EBE4C-FB49-4B48-B95F-F63F2B576B39}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{4808F9BE-687B-4014-AA64-578068F5B338}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{7D9EC392-0B9F-49C0-B553-9245401D32CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E25F77AC-A2D1-47C9-8F82-09EC253E1A4B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{F6CD1ADD-C5F1-4534-A0FD-B9CCAF3269A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9ABF9C80-E5E4-4B19-A322-4F53A52110FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0F7D4A0F-3259-4A48-B0AB-C364C79300A5}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{A0E262CF-904B-47B0-AF36-E72AF5504BC8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{91DB7801-5D28-4B60-BC75-615C3B700A89}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe FirewallRules: [{B537BF97-705B-463F-957F-271BD68C4F09}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe FirewallRules: [{BF5373B6-52F1-4D13-B59D-7E801A1A8EC5}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe ==================== Restore Points ========================= 03-02-2017 09:27:24 Scheduled Checkpoint 12-02-2017 14:43:58 Scheduled Checkpoint 14-02-2017 10:56:50 Removed Visual Studio 2012 x86 Redistributables 21-02-2017 13:18:15 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/25/2017 02:16:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x5617c71b Faulting module name: KERNELBASE.dll, version: 10.0.14393.479, time stamp: 0x58256d37 Exception code: 0xe0434352 Fault offset: 0x000da832 Faulting process id: 0x96c Faulting application start time: 0x01d28f364a5b206a Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: c88ad05f-3cff-41dd-90fd-1a095efc4d49 Faulting package full name: Faulting package-relative application ID: Error: (02/25/2017 02:16:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: FreemakeUtilsService.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException at System.Security.Principal.SecurityIdentifier..ctor(System.String) at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary() at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo) at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck() at FreemakeUtilsService.Statistics.Manager.SettingsSyncCompleted(System.Object, System.EventArgs) at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (02/25/2017 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9859 Error: (02/25/2017 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9859 Error: (02/25/2017 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/25/2017 02:14:19 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8593 Error: (02/25/2017 02:14:19 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8593 Error: (02/25/2017 02:14:19 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/25/2017 02:14:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7312 Error: (02/25/2017 02:14:18 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7312 System errors: ============= Error: (02/25/2017 02:16:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s). Error: (02/25/2017 02:13:51 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a118\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-3294675276-783259607-3426699991-1000-02252017141350880-ntuser.dat Error: (02/25/2017 02:01:23 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:20 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:17 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:15 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:12 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:10 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:07 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (02/25/2017 02:01:04 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. CodeIntegrity: =================================== Date: 2017-02-25 14:02:04.528 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-25 14:02:04.516 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-20 17:08:56.569 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-20 17:08:56.562 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 21:22:41.335 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 21:22:41.326 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 18:55:58.903 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 18:55:58.899 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 15:24:23.580 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-19 15:24:23.569 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Percentage of memory in use: 70% Total physical RAM: 3947.86 MB Available physical RAM: 1179.55 MB Total Virtual: 13163.86 MB Available Virtual: 10013.62 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:125.24 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 281C6927) Partition 1: (Not Active) - (Size=14 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  8. My Chrome page(s) keep getting redirected (YouTube, Facebook, Yahoo,...). After purchasing Malwarebytes I noticed that there seems to be a file(maybe rootkit?, I'm not sure) that Malwarebytes keeps quarantining but whenever I launch Chrome, my pages get redirected to the Chrome App store. Before I bought the product it use to redirect me somewhere else(383lahksa or something like that) but now it's the Chrome App store. I'm not sure how to resolve this. I would appreciate any feedback and suggestions. I've added a screen grab of the redirected page. This doesn't happen on Microsoft Edge, only Chrome. Thank You
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.