Ralee Posted February 16, 2017 ID:1102305 Share Posted February 16, 2017 Log.txt Link to post Share on other sites More sharing options...
Aura Posted February 16, 2017 ID:1102309 Share Posted February 16, 2017 Hi Ralee My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens; As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you; The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system; If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!; If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced; I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules; In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process; I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread; This being said, it's time to clean-up some malware, so let's get started, shall we? Follow the instructions in the thread below, and provide me the FRST.txt and Addition.txt logs. https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ Thank you. Link to post Share on other sites More sharing options...
Ralee Posted February 17, 2017 Author ID:1102481 Share Posted February 17, 2017 FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Aura Posted February 17, 2017 ID:1102494 Share Posted February 17, 2017 Alright there are quite a few things to address. I'm giving you a heads up right now: some of your programs are broken and needs to be reinstalled. I'll list those at the end of the clean-up. First, do you know these files and folders? They are all related to keyloggers. 2017-02-03 02:48 - 2017-02-16 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeKeyl0gger 2017-02-03 02:48 - 2017-02-15 06:21 - 00000000 ____D C:\Program Files (x86)\ASDECO Manager 2017-02-03 02:48 - 2017-02-03 02:50 - 00000000 ____D C:\Users\Hp\AppData\Roaming\ASDECO Manager 2017-02-03 02:46 - 2017-02-03 02:46 - 00757173 _____ C:\Users\Hp\Downloads\fklogger.zip 2017-02-03 02:45 - 2016-08-05 11:19 - 00424592 _____ C:\Windows\runkey.exe 2017-02-03 02:39 - 2017-02-03 02:39 - 09339624 _____ (Spyrix Security Inc.) C:\Users\Hp\Desktop\sfk_setupcn.exe Malicious Programs Warning! I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up. a2zLyrics-15 Bundled software uninstaller DefaultTab Hao123.com Hao123-Client Messenger Plus! Community Smartbar If you have an issue when uninstalling a program, please let me know. Now we'll run a first big fix with FRST, followed by a quick sweep with JRT and AdwCleaner. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located); Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Copy and paste its content in your next reply; Junkware Removal Tool (JRT) Download Junkware Removal Tool (JRT) and move it to your Desktop; Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Press on any key to launch the scan and let it complete;Credits : BleepingComputer.com Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply; AdwCleaner - Fix Mode Download AdwCleaner and move it to your Desktop; Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Accept the EULA (I accept), let the database update, then click on Scan; Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes; Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it; After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply; Your next reply(ies) should therefore contain: Answer to my question about the keylogger file(s) and folder(s) on your system; Confirmation that you uninstalled the programs listed above, if not, which one(s) and why; Copy/pasted content of FRST's fixlog.txt; Copy/pasted JRT log; Copy/pasted AdwCleaner clean log; fixlist.txt Link to post Share on other sites More sharing options...
Ralee Posted February 17, 2017 Author ID:1102502 Share Posted February 17, 2017 3 minutes ago, Aura said: Alright there are quite a few things to address. I'm giving you a heads up right now: some of your programs are broken and needs to be reinstalled. I'll list those at the end of the clean-up. First, do you know these files and folders? They are all related to keyloggers. 2017-02-03 02:48 - 2017-02-16 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeKeyl0gger 2017-02-03 02:48 - 2017-02-15 06:21 - 00000000 ____D C:\Program Files (x86)\ASDECO Manager 2017-02-03 02:48 - 2017-02-03 02:50 - 00000000 ____D C:\Users\Hp\AppData\Roaming\ASDECO Manager 2017-02-03 02:46 - 2017-02-03 02:46 - 00757173 _____ C:\Users\Hp\Downloads\fklogger.zip 2017-02-03 02:45 - 2016-08-05 11:19 - 00424592 _____ C:\Windows\runkey.exe 2017-02-03 02:39 - 2017-02-03 02:39 - 09339624 _____ (Spyrix Security Inc.) C:\Users\Hp\Desktop\sfk_setupcn.exe Malicious Programs Warning! I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up. a2zLyrics-15 Bundled software uninstaller DefaultTab Hao123.com Hao123-Client Messenger Plus! Community Smartbar If you have an issue when uninstalling a program, please let me know. 5 Yes i installed a keylogger. Although imnot sure about the runkey.exe The programs you listed, i dont see them and cant find them so how do i uninstall them? Link to post Share on other sites More sharing options...
Aura Posted February 17, 2017 ID:1102509 Share Posted February 17, 2017 If you can't find them, leave them be for now. JRT and AdwCleaner might take care of them, we'll see after. Link to post Share on other sites More sharing options...
Ralee Posted February 17, 2017 Author ID:1102575 Share Posted February 17, 2017 5 hours ago, Aura said: Your next reply(ies) should therefore contain: Answer to my question about the keylogger file(s) and folder(s) on your system; Confirmation that you uninstalled the programs listed above, if not, which one(s) and why; Copy/pasted content of FRST's fixlog.txt; Copy/pasted JRT log; Copy/pasted AdwCleaner clean log; I installed a keylogger. I didnt uninstall them because i don't know where they are Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02 Ran by Hp (administrator) on TRAC (17-02-2017 14:53:43) Running from C:\Users\Hp\Downloads Loaded Profiles: Hp & (Available Profiles: Hp & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\Free Desktop Clock\timeserv.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (SoftPerfect) C:\Program Files\NetWorx\networx.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Foundation) C:\Program Files\Zimbra\Zimbra Desktop\win64\prism\zdclient.exe () C:\Program Files\Zimbra\Zimbra Desktop\win64\zdesktop.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7620424 2016-11-17] (SoftPerfect) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [Verbose] => "C:\Program Files (x86)\NCH Software\Verbose\verbose.exe" -logon HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [kbdsprt] => [X] HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-14] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-13] (Piriform Ltd) HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [AtomicAlarmClock6] => C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe [4652544 2013-06-27] () HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: G - G:\Lenovo_Suite.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: J - J:\Lenovo_Suite.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {2fd233a1-5900-11e1-bc84-c3c8f51b191e} - G:\AutoRun.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {903b68ba-6d28-11e5-85a0-70f3952fbf70} - J:\Lenovo_Suite.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {ad67e7c1-6236-11e5-93db-70f3952fbf70} - "G:\WD Drive Unlock.exe" autoplay=true HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {c0fe8dbd-66ff-11e3-8c6b-70f3952fbf70} - G:\autorun.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {d7d97cdb-e8fc-11e3-9158-70f3952fbf70} - G:\setup.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {e4cf3203-bcb5-11e0-82d3-70f3952fbf70} - E:\AutoRun.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {e4cf3214-bcb5-11e0-82d3-70f3952fbf70} - G:\AutoRun.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {fafd8126-bf35-11e0-af24-001e101f79c9} - G:\AutoRun.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3821136 2013-11-01] (Tonec Inc.) HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-13] (Piriform Ltd) HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Run: [uTorrent] => C:\Users\Mr C\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-06-13] (BitTorrent Inc.) HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\MountPoints2: G - "G:\WD Drive Unlock.exe" autoplay=true HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\MountPoints2: {903b68ba-6d28-11e5-85a0-70f3952fbf70} - J:\Lenovo_Suite.exe HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\MountPoints2: {ad67e7c1-6236-11e5-93db-70f3952fbf70} - "G:\WD Drive Unlock.exe" autoplay=true HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\MountPoints2: {e4cf3214-bcb5-11e0-82d3-70f3952fbf70} - E:\AutoRun.exe HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\MountPoints2: {fafd8126-bf35-11e0-af24-001e101f79c9} - E:\AutoRun.exe AppInit_DLLs-x32: c:\progra~2\browse~1\sprote~1.dll => No File ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-14] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File GroupPolicyUsers\S-1-5-21-2588610484-973985184-251928395-1002\User: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 06 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File Winsock: Catalog5-x64 06 C:\Program Files\Bonjour\mdnsNSP.dll => No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{715E3615-F9F7-4E49-ACC3-2DE4C01CBA2D}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{BE741787-BE55-40EC-8ACA-A7E2A07874DF}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{E4718D6B-FEC8-4805-AB76-A4AF2A1861B7}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{F3C17A44-4D83-4202-B3ED-FF5EB9931108}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs URLSearchHook: HKLM-x32 - (No Name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File URLSearchHook: HKU\S-1-5-21-2588610484-973985184-251928395-1000 - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File URLSearchHook: HKU\S-1-5-21-2588610484-973985184-251928395-1000 - (No Name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File SearchScopes: HKLM-x32 -> DefaultScope Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms} SearchScopes: HKLM-x32 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms} SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> Moikrug URL = hxxp://moikrug.ru/persons/?clid=154468&charset=utf-8&keywords={searchTerms}&submitted=1 SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms} SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4FAEDDA2-6351-43E6-8568-4A45396FC74C}&mid=ef04ad78bd8547d1a8051943ef5e7851-36711ed55615b87e9c4cf224ac236fc32b85bd82&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2013-05-08 02:39:22&v=18.2.0.829&pid=safeguard&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> {C9FF56E2-80AA-494C-970C-397580307ACF} URL = hxxp://www.alnaddy.com/search/?q={searchTerms}&r=524 BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-10-29] (Internet Download Manager, Tonec Inc.) BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll => No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-26] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-14] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-26] (Oracle Corporation) BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-14] (AVAST Software) Toolbar: HKLM-x32 - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.3.0\ViProtocol.dll [2016-03-25] (AVG Secure Search) FireFox: ======== FF ProfilePath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default [2017-02-17] FF user.js: detected! => C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\user.js [2013-05-08] FF NewTab: Mozilla\Firefox\Profiles\r0evgay0.default -> hxxp://www.mysearchresults.com/?c=2402&t=15&nt=nt1&uid=BCC87061F493CD2C69EB9BD14A5643A3 FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r0evgay0.default -> AVG Secure Search FF DefaultSearchEngine,S: Mozilla\Firefox\Profiles\r0evgay0.default -> FF DefaultSearchUrl: Mozilla\Firefox\Profiles\r0evgay0.default -> FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\r0evgay0.default -> FF SearchEngineOrder.1,S: Mozilla\Firefox\Profiles\r0evgay0.default -> FF SelectedSearchEngine: Mozilla\Firefox\Profiles\r0evgay0.default -> AVG Secure Search FF SelectedSearchEngine,S: Mozilla\Firefox\Profiles\r0evgay0.default -> FF Homepage: Mozilla\Firefox\Profiles\r0evgay0.default -> hxxp://www.google.com/ FF Keyword.URL: Mozilla\Firefox\Profiles\r0evgay0.default -> FF Extension: (Grammarly for Firefox) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2017-01-13] FF Extension: (Firefox Hotfix) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31] FF Extension: (Norwell History Tools) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\norvel@history.xpi [2016-04-30] FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-24] FF Extension: (Adblock Plus) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-28] FF Extension: (YouTube Flash Video Player) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-02-15] FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\alnaddyToolbar.xml [2013-04-22] FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\avg-secure-search.xml [2016-03-25] FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\ybqs-yandex.xml [2012-03-05] FF Extension: (Hotspot Shield Helper (Please allow this installation)) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2016-03-26] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-03-26] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-26] [not signed] FF Extension: (Hotspot Shield Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2016-03-26] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48 FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-15] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-15] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 FF HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5 [2013-11-01] [not signed] FF HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5 FF HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mr C\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Mr C\AppData\Roaming\IDM\idmmzcc5 [2010-01-01] [not signed] FF HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mr C\AppData\Roaming\IDM\idmmzcc5 FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-02-28] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-18] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-26] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-18] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.3.0\\npsitesafety.dll [No File] FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-26] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File] FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-04] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-04] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-05-11] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-27] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2588610484-973985184-251928395-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2013-05-11] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013-05-11] (RealPlayer) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchKeyword: Default -> google.com.sa CHR Profile: C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default [2017-02-16] CHR Extension: (Adblock Plus) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-01] CHR Extension: (IDM Integration Module) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-10-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13] CHR Extension: (Prayers Gadget) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihkdpidinkflcjdmjabjbdhnmmaanp [2016-07-11] CHR Extension: (Chrome Media Router) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01] Opera: ======= OPR Extension: (SurfEasy Proxy, an Opera Software Company) - C:\Users\Hp\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2016-12-14] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2016-10-22] (SUPERAntiSpyware.com) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-15] (AVAST Software s.r.o.) R2 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2013-04-24] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-14] (AVAST Software) S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.) S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] () S4 Realtek87B; C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed] S4 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S4 vToolbarUpdater19.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.3.0\ToolbarUpdater.exe [1888328 2016-03-25] (AVG Secure Search) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S4 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [X] S2 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-14] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-14] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-14] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-14] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-14] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-15] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126088 2017-02-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-14] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [74680 2017-02-14] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [991496 2017-02-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-14] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337080 2017-02-15] (AVAST Software) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.) U5 cmderd; C:\Windows\System32\Drivers\cmderd.sys [23168 2013-09-24] (COMODO) R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [35352 2016-11-11] (Connectify) R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] () R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] () R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-09] (REALiX(tm)) U5 inspect; C:\Windows\System32\Drivers\inspect.sys [96800 2013-09-24] (COMODO) S3 iscFlash; c:\SwSetup\SP55299\iscflashx64.sys [45632 2010-10-15] (Insyde Software) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-15] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-16] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-16] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-16] (Malwarebytes) S3 Neo_me; C:\Windows\System32\DRIVERS\Neo_0048.sys [29808 2011-06-06] (SoftEther Corporation) R1 networx; C:\Windows\System32\drivers\networx.sys [72632 2016-10-04] (NetFilterSDK.com) S3 qciusbnet; C:\Windows\System32\DRIVERS\qciusbnet.sys [158720 2012-02-17] (Quanta Computer Inc.) S3 qciusbser; C:\Windows\System32\DRIVERS\qciusbser.sys [123648 2012-02-17] (Quanta Computer Inc.) S3 qntbulk; C:\Windows\System32\Drivers\qntbulk.sys [49664 2012-02-17] (Windows (R) Win 7 DDK provider) S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation ) R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [402136 2015-10-10] (Realsil Semiconductor Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33448 2015-10-10] (Synaptics Incorporated) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2012-02-25] () R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-02-17] (Anchorfree Inc.) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2015-12-07] (Western Digital Technologies) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB) S3 ALSysIO; \??\C:\Users\Hp\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION S3 ampa; \??\C:\Windows\system32\ampa.sys [X] S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X] S3 taphss; system32\DRIVERS\taphss.sys [X] U3 ZAPrivacyService; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-17 14:53 - 2017-02-17 14:56 - 00036140 _____ C:\Users\Hp\Downloads\FRST.txt 2017-02-17 14:53 - 2017-02-17 14:53 - 00000000 ____D C:\FRST 2017-02-17 14:52 - 2017-02-17 14:52 - 02422272 _____ (Farbar) C:\Users\Hp\Downloads\FRST64.exe 2017-02-16 17:01 - 2017-02-16 17:01 - 00123200 _____ C:\Users\Hp\AppData\Local\GDIPFONTCACHEV1.DAT 2017-02-15 10:41 - 2017-02-15 10:41 - 00000000 ____D C:\Users\Hp\AppData\LocalLow\uTorrent 2017-02-15 10:30 - 2017-02-15 10:30 - 00207590 _____ C:\Users\Hp\Desktop\Malware log.txt 2017-02-15 09:50 - 2017-02-16 16:43 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-02-15 09:50 - 2017-02-16 16:43 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-02-15 09:50 - 2017-02-15 20:00 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-02-15 09:50 - 2017-02-15 09:50 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-02-15 09:49 - 2017-02-16 16:43 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-02-15 09:48 - 2017-02-15 09:48 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-02-15 09:48 - 2017-02-15 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-02-15 09:48 - 2017-02-15 09:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-15 09:48 - 2017-02-15 09:48 - 00000000 ____D C:\Program Files\Malwarebytes 2017-02-15 09:48 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-02-15 09:44 - 2017-02-15 09:45 - 55566792 _____ (Malwarebytes ) C:\Users\Hp\Desktop\mb3-setup-consumer-3.0.6.1469.exe 2017-02-15 08:41 - 2017-02-15 08:41 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-02-15 08:41 - 2017-02-15 08:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2017-02-15 08:38 - 2017-02-14 20:23 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-02-15 07:35 - 2017-02-15 07:35 - 01638880 _____ (AVG Technologies CZ) C:\Users\Hp\Desktop\AutoExec64.exe 2017-02-15 06:56 - 2017-02-15 08:40 - 00003870 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1487130947 2017-02-15 06:56 - 2017-02-15 06:56 - 00001043 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2017-02-15 06:56 - 2017-02-15 06:56 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-02-15 06:54 - 2017-02-15 06:53 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2017-02-15 06:53 - 2017-02-15 06:53 - 01948128 _____ (AVG Technologies CZ) C:\Users\Hp\Desktop\AutoExec.exe 2017-02-15 06:50 - 2017-02-15 06:50 - 00000000 ____D C:\Users\Hp\AppData\Roaming\AVAST Software 2017-02-15 06:34 - 2017-02-15 06:43 - 00000000 ____D C:\AVG_Remover 2017-02-15 06:34 - 2017-02-15 06:34 - 08111408 _____ ( ) C:\Users\Hp\Desktop\AVG_Remover.exe 2017-02-15 06:28 - 2017-02-15 06:28 - 00000000 ____D C:\Users\Hp\AppData\Local\MFAData 2017-02-15 06:21 - 2017-02-15 06:21 - 00399360 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe 2017-02-15 05:44 - 2017-02-15 05:44 - 00899425 _____ C:\Users\Hp\AppData\Local\census.cache 2017-02-15 05:42 - 2017-02-15 05:42 - 01455218 _____ C:\Users\Hp\AppData\Local\ars.cache 2017-02-15 04:42 - 2017-02-15 06:44 - 00000000 ____D C:\Users\Hp\AppData\Local\FSDART 2017-02-15 04:42 - 2017-02-15 04:51 - 00000000 ____D C:\ProgramData\F-Secure 2017-02-15 04:42 - 2017-02-15 04:42 - 00524248 _____ (F-Secure Corporation) C:\Users\Hp\Desktop\F-SecureOnlineScanner.exe 2017-02-15 04:42 - 2017-02-15 04:42 - 00000000 ____D C:\Users\Hp\AppData\Local\F-Secure 2017-02-15 04:40 - 2016-08-22 22:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2017-02-15 04:39 - 2017-02-15 04:39 - 02527376 _____ (Trend Micro Inc.) C:\Users\Hp\Desktop\HousecallLauncher64.exe 2017-02-14 21:16 - 2017-02-14 21:16 - 06521214 _____ C:\Users\Hp\Downloads\---------------------------------.bmp 2017-02-14 20:25 - 2017-02-17 10:10 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-02-14 20:25 - 2017-02-14 20:25 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2017-02-14 20:24 - 2017-02-15 08:39 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2017-02-14 20:24 - 2017-02-14 20:37 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148713716440104 2017-02-14 20:24 - 2017-02-14 20:23 - 00991496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00309784 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00126088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00074680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-02-14 20:21 - 2017-02-15 06:53 - 00000000 ____D C:\Program Files\AVAST Software 2017-02-14 20:20 - 2017-02-14 20:20 - 06655120 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe 2017-02-14 20:20 - 2017-02-14 20:20 - 06655120 _____ (AVAST Software) C:\Users\Hp\Desktop\avast_free_antivirus_setup_online.exe 2017-02-14 16:56 - 2017-02-15 04:59 - 00000010 _____ C:\Users\Hp\AppData\Local\sponge.last.runtime.cache 2017-02-14 16:46 - 2017-02-14 16:46 - 00000000 ____D C:\Windows\Trend Micro 2017-02-14 16:46 - 2017-02-14 16:46 - 00000000 ____D C:\ProgramData\Trend Micro 2017-02-14 16:43 - 2017-02-15 07:00 - 00000000 ____D C:\ProgramData\AVAST Software 2017-02-14 16:40 - 2017-02-14 16:40 - 00000036 _____ C:\Users\Hp\AppData\Local\housecall.guid.cache 2017-02-09 23:43 - 2017-02-09 23:43 - 00067563 _____ C:\Users\Hp\Desktop\1JJ0VL.pdf 2017-02-09 23:43 - 2017-02-09 23:43 - 00001334 _____ C:\Users\Hp\Desktop\1JJ0VL - Shortcut.lnk 2017-02-09 23:41 - 2017-02-09 23:41 - 00067563 _____ C:\Users\Hp\Downloads\1JJ0VL.pdf 2017-02-08 10:03 - 2017-02-08 10:03 - 00069220 _____ C:\Users\Hp\Downloads\1JE22F.pdf 2017-02-06 05:26 - 2017-02-06 05:26 - 00109163 _____ C:\Users\Hp\Downloads\YRBK 2015 RFA Excel Final.zip 2017-02-06 05:23 - 2017-02-06 05:23 - 00034304 _____ C:\Users\Hp\Downloads\fy2015cobbook117.xls 2017-02-06 05:23 - 2017-02-06 05:23 - 00034304 _____ C:\Users\Hp\Downloads\fy2015cobbook106.xls 2017-02-06 05:22 - 2017-02-06 05:22 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook185.xls 2017-02-06 05:22 - 2017-02-06 05:22 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook171.xls 2017-02-06 05:21 - 2017-02-06 05:21 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook184.xls 2017-02-06 05:21 - 2017-02-06 05:21 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook162.xls 2017-02-06 05:21 - 2017-02-06 05:21 - 00034304 _____ C:\Users\Hp\Downloads\fy2015cobbook161.xls 2017-02-06 05:20 - 2017-02-06 05:20 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook83.xls 2017-02-06 05:18 - 2017-02-06 05:18 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook3.xls 2017-02-03 02:48 - 2017-02-16 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeKeyl0gger 2017-02-03 02:48 - 2017-02-15 06:21 - 00000000 ____D C:\Program Files (x86)\ASDECO Manager 2017-02-03 02:48 - 2017-02-03 02:50 - 00000000 ____D C:\Users\Hp\AppData\Roaming\ASDECO Manager 2017-02-03 02:47 - 2016-04-12 22:12 - 00829377 _____ (IwantSoft ) C:\Users\Hp\Downloads\setup (PASSW0RD = 123987).exe 2017-02-03 02:46 - 2017-02-03 02:46 - 00757173 _____ C:\Users\Hp\Downloads\fklogger.zip 2017-02-03 02:45 - 2016-08-05 11:19 - 00424592 _____ C:\Windows\runkey.exe 2017-02-03 02:39 - 2017-02-03 02:39 - 09339624 _____ (Spyrix Security Inc.) C:\Users\Hp\Desktop\sfk_setupcn.exe 2017-02-02 00:34 - 2017-02-02 00:34 - 00075032 _____ C:\Users\Hp\Desktop\HSS-sd-update.exe 2017-01-26 04:01 - 2017-01-26 04:01 - 00183395 _____ C:\Users\Hp\Downloads\impact.zip 2017-01-24 23:30 - 2017-01-25 05:55 - 00000000 ____D C:\Users\Hp\Downloads\New folder (2) 2017-01-23 23:11 - 2017-01-23 23:11 - 00000829 _____ C:\Users\Hp\Desktop\bluetooth_content_share (2).html 2017-01-22 18:06 - 2017-01-22 18:07 - 40537320 _____ (Opera Software) C:\Users\Hp\Desktop\Opera_42.0.2393.137_Campaign_70_Setup.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-17 10:17 - 2011-06-04 11:38 - 00000000 ____D C:\Users\Hp\AppData\Local\Adobe 2017-02-17 10:11 - 2016-08-31 01:18 - 00000000 ____D C:\Program Files (x86)\Opera 2017-02-16 16:55 - 2009-07-14 07:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-16 16:55 - 2009-07-14 07:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-16 16:54 - 2016-06-13 06:38 - 00000000 ____D C:\Users\Guest 2017-02-16 16:54 - 2014-12-01 08:18 - 00000000 ____D C:\Users\TEMP 2017-02-16 16:53 - 2011-05-31 14:38 - 00000000 ____D C:\Users\Hp\AppData\Roaming\uTorrent 2017-02-16 16:52 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf 2017-02-16 16:41 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-16 16:40 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-02-16 16:40 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-02-16 16:40 - 2011-10-02 12:43 - 00000000 ____D C:\Users\Mr C 2017-02-16 11:03 - 2012-05-14 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-02-15 14:33 - 2012-02-19 00:46 - 00000000 ____D C:\Users\Hp\AppData\Roaming\vlc 2017-02-15 14:30 - 2009-07-14 08:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-15 12:25 - 2013-02-12 01:06 - 00000000 ____D C:\Users\Hp\AppData\LocalLow\blekko 2017-02-15 12:19 - 2011-05-31 13:13 - 00000000 ____D C:\Users\Hp 2017-02-15 08:31 - 2013-06-01 23:01 - 00000000 ____D C:\Program Files\COMODO 2017-02-15 07:33 - 2013-05-08 02:39 - 00000000 ____D C:\Users\Hp\AppData\Local\AVG SafeGuard toolbar 2017-02-15 07:32 - 2013-05-08 02:39 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar 2017-02-15 06:45 - 2015-10-08 00:35 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000UA.job 2017-02-15 06:45 - 2015-10-08 00:35 - 00000854 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000Core.job 2017-02-15 06:44 - 2011-05-31 14:01 - 00000000 ____D C:\ProgramData\MFAData 2017-02-15 06:41 - 2016-02-27 15:15 - 00000000 ____D C:\ProgramData\Avg 2017-02-14 20:25 - 2015-10-10 02:02 - 00000000 ____D C:\Program Files\Common Files\AV 2017-02-14 17:03 - 2016-10-26 13:59 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Free Desktop Clock 3 2017-02-14 17:03 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration 2017-02-14 17:02 - 2011-06-21 08:18 - 00000000 ____D C:\ProgramData\Real 2017-02-13 05:27 - 2015-10-09 23:14 - 00000400 _____ C:\Windows\Tasks\DriverEasy Scheduled Scan.job 2017-02-12 06:46 - 2016-09-07 00:12 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-02-01 01:28 - 2012-05-13 02:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-28 22:14 - 2016-08-31 01:20 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-01-21 23:40 - 2016-10-30 11:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Files in the root of some directories ======= 2013-05-26 22:52 - 2014-01-02 16:20 - 0003736 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml 2016-11-20 22:32 - 2016-11-28 09:41 - 0000132 _____ () C:\Users\Hp\AppData\Roaming\Adobe PNG Format CS6 Prefs 2013-03-18 23:46 - 2016-08-10 14:38 - 0000205 _____ () C:\Users\Hp\AppData\Roaming\burnaware.ini 2012-12-17 14:14 - 2013-05-25 19:21 - 0001155 _____ () C:\Users\Hp\AppData\Roaming\evmanage.prf 2012-12-16 09:30 - 2012-12-19 19:24 - 0003934 _____ () C:\Users\Hp\AppData\Roaming\evpro32.prf 2016-10-10 16:11 - 2016-10-10 16:11 - 0001456 _____ () C:\Users\Hp\AppData\Local\Adobe Save for Web 13.0 Prefs 2017-02-15 05:42 - 2017-02-15 05:42 - 1455218 _____ () C:\Users\Hp\AppData\Local\ars.cache 2017-02-15 05:44 - 2017-02-15 05:44 - 0899425 _____ () C:\Users\Hp\AppData\Local\census.cache 2013-10-12 22:57 - 2013-10-12 22:57 - 0003584 _____ () C:\Users\Hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-02-14 16:40 - 2017-02-14 16:40 - 0000036 _____ () C:\Users\Hp\AppData\Local\housecall.guid.cache 2011-10-25 00:24 - 2016-08-10 23:00 - 0007579 _____ () C:\Users\Hp\AppData\Local\Resmon.ResmonCfg 2017-02-14 16:56 - 2017-02-15 04:59 - 0000010 _____ () C:\Users\Hp\AppData\Local\sponge.last.runtime.cache 2012-03-15 23:01 - 2012-03-15 23:01 - 0000000 _____ () C:\ProgramData\._ntmpdbx_ Some files in TEMP: ==================== 2016-06-22 07:43 - 2016-06-22 07:44 - 30533688 _____ () C:\Users\Mr C\AppData\Local\Temp\vlc-2.2.4-win32.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-27 00:17 ==================== End of FRST.txt ============================ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 7 Home Premium x64 Ran by Hp (Administrator) on Fri 02/17/2017 at 19:52:22.55 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 541 Successfully deleted: C:\ProgramData\avg security toolbar (Folder) Successfully deleted: C:\ProgramData\babylon (Folder) Successfully deleted: C:\ProgramData\productdata (Folder) Successfully deleted: C:\ProgramData\Start Menu\Programs\drivereasy (Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{00101D29-6AFD-454E-805F-23BB71A2B091} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0115A043-EE93-4E52-AEC1-E67F6482B5A8} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0115AAD1-2F1D-494B-B90D-35EAAE02E289} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{02F75C16-DEE9-4F10-89F9-5C9D6D77D4EF} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{036E66F0-6C6E-4EBF-9E66-7206ED440B1F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{03AFBCDA-9BD5-44E9-B9CA-D8A136CEF7D0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{03E4E9D7-3B7B-4AF7-A6B8-C2C8CB4A426F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0447FE95-3743-49FA-BD6F-8F6A5E710F72} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{04918479-EAFC-4477-9F53-F4643877CCE0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{04F80F3D-0833-4B50-9BDC-790C5A96F319} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0545AFDA-F7DF-4E56-BBD1-2A4C29AA876D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0595EBB6-95FA-4EF2-8DDE-BA193131BD65} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{05F6222A-5BEB-4DE4-AC76-2D7A26F8DA31} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{06CA8CA0-2234-4ED8-8A75-424AB08F2750} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{071B4A78-D760-4B35-ACEB-7946AC11FB2B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0735FBC3-AD0E-49D9-980F-18E33564EEFD} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{07C0C4FA-F28C-4D99-948F-25D51095473D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{081A4582-46F3-4925-AA14-0B6732DB1981} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{091188FB-3DB2-4D51-8509-67CB51DF8770} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0948C02A-4843-4363-BD69-DBD2D2345697} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{095A5614-CB6E-4F77-B10B-FE05A70196FE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0A1F8239-CBA2-4C9D-93EA-C9DDE639AA91} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0A3E0B23-9B0F-4EDC-BA83-2B899E6CE7AE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0A48C24B-4D09-4950-B9B4-4F9C9D9FE6AC} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0B343543-5AC1-4935-9B97-54BFB21050B6} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0B7B22F2-E25D-498F-967F-8EA458D4419B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0B87CF09-483B-47A4-9EDE-B6959324F4F7} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0C00B2AB-0E14-4B8C-A9F9-79D0A5A55D87} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0C4F7946-51C8-4090-A66B-40419BD3F4DE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0DA91777-9DDB-44F3-84B2-D93A3103499F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0DAF9152-B3A0-4F63-BD80-E23337B99E2D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0F206090-C7ED-4577-8524-DD24533C0DFD} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0FB00A7F-000A-46D2-8E03-3C5F0EFDEF9C} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0FC7E943-0E79-4819-A9A7-9AF8A33C3112} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{0FCDB568-9173-4D9B-B500-D39CF3DE0339} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{10250BB1-D859-4FFE-AAE3-DD2CE23E0F37} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{103545D8-AB75-4C5C-B4AD-7713B045AD5A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{104EA216-639E-44EF-92A1-DBCA3F8FC2A9} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{123D608D-FA1D-4894-871A-54478E950174} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{13AE839C-0760-43EF-98C3-394B5B7EE106} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{142A12D1-D8E7-4043-B8E9-CAD52E33C7F8} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{15480C4E-20C8-45AF-9AC2-4A6E4F1DCF69} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{15A86703-23CB-4424-BA20-95E34065570D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{15E6EE1C-C4F5-41EF-A0A6-C06835080006} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{166C86D8-BC8C-401D-9C82-230A28BEFF8C} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{16A82FF5-C725-434F-8811-77E41FF11569} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{16B53345-E040-48CA-ABFD-C6AE12278647} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{16EB2A5E-7731-438E-8778-F9166CAF40F1} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{17A73BAB-A674-4A1B-90B4-67797BBCAECE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{186F5FA3-E61A-4769-822E-EB3A07491B29} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{18888682-FE2E-4D72-A9F4-25764F22A902} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1A6CD53F-141A-4B1A-AFDD-6A1802A6C4F5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1A7649C0-21E9-4032-B42B-10DFC284FACD} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1AF571A9-3482-4088-A966-56C91FC74D4A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1BC3153B-FF5A-4AB2-9F77-DBB775E6FAAD} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1D356733-4A05-40F4-B48F-AB1932DA0E8E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1D8DAF65-E560-4643-AADB-94CC87D180F0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1DA72D31-FB04-4EF3-A47F-D64F50BE4BD6} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1E17DCA9-EC08-42DF-AB95-578CDCCEB808} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1EC7127D-B358-4BE5-91D3-8EA489B3DA63} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1EEDAFF8-80CE-4488-B4F2-9C6762BEBB22} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1F0DC042-1B3A-42A5-BFC0-B344B3C8FCD6} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1F16C135-0222-4BD1-A90C-AC3CCA747A8D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1F1E0B3A-C0BB-4568-8A34-FEF6D61C76B0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{1FA9BDD4-0CB5-4691-8F60-D741FD4B5269} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2019DF77-D06C-4927-8E94-94655812B637} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{209078EF-F71E-4F01-9C0E-BD0336456920} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2139FFDF-A9CD-4C17-B1E4-D872503EBB02} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{221B4BEC-4CB4-4E4C-AB65-8853FA1DAB2C} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{221D8411-F747-4002-A033-DD5C54E3D4A4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{22E1FB80-71F2-4FF8-9BFB-3EE32639C27B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2319D2A3-BC19-47D3-8048-9E921E6717E3} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{231EE036-D0EA-4A43-887B-FADB91BBF875} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{237B2015-05E4-4DB9-B3CC-B34F375BB018} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{23D53E65-9E65-4ED5-BF56-4D528CAD3125} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{24376A3F-5D79-4E32-8D7A-1A905861A2AE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2447B2FE-9C6C-4C1A-8B18-E77C771CE921} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{244FF8B8-50E4-4569-BD1E-32B33E908CEE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{24C29858-B030-4458-952B-B26AFAE254A1} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2514005B-4E8B-449F-A54B-719619268BAA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{253933A0-8F3B-4469-885E-CC3016E95C49} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{25424AEF-DB25-4C01-8AC0-94BAEE26A3A8} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{25C6C77D-6B5F-4105-988D-8DFDB8E0EC48} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2692090D-5DCB-4022-9ABF-927D7801405F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{28CEC33F-2991-487C-8F27-5096E38191B5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2A8B9572-7F0E-45BF-8148-E6310EB3A211} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2AA2B0BF-9B26-4DC0-A7AC-804E7A35ED87} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2C12FD3D-8A41-4368-9F7F-65FF968C9196} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2C793A0E-11EC-496D-AB0E-9B9802E39164} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2C802F18-F2D5-4512-8FAF-F7851077879F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2D08FABD-B409-49E9-935E-1F566D864DC2} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2DA46B0D-A0CD-42F1-BFF1-8A09388F3230} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2E76B885-0C28-482B-91B8-66E01E60AA7E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2EA8812F-479E-4943-863B-DA2D7B3129C8} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{2F2EBE89-8987-45C4-8894-D872429A9C31} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{302BF282-3A8A-43E7-A4B3-854E33EFD089} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{308CC2F9-0819-4609-BD84-5584623115F5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{30A7716C-2667-4A23-B36C-5E1347156434} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{312C5821-039B-4A28-AEE9-17C8667D9CA6} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{31BFEDCA-B9E5-4FB1-A177-3582B0912F13} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3218061A-7F9B-42FE-AF72-BCC79FB02464} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{328520C7-2CBE-48A5-8C4D-2BCA05923357} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{335110ED-5BBE-444B-B005-4B9108C486AA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{33C83D10-D668-4ADB-811A-62821A3AABBD} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{33F4D282-1927-4447-933B-7AB042B33CC1} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{342497C1-165D-490B-AB1B-C7E9C5C2F94A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3475C978-AAB7-4389-A289-995FB6C91311} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{34C55BCA-4FF2-4807-B259-F5FBA4DA72EF} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{356D0578-1195-4BAB-AD2D-C273F7EADFBB} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{358A4674-B389-402C-85AB-7D472E0C62C4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{35977BE0-78B4-498E-848B-480FA9733250} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{36840BBD-1FCB-4BA0-BB1C-7F418E4B929B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{36E18384-1612-42E8-992F-D8ABBD9FAB63} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{38A4AA65-A3C2-4091-A5E2-F5BAAC396B3A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{38D0F7EF-BF3D-42E0-A65B-DF812946E0C2} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{39073E57-69DD-4D1D-896D-5FC2FB9FC88E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{397B6F30-2A27-41FE-807D-DDBC08D16B14} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3A24168B-0C41-491D-AF3E-F164C0857BCE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3A47B3A3-B539-4E27-88DF-E96E27F44BA9} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3AA9D3B9-65D8-46D5-8F96-FEE0DD81E448} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3B06664B-44F8-4999-8436-97520E9F297A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3B3CFBE6-0BA2-40FA-84F6-325476C2CAF9} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3B6392A7-5575-4583-AF4B-D49CDC2F7946} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3BF08AF2-1895-4B99-B33F-D5F4CEBD6BA5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3C805711-5087-4355-B5C2-2FFBB98CDC92} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3CB7208C-6436-41A8-8BA3-E7EBF0BAFEEB} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3D31DA8D-61A9-467E-BFB1-1842B36DD6DE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3E2B114C-113C-4E52-AC3E-14343F84AB54} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3E4000E9-F48E-4303-8EFF-7586147E9BEE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3E742B8E-6C38-4014-B64A-D5B628E9EE4A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3E969854-E1DB-41F1-AD66-0FC7A7848BAC} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{3FAE6B02-C05E-4E6C-A416-37213DA64F26} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{405AE71E-4FD9-4E0D-8FE4-E49C7D455E05} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4128C4AF-381F-4E56-BE52-941318CD90A0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{41559E43-0596-4EA0-9950-2D6EB806384C} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{41601894-04C9-4A76-A7EC-CCD3876C86E5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{41D634D5-0220-4E54-A251-6BD7BE41DC1E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{41D9848B-A10C-4086-8D89-7506E7FBC8DE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4294672A-CC01-444F-A2E7-36525BA8E015} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4420FCC0-2E13-4487-B91B-A0670D94C18F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{445FD555-2C18-4D0A-B4BF-B90E37E2202E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{447A9F5F-999D-48C2-B052-C18D38C53F74} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{44F40740-A8DA-4F52-B29D-6E2AAC6C3918} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{453230F1-7EF0-4207-890A-49A4F863DE5A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{46836D1D-7D81-47BE-9BC9-1B97DC8C1D1D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{46B8F15E-4373-4EC8-8F61-1039F0EF4599} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{46BD40F8-AB7D-4389-94BE-43CBAFA97C78} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{47CFBD10-A6BF-43BA-B7AB-95DB7B3AA424} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{48B48B2A-FD2A-4048-81E5-27E06E1FB9FA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{49109E9E-7956-4853-B543-E0C0C0750638} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{49484CC5-6BD4-44CB-B6D3-F0F6B6E4AC65} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{494DC344-5AC3-40D3-B2C7-8A04105D897D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4A4FA8EA-3978-4524-A5F8-1ECCB9388523} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4B507F01-C403-421D-9B52-2D5D48D14773} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4BC40FF0-652C-4896-8D80-19D870D9BF44} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4C4D3C51-AE1D-4880-A48B-F84A78897306} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4C538BE6-0A29-474E-9AF9-4F2691F73F52} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4C98E60E-D2CC-47C9-B808-E27FBCA42E1E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4CAEE619-608B-4F1B-BBE0-644AAB3261E1} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4CCE1F67-0F5A-4403-8612-44FA5BC9FA8F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4CEC9A63-81BE-44E6-A343-0774E2063986} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4D096FF2-7FA3-49AB-A893-8C15786934B5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4DA63EBA-8095-421F-BD5D-07D35832231D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4DF5DCD6-DC4F-4F39-B16C-3F7E53060DDB} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4E00D835-32BB-4242-B26B-A24CEA9E537E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4E294E60-28D6-4A66-9D5D-2283A53796B9} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{4FF8D771-3E42-4053-A357-941ACDD09CF2} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{50362C67-EE0A-42CD-84A8-8031747FF76B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{515AA1D1-77AC-4F4C-A8C6-98F96F971645} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{5291C35E-D610-41C0-8F21-10F492CE05B2} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{54132DE2-8DE0-4C3C-897B-4BB75F8B495D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{544ACC04-EB4C-4182-A15C-B7C1515280BF} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{54B8A2BB-DC55-4F8B-80AE-77DDB609B90F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{555A5214-3D24-4A59-BAA5-4B3935889C2A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{55BA3533-66BA-4EC5-A2B6-4D9C19F48CC7} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{569DBB16-0606-4CC7-B724-BF4BE29E478D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{56ADA279-1AB0-4944-BFD6-F930176A3C3C} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{5728B29F-A117-4150-94FD-86AF37B61878} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{577A7635-52AC-4913-B043-C27225DA8F69} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{57A75FA6-13CC-4495-9D0F-3CDDF8A479FC} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{57E0B17A-9F3D-4FD1-B810-B5F368069040} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{57E13B3D-F979-478D-8935-B56832740FC3} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{58361125-5462-418E-994A-6D2096F97E03} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{587A2FA1-EA72-4D0F-B2FB-D146BB0BDAEC} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{58E16E4C-BD53-407D-9689-0609A6001C92} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{590D98BF-71B7-47B9-87D2-C9E7C98FB27C} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{591912CE-DC75-43DB-954B-4B271CCF1B2F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{59504C10-A328-4B29-B010-0908959FEE7E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{597DA1D9-7E8E-495F-AC1D-6961AE464CE4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{5B5DD0AC-28E6-4F68-894B-1FFD16E9A071} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{5C13F4D7-731F-4E17-85A2-E527F0831F0F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{5C99AB84-E129-431F-81AB-323D933D4538} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{5CE1CC4E-0ABC-43E5-A5A1-150A2762A97D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{5E9C6617-6CFE-4BB2-9364-6AD2134C9144} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{5EAEE4D1-A274-4CBA-9134-0D30EABE8A5D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{5FAC8F2C-F61A-4613-AB4A-0CD1B47F4B68} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{5FC70778-0E43-45A5-BBDD-DB6138B59267} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{5FD79C62-8042-49D9-A0E2-F47A076E6323} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{5FFEC7C0-25B7-47CD-9569-4F0D0D30E56F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{60C76680-CB2B-4A2C-BF12-EF749713F3E1} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{614A01DF-B281-4931-BED3-9FF430F437CD} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6173BB2D-CB3C-4B0F-9E71-F365BF3FDD87} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{61874C3D-1782-4684-AAEA-34347220BBD4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{620D02C4-621B-4D1A-83FE-D9E881A98CBF} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6329E71B-A6BB-4620-95A2-A8D18FD6C811} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{63BCFD6B-45DC-4A8A-BC1A-D3BDD2F4E6FC} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{63DB6BA9-6A56-4648-AFA2-D3A1A09E9E00} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6406C324-693A-4B0B-9568-B7122479AC78} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6419442A-1AD9-4A30-B6E6-B920270490B4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{648FF200-C821-459B-938B-2A1D02931F04} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{64C37F89-0427-4B12-B04E-1D4705794D23} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{64EBEB79-E092-400A-BC9B-6A0CBD2E8149} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{656ECBC4-01B9-4650-86B9-496E7FC64120} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{65F0A7CE-27BB-46BC-809F-5BEF39F9CBF7} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{662F0882-0490-4CC7-8A9C-BEC738A83A67} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{66445ABD-6BB4-4C91-89B6-65F5DAA6D0CB} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{66862CCA-62D0-4DE9-A8A3-05F98893E250} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{66A45DF7-4DEA-4FA1-843D-7CEE3183F8E3} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6741C3E1-52BB-4102-98E1-4BB55AE280D8} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{681636C9-1AE9-439E-82AF-A3035A6FD452} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{684D6F35-23AD-4044-8FA8-AB13C6AAEEA0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{68BBD972-E8D2-4A50-BF69-5DDA8527BBDF} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{69083158-D095-4A3E-881C-6E2D1F68006A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{690D59E8-E56A-4A1D-9BDD-032553DECFEF} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{699E7A36-4E5A-4FE6-A160-8A046586237F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{69A5C0E9-1590-42A1-A03F-22344F0DE0EE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6AD6EE56-5F18-4EF6-BA07-8376BE2DA242} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6B5AC493-FB6E-4143-9A55-421C80067462} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6BBEE1ED-62AC-4863-9B9B-DBA0E60083CD} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6C5379F8-95FB-4297-B3FB-284AE5D10636} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6C8D0B4D-0BE2-403F-9E0F-3A3FFC6297EF} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6CE0A86A-B440-448C-B946-1871465DDC1B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6CF58FEB-4989-4F44-8195-A2E627E8A09E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6D0CF027-95BF-4C23-9591-4637CEF24197} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6D49BA0D-E9B4-4693-B9BE-2DEFD2228129} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6EEBDEAE-A96C-4D28-8AE9-8C37F655BDB8} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{6F02D213-82D0-4D69-8BD4-1E58E5DB5807} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{702996E6-C438-4878-900F-56D07C418773} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{713C35A7-7845-43AA-B839-0F0A2F371722} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{72565B34-6CC8-4CA6-8C1F-B509A7168E01} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{72C1E1C2-796A-4AAC-A699-823E580066A6} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{731D7162-FC7C-4497-8D4C-4D95AF724DC4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{73C034F4-5108-4A48-B09B-C41F440B89F0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{73F5518F-0270-4189-BDF8-8F716D680A00} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{74FD58FA-550A-4E29-ABFE-322369FF719B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{75ABB610-FB81-4364-924A-B71F78796286} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{76A7006F-2251-4E95-86C0-0C7EDF81EB72} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{76A91FD2-5A93-4276-8872-8F26FB61986E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{76EC515C-5925-4CD0-8F2E-9AD9DB471A97} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{77EDF1EC-C416-4EE0-A39C-88E1A94C39DF} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{7853F299-466B-49DE-93C8-0ABAFEFF2ED2} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{78E7E1AD-1627-4F1C-B3D9-F40D7B31955A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{792340C7-1C8B-4623-BF9C-FB06216FBFAB} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{79669C9E-A751-4C3A-A3F2-C7E92CE0F8EC} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{79CD8A6B-8A74-4BCC-B362-3D364A840EB8} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{7AA78110-8FBF-439D-99CD-318B9CA0B16D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{7C1BF77D-BEC1-4FD3-AF09-2E6DDEE7D9EF} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{7DB7A59C-3E27-4EBA-BAC1-F1890A2DEF1F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{7E2FBB1B-E9FA-40AC-B9BC-13524CD1DE0A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{7E30AD5C-7BD9-446F-92C5-C340F8983EF3} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{7EAB7530-C177-42DA-8DA3-815A0051A897} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{7F5C23A7-5224-4A64-81DB-93B70B38EC33} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{7FC791DC-96FE-47DD-B291-3F56AEAEBA4F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{801FB723-2CE8-41F3-993E-7C9B4E169D2E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{804873B8-D2BC-462F-AD99-C524D39CBF80} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{807C8F07-30E4-4326-B039-68B47D6AA3A7} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8221AD68-EB1D-4ECE-B600-8C3DF5BB3921} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8279D7EB-6503-41BB-9025-E92CCDAE1238} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{828B1AB5-DE59-40CA-8CDC-C8AD56A51F7F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{82A69521-CF14-4BB2-B72E-2256F22BDB98} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{82EBA1A9-6123-4041-9649-5FB5C152B3C7} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{83342150-9DB4-4552-A941-0234FB99CD0B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{83565304-EF17-410C-93AB-8D2B605A620C} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8371BEA1-8E3E-4E8B-9D6E-9E9E909D244F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{83754ED6-B376-4228-BBFF-DFC079C14A4A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8390A96D-8783-465F-94D5-CE36921CEDC3} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8433D09B-8996-447A-A4E3-76A5F02FC509} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{847113D7-C31C-419D-B5E0-804CAB21BC1E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{84D4BA6A-D370-496C-B694-8FD6EEC50F9B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8505D0E0-B030-4B01-881A-2268EFBBD8FA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{85303603-AD68-4B62-9E93-2B5AD24D7C14} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{85BA2D4C-B420-4EDC-BD16-BA1B651DB748} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{85DC2361-5B0E-4CCE-B3C2-44F9F84890AB} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{86A3333F-E49D-46C2-9A63-02C3478D23AA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8702EE2E-49F3-434F-92B1-43F135CD2D8A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8719B069-0002-4003-BF15-38748866C43D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8727953A-CDBD-4D87-AE92-484309E025F3} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{87570FCD-5988-48CE-B12A-0CD73429024E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{87741832-184A-47D7-AEE9-1810C93EBBA4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{879816D2-0ECA-4223-9C97-16A26175D11B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{87A4E743-83FD-42ED-B1FE-4FEC81AD25E0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{87DB8BC5-366C-42C0-B4E5-1D1C1FC0CF5B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{88446CB3-DA51-4940-A27C-3325E031E2F0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{88D86BD1-9965-488A-B2A2-1A8F98367DD5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{893EEF37-C994-48A7-9BE3-D2D5474C9712} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{89DA951F-667D-45AD-8B87-8496F2C4CFA6} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8A2771C7-6FFD-4D6E-94E8-DD217490D57A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8A7503FE-A091-4856-9BAF-A0A652366244} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8A8087C0-2987-4B18-8987-0689BE4E098F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8A9F03C4-31D3-48D4-BE46-104D1AFE1C88} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8AA36E5E-DEDB-485B-A4F3-83971F15A148} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8B4D5805-A574-4DAE-A7E5-AEB09987500D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8B6417DB-98D0-4C09-A9D4-CCD9B559C27E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8BB93DE4-78B1-4421-A624-D1DAC0D2C7CD} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8BE289B5-2014-4844-A0EE-530BC889DAB5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8BEA230B-E6D5-472B-9C9B-667F3B943359} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8C8DB0EC-3472-4477-B4C8-5D50C4568468} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8C9B8048-0556-48DE-AA33-6CC7F310202A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8CC08C97-56EF-4507-AE19-B9C684D095C6} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{8E42C0D2-D52E-404A-8ABB-1BC7581CE2D6} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{903BFF90-21E2-47AB-AEBA-3C1312D654CB} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{906F6B96-90DC-4C14-BE40-65870779C7F9} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9226992F-1BED-474C-9F2B-9F37DF58ADFB} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{925E0741-DA19-4D68-B171-3D414FB84CDC} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9282F795-9F84-4907-B041-5585865DC583} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{92BBEBAD-A48D-4663-AD8E-6C8BA76383EA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{92ECCC4C-9EBA-4F5E-9A6C-91F75FAAF186} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{92F4B51F-F5AC-4EB2-964B-7C091BB308FA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9314F113-1B1C-4779-9E48-F069DA7CF7F6} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{93E5C7C5-936F-4080-86EC-51747C000785} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{94F66350-3310-4100-B84F-4558B6A6C646} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9539EC12-5A4B-4881-93C4-8589EBA976DD} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9633F4A6-72A1-4775-A636-F831D591B9FD} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{963C7A70-BD98-4D2D-8F4F-89C845DA6993} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{96DD3231-8FA7-40DC-B443-5C3ADD88DC9A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{970A2F5C-C43A-4308-8B60-EC1B1CEE962E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9727033C-1DDE-4250-BB87-9D1DC9E4F6FD} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{973BD795-04C6-4114-9F7C-2100B2AF3DD8} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{97FDC09C-60E8-460B-88EF-0B7C8F6640E4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{986FD3A0-5D69-4423-A5C0-3D203C2ACEC3} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{98A70905-7D93-4988-B1B0-81DFF3177459} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{98A76DD4-0680-4765-89BA-64877AD12060} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{995DADDD-B83B-4D67-B298-8F463C5F2C59} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{99A78BAE-3B95-4C2E-986C-4F5DF53B1BFC} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9A573676-5084-4EB7-B518-E85EDD344EAA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9C1B11AE-581E-4F3E-AE01-B701B3838462} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9C1DB656-D3C2-4A63-94AB-6A60106DB0A9} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9CF28335-ADB7-4949-A84B-5D0D92F77BF4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9D28DD42-48B8-4C77-9799-1B4916C4502D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9D2B56EE-CE2A-44B5-A8C8-C6049B7F8CDE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9D4DE6AB-B543-4729-96B5-959BF869A13E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9EC7101B-3BE2-4221-BB3B-512BF268D3A1} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{9F95B69D-2277-4664-BE38-0A6C4F80B8F9} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{A02A1280-FB61-4AE4-A886-061563203072} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{A142E4C7-7A87-4B7F-A78B-0A3D1CCD3A7B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{A1D25755-E76D-4C97-87F3-5CE04521A530} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{A21EC594-053A-48F6-9EE6-D56750C3E99A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{A222C78E-8F00-4C9C-8220-5303345A2C0A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{A38BB4CB-7680-4CC6-AF6E-11FC9092B8EA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{A456E892-CE6E-463C-A687-5A0F62B58D19} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{A4AF95F6-4F53-4D89-B5FC-75A9CCE0647C} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{A5B19BE1-43BB-4D23-87E9-9A845D608204} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{A81CF261-16B7-44AE-B7A4-084876460E87} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{A88F81DB-38DA-425D-8627-75151788A9D1} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{A95E946D-6E51-4396-B86E-9034BFFE3CD7} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{A9A2351B-AAC4-4AA0-AD70-7BAB474A8F32} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{AA084F21-58DA-40D6-82AA-44B1DFD98253} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{AA5713F4-668B-4A89-89A5-A8349B24DB9F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{AC1706A8-CBDA-4CA3-A643-CE7A43E76B10} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{AC4CFCE0-87C5-442D-B5AF-E0124B3D5470} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{AD6D3FA1-7C42-4FF7-B8F3-1775BC75E01F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{AECF6C04-6418-410A-B21C-800206781C25} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{AF2BBAE3-46F0-42E3-BD33-D6D7B2E28DFA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{AF3B6AD3-E3A1-4668-B8C5-6754BFFE3762} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{AF62BF31-4524-4ADD-AFBE-63871ADE8812} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{AF641454-58D3-4806-B88E-E819669F1167} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{AF87D3D2-2CE4-4118-9F6A-7F9896FB7613} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B003554B-A912-4C48-9B2D-5E50B625A430} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B08C6133-D185-4639-925E-3B33735C3639} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B0B74701-E366-4E1C-A29D-793119CF15FF} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B1A10760-B373-480B-AA9F-8DC5987F56CE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B1B8407E-C9F2-4996-A287-4AD92DDF492B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B287ABA3-64EF-4019-9ACD-EAC875D66EC2} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B32BE719-F239-4083-97E7-11CA10F174CB} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B408DB63-87E1-4A58-94DB-52EFDC28CFEC} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B42124EA-1C83-44A7-A2D3-7B1279AA98B9} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B5135937-0FD4-4814-B1D5-9F1E186E5A8F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B620463C-C341-4E79-AE0C-35C9DCED4266} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B63C59BC-5C9B-4730-B032-460A5CF36410} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B66B09E7-C034-47F7-996A-8F8A35617106} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B6B4BCB4-53BB-4ED5-A60B-F6B8234D380E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B6CF2930-04F6-4248-9C30-7814BFED1F9A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B83F9C08-4E60-48CB-991E-2176D19679ED} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{B84D7AFA-0680-48A5-A532-F492F3C98CF5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BA013865-0849-49B8-8D73-937180920EE8} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BA3D2B1D-FE10-4C7B-BE90-CDE19B6C926A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BB71346F-2D58-4B39-870A-8E0ED7BD732F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BBD16C45-ACEB-4D8D-AF42-50AFBC292D61} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BC151E67-F444-40DA-929F-E0F1163D4B4F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BD133CB1-27AE-413C-8F18-224B2F589A05} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BDB500C8-EEE8-423D-A008-B9B7B01925DC} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BDB91563-EAEE-4C5B-92DB-FF9267A6FFA6} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BDDDE37E-6925-4F75-BA2F-4FBB8FB6E0B4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BEE2C117-E7FA-4A18-8D6A-C6DEF47FD81B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BF21D049-FC4E-4227-B1F9-54242F7AA9B1} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BF5321B3-E312-4CEC-BCBC-4179C4C3AF52} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BF9236A9-7A9E-4BFF-8E1A-B208843B1BC9} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{BFFEEAF0-FD97-4CF7-8DB7-C452956B4911} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C110D207-057E-4B77-A11E-F0EA10DC1F01} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C1943400-C318-4B80-A090-2957833195D2} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C25CAAAC-6DE6-4209-98BF-2F63F8D402FA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C2B99163-093D-4E56-9440-D9620903DD58} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C3607C91-6DCB-48E6-9171-6EB91B8B9FE2} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C383D24B-BE27-4E63-933E-351C60A6CD3A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C38500E0-0887-4B6F-8770-40D54F7C242D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C42517BC-8BF8-487D-A101-77059CBD1EA1} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C47E99E5-3FE2-4C61-B6B8-CEAED8810BCB} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C4B84728-A862-4992-934E-20F63AAF6D0B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C4EBE896-E498-44C9-A88A-ABB8656C0EAF} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C539E913-4022-488E-B1D6-82242B3D2DE7} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C81E45DE-E812-4C93-A29E-D46EEC0191B5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C847A011-9457-4E71-BC1A-73294E035CE5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C86EAA97-A6E4-42F9-A600-D1BCD24BF3E9} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C9441B01-48F3-4D67-A557-A46D98F1AEBD} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{C96A4994-CBF0-47AB-B9FC-63A04911C825} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{CA3CCE59-D9F1-44D1-A3FC-4BA73AFABD6D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{CC37AD17-381E-4467-B91B-B7B94689DB99} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{CC5EC308-1C2B-49E6-BBAB-02408C64F292} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{CC6A8704-E46D-49B5-BA69-9A27E58D9971} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{CCF692C3-54B0-4C4B-B891-1AF6675C5D39} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{CD5718BF-7E4C-440C-9A0D-BABA8A05C6D7} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{CDC59681-7900-4245-9543-33CEEA7F637E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{CEDBF0CC-B218-4136-9D3B-F614BF1CDA45} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{CF07B1D4-76B7-4037-80FA-8677D001907F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{CF532376-9D5C-4052-8DFE-17195EACBFA5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D0317E4C-AD02-49BE-93BF-6905D90C3621} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D0695122-5474-4700-8FC2-31B15DCB7378} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D0AA27DC-030C-428B-A64E-D9860062ECD5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D1FEE0CD-4ABB-41FE-B2DA-BDE8AEA180D0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D20399A1-321F-4D21-A7A8-0797272559C5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D2CEE0AF-57F2-404C-820D-207B285C8440} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D2FD6082-732D-4497-BC95-208D10A2645C} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D33AF267-C2F5-44B3-8AC1-E7B411E37A21} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D362B2E0-44B9-4A03-A722-2B3520A410A0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D3FDC050-2433-4B26-8725-573EBCE8E246} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D44A9B34-D980-403A-B5A2-9120B7725D12} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D4EAF48A-81C2-4442-9EA4-90DD035A352C} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D59C4CA3-64F3-4908-8D19-9EB3D78D00AA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D5E33F82-3DFF-43D1-B98C-493AEF56CF7A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D68859FF-600D-40CC-8B39-3F9BC52C43E5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D69ACB80-DE2E-49CD-B6C7-FEE7092EA79B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D6A4781D-F51C-45F4-8356-A2331CD2FE7D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D77B77E5-DA8F-4546-95D5-8A32E38337AB} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D7E45F2F-1405-4325-AB74-178946765162} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D80181FF-8BDB-4E1E-A370-6D76C738789A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D88EB182-B959-4C90-9A14-A322CFDCFADA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D8998D7D-7D55-4466-9D76-FBF3CCC06ACD} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D92D72C2-FA54-4449-9B10-7E8200860B3D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D93036B4-8C80-4DD5-A1B4-B48DD843238F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{D9A4D833-BB06-4371-AAE3-BC70B45D87A9} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{DA374BB7-B4A2-42BB-A62B-82EE6C55003D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{DA8C197E-9728-4FD8-AF3A-B8A8288695C6} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{DB2CD126-D3A6-42D0-97BF-58AF74393E1B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{DB537D51-9D55-46E9-9E6C-EE8114256433} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{DD598B7C-34DD-4037-A9C5-2FD47BE7B95D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{DD5E31C4-DAF1-41F2-A172-B6C3F28B33D3} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{DE15BDB6-C296-471F-9C7F-38124A78A959} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{DE2B0B14-70EE-4BD5-A1E8-63E94F15A4AB} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{DE5F88FE-449A-4B6B-B9C9-A25CA70412D0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{DF29E4C7-CD44-40CE-8D10-79A0332131C0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{DF38C528-C09C-471A-A3C7-46459EBEFE4E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{DF40B0AE-42D4-4416-8CD7-1CD99A9A5C1E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{DFF90FE1-AF53-4782-A50C-9BB30742CF80} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E0228129-D8DB-44B6-944E-42F5834DB266} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E0FE4A6E-37F9-47A0-8189-918AB4170826} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E104C409-EDBA-42A1-B8F7-4BE1FADB7039} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E11A90A1-A9EE-442F-A8B2-54C2A20EEAB4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E2D1EA87-0C2F-45F9-9A1A-E5624FDC59ED} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E383EFF9-3264-48F2-A426-DA4405438680} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E3A13291-8529-41AD-B81B-369584BC5A05} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E3D4B39C-8608-46CB-A67F-6F22937B6574} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E42BB4BD-F77D-43D4-A860-CB7FD6FEB713} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E4FF8311-E3B4-43DD-8B9D-3583BCD4939E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E50654C4-4C31-4483-9E1B-82DF9F7B6A48} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E540A754-BFFB-425F-AE3B-47E8690F95C1} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E59363BE-E6AA-4CBA-BD53-154B5ACBB252} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E62B6D09-8CD6-4B48-8C89-FE9CFC987D7A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E64B67D9-A2B1-4C70-892F-D350CF793BCA} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E8C82584-7852-4372-9DE0-5B636B5171A1} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{E98EC320-5BD9-4C1C-8152-284077346D76} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{EA15FD95-0478-40D0-8622-B8002DA6E772} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{EABA2C1F-C1B2-4B2B-B4AD-9D18BB45DB55} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{EAF9D544-3DD8-4ECB-9766-E743A623F639} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{EB464290-C0EE-4B83-AC4D-42C9F564BF8D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{EB8665C0-5E28-419A-8E86-9AA8F7982F90} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{EBF22655-1AFD-4505-9C3F-06C26353A84C} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{EC164CE6-7D75-4DE3-A544-0848E6204092} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{ECD13AAF-728D-455E-B90B-C6CACD92085C} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{EDE91D60-B17B-4E80-BEDF-8B03EE08C142} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{EE4ACA06-C4A6-4E94-8331-0730446DF191} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{EF65FD03-792E-45FD-A384-DB4B9F29AF8A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F016C582-C890-4A32-A476-DEC4B7706DFE} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F03C5FB8-A1D4-4A1F-8CF5-8F7FFB07BA92} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F0E769C7-8273-456F-A86E-2AFBBF50509E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F1818B0E-A7D1-4701-9391-7F909A68D49F} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F2A368CE-9F51-4C7E-9A5E-330FC99EA434} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F2AB304E-C918-490A-B5A1-2728D4CA3CE4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F3C8AE8B-E821-429E-A8AB-D708A09165F4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F484BC1A-37FE-4F40-8993-803C3615FF96} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F5959361-5379-4692-BFB2-07AA40B2C76D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F6791A14-1850-461A-96E5-5B80BA212AE5} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F6CDC922-1C09-4A92-AB3F-3B57CA8C4F87} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F7FC048B-90D1-4EB1-8347-0F07E5BCDE19} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F805C665-5976-4A05-BB0B-64E389BD67E0} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F8276435-B057-4242-9995-47805317370D} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{F9B7D313-634D-4F27-BB95-BDD8B0E1333E} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{FA437601-8AC0-4258-A181-51410BA1CF08} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{FA5D943D-AA7A-437C-B9FC-D96B47B8FF9B} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{FB2D14F4-AAB4-4064-80F5-0E70D8CEB38A} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{FC2B6985-7262-443E-9E84-9AF275DD2A82} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{FC8A43E0-58E5-440F-84C3-CC0D300A2EAB} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{FC932888-FAD9-455E-8BDD-42EA0D2F6E29} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\{FDDF7202-973B-44B3-B7EE-909F72D3B7E4} (Empty Folder) Successfully deleted: C:\Users\Hp\AppData\Local\apn (Folder) Successfully deleted: C:\Users\Hp\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\Hp\AppData\Local\packageaware (Folder) Successfully deleted: C:\Users\Hp\AppData\Local\slimware utilities inc (Folder) Successfully deleted: C:\Users\Hp\Appdata\LocalLow\avg safeguard toolbar (Folder) Successfully deleted: C:\Users\Hp\Appdata\LocalLow\Toolbar4 (Folder) Successfully deleted: C:\Users\Hp\AppData\Roaming\babylon (Folder) Successfully deleted: C:\Users\Hp\AppData\Roaming\drivercure (Folder) Successfully deleted: C:\Users\Hp\AppData\Roaming\getrighttogo (Folder) Successfully deleted: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Invalidprefs.js (File) Successfully deleted: C:\Users\Hp\AppData\Roaming\pdfforge (Folder) Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) Successfully deleted: C:\users\Public\Documents\guid (Folder) Successfully deleted: C:\Windows\system32\drivers\swdumon.sys (File) Successfully deleted: C:\Windows\system32\Tasks\Driver Booster Scheduler (Task) Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (Hp) (Task) Successfully deleted: C:\Windows\Tasks\DriverEasy Scheduled Scan.job (Task) Successfully deleted: C:\Program Files (x86)\avg security toolbar (Folder) Successfully deleted: C:\Program Files (x86)\Common Files\avg secure search\vtoolbarupdater (Folder) Successfully deleted: C:\Program Files (x86)\myfree codec (Folder) Successfully deleted: C:\Program Files (x86)\oapps (Folder) Successfully deleted: C:\Program Files (x86)\yuna software (Folder) Successfully deleted: C:\ProgramData\Barowsoe2sAve (Folder) Successfully deleted: C:\Windows\SysWOW64\REN1D40.tmp (File) Deleted the following from C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\prefs.js user_pref(aol_toolbar.default.homepage.check, false); user_pref(aol_toolbar.default.search.check, false); user_pref(avg.install.Revert_DSP, Alnaddy); user_pref(avg.install.Revert_HP, hxxp://www.alnaddy.com/?afltid=wbpk); user_pref(avg.userPreferences.URLBarFocus.whiteList, bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com user_pref(extensions.51748da6c914d.scode, (function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio user_pref(extensions.BabylonToolbar.prtkDS, 0); user_pref(extensions.BabylonToolbar.prtkHmpg, 0); user_pref(extensions.aacec7c99b789494a9cd9cf2130be4fe27837d0b0c96842e7b0acb09c864a5978com43905.43905.internaldb.monetization_plugin_bundledUrls.value, %7B%22dealply_s%22%3A user_pref(extensions.addon@defaulttab.com.install-event-fired, true); user_pref(extensions.alnaddyToolbar.admin, false); user_pref(extensions.alnaddyToolbar.aflt, wbpk); user_pref(extensions.alnaddyToolbar.appId, {D651E893-3D08-458D-A242-0E6B862E6507}); user_pref(extensions.alnaddyToolbar.autoRvrt, false); user_pref(extensions.alnaddyToolbar.cntry, RO); user_pref(extensions.alnaddyToolbar.dfltLng, ); user_pref(extensions.alnaddyToolbar.dfltSrch, true); user_pref(extensions.alnaddyToolbar.excTlbr, false); user_pref(extensions.alnaddyToolbar.hdrMd5, 8E9CA45FD913ACF9841D1C58165A3DA3); user_pref(extensions.alnaddyToolbar.hmpg, true); user_pref(extensions.alnaddyToolbar.hmpgUrl, hxxp://www.alnaddy.com/?afltid=wbpk); user_pref(extensions.alnaddyToolbar.id, 9c3d57ea00000000000000ff7a96e75a); user_pref(extensions.alnaddyToolbar.instlDay, 15817); user_pref(extensions.alnaddyToolbar.instlRef, ); user_pref(extensions.alnaddyToolbar.keyWordUrl, hxxp://www.alnaddy.com/search/?q=); user_pref(extensions.alnaddyToolbar.lastVrsnTs, 1.6.9.164:08:53); user_pref(extensions.alnaddyToolbar.newTab, true); user_pref(extensions.alnaddyToolbar.newTabUrl, hxxp://www.alnaddy.com/?afltid=wbpk); user_pref(extensions.alnaddyToolbar.pnu_alnaddy1, {\newVrsn\:\25\,\lastVrsn\:\15\,\vrsnLoad\:\\,\showMsg\:\false\,\showSilent\:\true\,\msgTs\:13833140 user_pref(extensions.alnaddyToolbar.prdct, alnaddyToolbar); user_pref(extensions.alnaddyToolbar.prtnrId, alnaddy); user_pref(extensions.alnaddyToolbar.sg, none); user_pref(extensions.alnaddyToolbar.smplGrp, none); user_pref(extensions.alnaddyToolbar.srchPrvdr, Alnaddy); user_pref(extensions.alnaddyToolbar.tlbrId, alnaddy1); user_pref(extensions.alnaddyToolbar.tlbrSrchUrl, hxxp://www.alnaddy.com/search/?q=); user_pref(extensions.alnaddyToolbar.vrsn, 1.6.9.16); user_pref(extensions.alnaddyToolbar.vrsnTs, 1.6.9.164:08:53); user_pref(extensions.alnaddyToolbar.vrsni, 1.6.9.16); user_pref(extensions.alnaddyToolbar_i.dnsErr, true); user_pref(extensions.alnaddyToolbar_i.hmpg, true); user_pref(extensions.alnaddyToolbar_i.newTab, true); user_pref(extensions.alnaddyToolbar_i.smplGrp, none); user_pref(extensions.alnaddyToolbar_i.vrsnTs, 1.6.9.164:08:53); user_pref(extensions.crossrider.bic, 141ae48a8ca231a648171f8e1b6fe764); user_pref(extensions.defaulttab.PIR7, 1456546007); user_pref(extensions.defaulttab.active.affiliate, 2402); user_pref(extensions.defaulttab.active.overridechromesearch, false); user_pref(extensions.defaulttab.active.overridekeywordsearch, false); user_pref(extensions.defaulttab.browserID, BCC87061F493CD2C69EB9BD14A5643A3); user_pref(extensions.defaulttab.config, {\set_default_search\:\Search Here|Search Here\,\features\:[{\engine\:\\,\ai\:0,\location\:7,\additional_config\:\\ user_pref(extensions.defaulttab.firstrun, false); user_pref(extensions.defaulttab.installdate, 1352843287); user_pref(extensions.defaulttab.installedVersion, 2.4); user_pref(extensions.defaulttab.useNewTabWhiteList, false); user_pref(extensions.ffxtlbr@alnaddyToolbar.com.install-event-fired, true); user_pref(extensions.ffxtlbr@funmoods.com.install-event-fired, true); user_pref(extensions.helperbar.DockingPositionDown, false); user_pref(extensions.helperbar.LastHiddenTime, 23522997); user_pref(extensions.helperbar.SmartbarDisabled, false); user_pref(extensions.helperbar.SmartbarStateMinimaized, false); user_pref(extensions.helperbar.Visibility, false); user_pref(extensions.searchpredict@speedbit.com.install-event-fired, true); user_pref(keyword.keywordURL, hxxp://search.hotspotshield.com/g/results.php?c=s&q=); Registry: 3 Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 02/17/2017 at 19:59:10.69 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v6.043 - Logfile created 17/02/2017 at 21:39:38 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-13.1 [Server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Hp - TRAC # Running from : C:\Users\Hp\Desktop\AdwCleaner.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service Found: swdumon ***** [ Folders ] ***** Folder Found: C:\ProgramData\Avg_Update_1114tb Folder Found: C:\ProgramData\Avg_Update_1214tb Folder Found: C:\Users\Hp\AppData\LocalLow\Speedbit Folder Found: C:\Users\Hp\AppData\Roaming\NCdownloader Folder Found: C:\ProgramData\AVG Secure Search Folder Found: C:\ProgramData\Speedbit Folder Found: C:\ProgramData\Application Data\AVG Secure Search Folder Found: C:\ProgramData\Application Data\Speedbit Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec Folder Found: C:\Users\Public\Documents\Speedbit Folder Found: C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar Folder Found: C:\extensions ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1.exe Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14de519c-6103-4ccf-8690-6a855f270ce0} Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27a2caf7-4a52-43c5-b092-55f4bf676c98} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExamView Player Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExamView Player_is1 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\DefaultTabSearch Key Found: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 Key Found: HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler Key Found: HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Key Found: HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute Key Found: HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel Key Found: HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject Key Found: HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState Key Found: HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm Key Found: HKLM\SOFTWARE\Classes\MsgPlusForSkype.AnimationPackage Key Found: HKLM\SOFTWARE\Classes\MsgPlusForSkype.SkinPack Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 Key Found: HKLM\SOFTWARE\Classes\PCSuiteContactsView Key Found: HKLM\SOFTWARE\Classes\PCSuiteMessagesView Key Found: HKLM\SOFTWARE\Classes\Prod.cap Key Found: HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar Key Found: HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar.1 Key Found: HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT Key Found: HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT.3 Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1 Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1 Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found: HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO Key Found: HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1 Key Found: HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Found: HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Found: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Found: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Found: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Found: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Found: HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Found: HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Found: HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Found: HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Found: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Found: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Found: HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT Key Found: HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT.1 Key Found: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 Key Found: [x64] HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler Key Found: [x64] HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Key Found: [x64] HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute Key Found: [x64] HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel Key Found: [x64] HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject Key Found: [x64] HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState Key Found: [x64] HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm Key Found: [x64] HKLM\SOFTWARE\Classes\MsgPlusForSkype.AnimationPackage Key Found: [x64] HKLM\SOFTWARE\Classes\MsgPlusForSkype.SkinPack Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 Key Found: [x64] HKLM\SOFTWARE\Classes\PCSuiteContactsView Key Found: [x64] HKLM\SOFTWARE\Classes\PCSuiteMessagesView Key Found: [x64] HKLM\SOFTWARE\Classes\Prod.cap Key Found: [x64] HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar Key Found: [x64] HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar.1 Key Found: [x64] HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT Key Found: [x64] HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT.3 Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1 Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1 Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found: [x64] HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO Key Found: [x64] HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1 Key Found: [x64] HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Found: [x64] HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Found: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Found: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Found: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Found: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Found: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Found: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Found: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Found: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Found: [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Found: [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Found: [x64] HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT Key Found: [x64] HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT.1 Key Found: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found: HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Found: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found: HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Found: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found: HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Found: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Found: HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Found: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found: HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Found: HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Found: HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Found: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} Key Found: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} Key Found: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} Key Found: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} Key Found: HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} Key Found: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} Key Found: HKLM\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF} Key Found: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} Key Found: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Key Found: HKLM\SOFTWARE\Classes\CLSID\{37211D63-CCE9-4780-B182-96538CFC6FED} Key Found: HKLM\SOFTWARE\Classes\CLSID\{8B9C4F32-044E-491C-893E-362CB8A679D5} Key Found: HKLM\SOFTWARE\Classes\CLSID\{CBC3E05C-F841-452A-A600-E8D8BBEA63D9} Key Found: HKLM\SOFTWARE\Classes\CLSID\{CF2BF214-9D1E-4803-9AEB-38552615FD40} Key Found: HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Found: HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Key Found: HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Found: HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Found: HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Found: HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Found: HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Found: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found: HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} Key Found: HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Found: HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Found: HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Found: HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Found: HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Found: HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Found: HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Found: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found: HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Found: HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Found: HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} Key Found: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Key Found: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} Key Found: HKU\.DEFAULT\Software\IGearSettings Key Found: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\AVG Security Toolbar Key Found: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\InstalledThirdPartyPrograms Key Found: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Minibar Key Found: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Myfree Codec Key Found: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\smarttweak Key Found: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Softonic Key Found: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\speedypc software Key Found: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\YahooPartnerToolbar Key Found: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\yuna software Key Found: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\MINIBAR Key Found: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\AppDataLow\Toolbar Key Found: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\AppDataLow\Software\Conduit Key Found: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\blekko Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\SBConvert Key Found: HKU\S-1-5-18\Software\IGearSettings Key Found: HKCU\Software\AVG Security Toolbar Key Found: HKCU\Software\InstalledThirdPartyPrograms Key Found: HKCU\Software\Minibar Key Found: HKCU\Software\Myfree Codec Key Found: HKCU\Software\smarttweak Key Found: HKCU\Software\Softonic Key Found: HKCU\Software\speedypc software Key Found: HKCU\Software\YahooPartnerToolbar Key Found: HKCU\Software\yuna software Key Found: HKCU\Software\MINIBAR Key Found: HKCU\Software\AppDataLow\Toolbar Key Found: HKCU\Software\AppDataLow\Software\Conduit Key Found: HKLM\SOFTWARE\AVG Secure Search Key Found: HKLM\SOFTWARE\AVG Security Toolbar Key Found: HKLM\SOFTWARE\Myfree Codec Key Found: HKLM\SOFTWARE\SP Global Key Found: HKLM\SOFTWARE\SProtector Key Found: HKLM\SOFTWARE\W3I Key Found: HKLM\SOFTWARE\yuna software Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Plus! for Skype Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\blekko Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\SBConvert Key Found: [x64] HKCU\Software\AVG Security Toolbar Key Found: [x64] HKCU\Software\InstalledThirdPartyPrograms Key Found: [x64] HKCU\Software\Minibar Key Found: [x64] HKCU\Software\Myfree Codec Key Found: [x64] HKCU\Software\smarttweak Key Found: [x64] HKCU\Software\Softonic Key Found: [x64] HKCU\Software\speedypc software Key Found: [x64] HKCU\Software\YahooPartnerToolbar Key Found: [x64] HKCU\Software\yuna software Key Found: [x64] HKCU\Software\MINIBAR Key Found: [x64] HKCU\Software\AppDataLow\Toolbar Key Found: [x64] HKCU\Software\AppDataLow\Software\Conduit Key Found: [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms Key Found: [x64] HKLM\SOFTWARE\Tarma Installer Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21 Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sa.hao123.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sa.hao123.com Key Found: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\AppsHat Key Found: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found: HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Found: HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Found: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found: HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Found: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol Key Found: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E} Key Found: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24} Key Found: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6} Key Found: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9} Key Found: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol ***** [ Web browsers ] ***** Firefox pref Found: [C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\prefs.js] - "avg.userPreferences.URLBarFocus.whiteList" - "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w+ live Firefox pref Found: [C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\prefs.js] - "extensions.defaulttab.config" - "{\"set_default_search\":\"Search Here Search Here\",\"features\":[{\"engine\":\"\", Chrome pref Found: [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearch.avg.com Chrome pref Found: [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Web data] - free-keylogger.en.softonic.com Chrome pref Found: [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - amfclgbdpgndipgoegfpkkgobahigbcl Chrome pref Found: [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - kdidombaedgpfiiedeimiebkmbilgmlc ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [21182 Bytes] - [17/02/2017 21:39:38] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21256 Bytes] ########## Link to post Share on other sites More sharing options...
Aura Posted February 17, 2017 ID:1102576 Share Posted February 17, 2017 You ran another scan with FRST, you need to run a Fix using the attached fixlist.txt. Please follow the instructions as previously posted. Also, I need the clean log for AdwCleaner, this is the scan log. Please follow the instructions as previously posted. Link to post Share on other sites More sharing options...
Ralee Posted February 17, 2017 Author ID:1102588 Share Posted February 17, 2017 CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [kbdsprt] => [X] HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [AdobeBridge] => [X] AppInit_DLLs-x32: c:\progra~2\browse~1\sprote~1.dll => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File GroupPolicyUsers\S-1-5-21-2588610484-973985184-251928395-1002\User: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION Winsock: Catalog5 06 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File Winsock: Catalog5-x64 06 C:\Program Files\Bonjour\mdnsNSP.dll => No File HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION URLSearchHook: HKLM-x32 - (No Name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File URLSearchHook: HKU\S-1-5-21-2588610484-973985184-251928395-1000 - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File URLSearchHook: HKU\S-1-5-21-2588610484-973985184-251928395-1000 - (No Name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File SearchScopes: HKLM-x32 -> DefaultScope Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms} SearchScopes: HKLM-x32 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms} SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> Moikrug URL = hxxp://moikrug.ru/persons/?clid=154468&charset=utf-8&keywords={searchTerms}&submitted=1 SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms} SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4FAEDDA2-6351-43E6-8568-4A45396FC74C}&mid=ef04ad78bd8547d1a8051943ef5e7851-36711ed55615b87e9c4cf224ac236fc32b85bd82&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2013-05-08 02:39:22&v=18.2.0.829&pid=safeguard&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> {C9FF56E2-80AA-494C-970C-397580307ACF} URL = hxxp://www.alnaddy.com/search/?q={searchTerms}&r=524 BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll => No File BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File Toolbar: HKLM-x32 - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.3.0\ViProtocol.dll [2016-03-25] (AVG Secure Search) FF user.js: detected! => C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\user.js [2013-05-08] FF NewTab: Mozilla\Firefox\Profiles\r0evgay0.default -> hxxp://www.mysearchresults.com/?c=2402&t=15&nt=nt1&uid=BCC87061F493CD2C69EB9BD14A5643A3 FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r0evgay0.default -> AVG Secure Search FF DefaultSearchEngine,S: Mozilla\Firefox\Profiles\r0evgay0.default -> FF DefaultSearchUrl: Mozilla\Firefox\Profiles\r0evgay0.default -> FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\r0evgay0.default -> FF SearchEngineOrder.1,S: Mozilla\Firefox\Profiles\r0evgay0.default -> FF SelectedSearchEngine: Mozilla\Firefox\Profiles\r0evgay0.default -> AVG Secure Search FF SelectedSearchEngine,S: Mozilla\Firefox\Profiles\r0evgay0.default -> FF Keyword.URL: Mozilla\Firefox\Profiles\r0evgay0.default -> FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-24] FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\alnaddyToolbar.xml [2013-04-22] FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\avg-secure-search.xml [2016-03-25] FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\ybqs-yandex.xml [2012-03-05] FF Extension: (Hotspot Shield Helper (Please allow this installation)) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2016-03-26] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-03-26] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-26] [not signed] FF Extension: (Hotspot Shield Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2016-03-26] [not signed] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-02-28] FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.3.0\\npsitesafety.dll [No File] S4 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [X] S2 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X] R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-02-17] (Anchorfree Inc.) S3 ALSysIO; \??\C:\Users\Hp\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION S3 ampa; \??\C:\Windows\system32\ampa.sys [X] S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X] S3 taphss; system32\DRIVERS\taphss.sys [X] AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\ChromeHTML: -> <==== ATTENTION CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File Task: {0944FDF1-E7E8-41C0-87BF-E803A005D93F} - System32\Tasks\{2A7A4B3C-5D02-406F-B62F-D9B380838A4E} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\sp51029.exe -d C:\Windows\system32 Task: {132256E3-B2A8-47E2-B29C-3B3645BBE535} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {38C270F1-F3F6-451C-87A5-7B31A1B95EC9} - System32\Tasks\{CA17C987-2612-44D4-8712-C0EF095362B2} => pcalua.exe -a "C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe" Task: {4FE5ADB1-0AEF-417E-90AC-C563B9E7D26F} - System32\Tasks\Baidu PC Faster Update => $szInstallingDir\Updater.exe Task: {538A4155-A4DA-4709-AE42-31F04E9CA73D} - System32\Tasks\{AD7BD7A9-84A8-4283-AAB4-8ACB27831CEE} => pcalua.exe -a C:\Users\Hp\Desktop\jjjjjjjjjjjjjjjjjjjjjjjjjjjjjj\UtilityOnlineMarch09\64-bit\setup.exe -d C:\Windows\system32 Task: {9CBB4995-01A8-4242-8923-E931A5830654} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {B1D17603-A7B4-4D32-93AC-1022BA91CAEF} - System32\Tasks\{9C2AE2F6-D4A3-4D11-A454-11BA3FC50514} => pcalua.exe -a C:\Users\Work\Desktop\sp53540.exe -d C:\Windows\system32 Task: {BDDFE0B0-C9F3-43B6-914F-6DADAB6CAD83} - System32\Tasks\{2F184749-FE00-43CA-8869-131E4D964F22} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\Nero7_chm_Enu.exe -d C:\Users\Hp\AppData\Roaming\IDM Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {ED1D8354-4F3D-44BB-8C26-C9A50D09F7DD} - System32\Tasks\{47C72562-1501-404F-BD86-4A4C0378B1CF} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\wlsetup-web.exe -d C:\Users\Hp\AppData\Roaming\IDM Task: {F34C8D72-8CB0-44F7-9E7B-E2FAB16479FF} - System32\Tasks\{16AADBCC-DFFD-44CA-B81C-2E0B05359184} => pcalua.exe -a D:\Setup.exe -d D:\ Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A [123] MSCONFIG\Services: hshld => 2 MSCONFIG\Services: HssTrayService => 3 MSCONFIG\Services: vToolbarUpdater19.3.0 => 2 MSCONFIG\startupreg: UpdateMyDrivers => C:\Program Files (x86)\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" FirewallRules: [{16B3920F-6309-4F62-AF73-66822FC027EF}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe FirewallRules: [{2983E7EC-4BCD-423B-AF42-F1AFA7886A1D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe FirewallRules: [{781D07E9-1822-4977-A284-A62969063EAC}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe FirewallRules: [{737C12A3-FDCE-44D7-B5DB-3ACBF9216945}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe FirewallRules: [{EADB1E9C-D5D5-4A7F-B4D7-27820C8EFC4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe FirewallRules: [{1073625D-4EA2-4B3C-B3BC-16A5211FF9D4}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe FirewallRules: [{92E29DA7-3160-41C6-B9F0-A19A4059595C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe FirewallRules: [{F9E01E00-C509-4ECC-90B1-CBB224DC4418}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe FirewallRules: [{E8C59255-CE1E-483B-8CA3-CA4CDD8BCE57}] => (Allow) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe C:\Program Files (x86)\Baidu Security C:\Program Files (x86)\Hotspot Shield C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml C:\ProgramData\AVG SafeGuard toolbar C:\Users\Hp\AppData\Local\AVG SafeGuard toolbar C:\Users\Hp\AppData\LocalLow\blekko EmptyTemp: # AdwCleaner v6.043 - Logfile created 17/02/2017 at 21:43:09 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-13.1 [Server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Hp - TRAC # Running from : C:\Users\Hp\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** [-] Service deleted: swdumon ***** [ Folders ] ***** [-] Folder deleted: C:\ProgramData\Avg_Update_1114tb [-] Folder deleted: C:\ProgramData\Avg_Update_1214tb [-] Folder deleted: C:\Users\Hp\AppData\LocalLow\Speedbit [-] Folder deleted: C:\Users\Hp\AppData\Roaming\NCdownloader [-] Folder deleted: C:\ProgramData\AVG Secure Search [-] Folder deleted: C:\ProgramData\Speedbit [#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search [#] Folder deleted on reboot: C:\ProgramData\Application Data\Speedbit [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec [-] Folder deleted: C:\Users\Public\Documents\Speedbit [-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar [-] Folder deleted: C:\extensions ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1.exe [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14de519c-6103-4ccf-8690-6a855f270ce0} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27a2caf7-4a52-43c5-b092-55f4bf676c98} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExamView Player [#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExamView Player_is1 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\DefaultTabSearch [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [-] Key deleted: HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler [-] Key deleted: HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 [-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute [-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel [-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject [-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState [-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm [-] Key deleted: HKLM\SOFTWARE\Classes\MsgPlusForSkype.AnimationPackage [-] Key deleted: HKLM\SOFTWARE\Classes\MsgPlusForSkype.SkinPack [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 [-] Key deleted: HKLM\SOFTWARE\Classes\PCSuiteContactsView [-] Key deleted: HKLM\SOFTWARE\Classes\PCSuiteMessagesView [-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap [-] Key deleted: HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar [-] Key deleted: HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar.1 [-] Key deleted: HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT [-] Key deleted: HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT.3 [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1 [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1 [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi [-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 [-] Key deleted: HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO [-] Key deleted: HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1 [-] Key deleted: HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils [-] Key deleted: HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 [-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager [-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 [-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager [-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 [-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbRequest [-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 [-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbTask [-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 [-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper [-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 [-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT [-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT.1 [-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE [-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MsgPlusForSkype.AnimationPackage [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MsgPlusForSkype.SkinPack [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\PCSuiteContactsView [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\PCSuiteMessagesView [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT.3 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{37211D63-CCE9-4780-B182-96538CFC6FED} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8B9C4F32-044E-491C-893E-362CB8A679D5} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CBC3E05C-F841-452A-A600-E8D8BBEA63D9} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CF2BF214-9D1E-4803-9AEB-38552615FD40} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key deleted: HKU\.DEFAULT\Software\IGearSettings [-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\AVG Security Toolbar [-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\InstalledThirdPartyPrograms [-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Minibar [-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Myfree Codec [-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\smarttweak [-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Softonic [-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\speedypc software [-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\YahooPartnerToolbar [-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\yuna software [#] Key deleted on reboot: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\MINIBAR [-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\AppDataLow\Toolbar [-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\AppDataLow\Software\Conduit [-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\blekko [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\SBConvert [#] Key deleted on reboot: HKU\S-1-5-18\Software\IGearSettings [#] Key deleted on reboot: HKCU\Software\AVG Security Toolbar [#] Key deleted on reboot: HKCU\Software\InstalledThirdPartyPrograms [#] Key deleted on reboot: HKCU\Software\Minibar [#] Key deleted on reboot: HKCU\Software\Myfree Codec [#] Key deleted on reboot: HKCU\Software\smarttweak [#] Key deleted on reboot: HKCU\Software\Softonic [#] Key deleted on reboot: HKCU\Software\speedypc software [#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar [#] Key deleted on reboot: HKCU\Software\yuna software [#] Key deleted on reboot: HKCU\Software\MINIBAR [#] Key deleted on reboot: HKCU\Software\AppDataLow\Toolbar [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit [-] Key deleted: HKLM\SOFTWARE\AVG Secure Search [-] Key deleted: HKLM\SOFTWARE\AVG Security Toolbar [-] Key deleted: HKLM\SOFTWARE\Myfree Codec [-] Key deleted: HKLM\SOFTWARE\SP Global [-] Key deleted: HKLM\SOFTWARE\SProtector [-] Key deleted: HKLM\SOFTWARE\W3I [-] Key deleted: HKLM\SOFTWARE\yuna software [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Plus! for Skype [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\blekko [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\SBConvert [#] Key deleted on reboot: [x64] HKCU\Software\AVG Security Toolbar [#] Key deleted on reboot: [x64] HKCU\Software\InstalledThirdPartyPrograms [#] Key deleted on reboot: [x64] HKCU\Software\Minibar [#] Key deleted on reboot: [x64] HKCU\Software\Myfree Codec [#] Key deleted on reboot: [x64] HKCU\Software\smarttweak [#] Key deleted on reboot: [x64] HKCU\Software\Softonic [#] Key deleted on reboot: [x64] HKCU\Software\speedypc software [#] Key deleted on reboot: [x64] HKCU\Software\YahooPartnerToolbar [#] Key deleted on reboot: [x64] HKCU\Software\yuna software [#] Key deleted on reboot: [x64] HKCU\Software\MINIBAR [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Toolbar [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Conduit [-] Key deleted: [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms [-] Key deleted: [x64] HKLM\SOFTWARE\Tarma Installer [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21 [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sa.hao123.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sa.hao123.com [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\AppsHat [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe [-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol [-] Key deleted: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E} [-] Key deleted: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24} [-] Key deleted: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6} [-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol ***** [ Web browsers ] ***** [-] Chrome preferences cleaned: "avg.userPreferences.URLBarFocus.whiteList" - "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w+ live\\.\\w+ isearch\\.avg\\.com mysearch\\.avg\\.com" [-] Chrome preferences cleaned: "extensions.defaulttab.config" - "{\"set_default_search\":\"Search Here Search Here\",\"features\":[{\"engine\":\"\",\"ai\":0,\"location\":7,\"additional_config\":\"\",\"url\":\"hxxp://i.defaulttabjs.info/dtab/javascript.js?channel=2402\",\"type\":\"js\",\"feature\":\"DP\"},{\"engine\":\"\",\"ai\":0,\"location\":13,\"additional_config\":\"\",\"url\":\"hxxp://nps.pastaleads.com/npsb/logic.js?originid=D16B1DF2-7282-E311-B7DA-001517D1792A&SiteId=Sales&ToolbarId=&ProductName=ToolbarId=2402\",\"type\":\"js\",\"feature\":\"NP\"}],\"set_default_search_on_update\":true,\"change_default_search\":true,\"use_dns_error_handling\":true,\"set_home_page_to\":\"hxxp://www.mysearchresults.com/?c=2402&t=15\",\"new_tab_url\":\"hxxp://www.mysearchresults.com/?c=2402&t=15&nt=nt1\",\"set_search_box\":true,\"change_dns_error_handling_on_update\":false,\"version\":1,\"search_engines\":[{\"search_engine\":\"Search Here Search Here\",\"search_query_string\":\"c=2402&t=15&q={searchTerms}\",\"toolbar_search_engine_config_id\":3321,\"third_party_feed_identifier\":\"\",\"search_engine_id\":99,\"base_url\":\"hxxp://www.mysearchresults.com/search\"},{\"search_engine\":\"Facebook\",\"search_query_string\":\"\",\"toolbar_search_engine_config_id\":3322,\"third_party_feed_identifier\":\"\",\"search_engine_id\":88,\"base_url\":\"hxxp://www.facebook.com/search.php?q={searchTerms}\"},{\"search_engine\":\"Amazon\",\"search_query_string\":\"&field-keywords={searchTerms}\",\"toolbar_search_engine_config_id\":3323,\"third_party_feed_identifier\":\"\",\"search_engine_id\":85,\"base_url\":\"hxxp://www.amazon.com/mn/search/?encoding=UTF8\"},{\"search_engine\":\"Wikipedia\",\"search_query_string\":\"\",\"toolbar_search_engine_config_id\":3324,\"third_party_feed_identifier\":\"\",\"search_engine_id\":86,\"base_url\":\"hxxp://en.wikipedia.org/wiki/{searchTerms}\"},{\"search_engine\":\"Twitter\",\"search_query_string\":\"\",\"toolbar_search_engine_config_id\":3325,\"third_party_feed_identifier\":\"\",\"search_engine_id\":87,\"base_url\":\"hxxps://twitter.com/#!/search?q={searchTerms}\"},{\"search_engine\":\"eBay\",\"search_query_string\":\"\",\"toolbar_search_engine_config_id\":3326,\"third_party_feed_identifier\":\"\",\"search_engine_id\":92,\"base_url\":\"hxxp://www.ebay.com/sch/?_nkw={searchTerms}\"}],\"channel\":2402,\"revision\":1,\"dns_error_handling\":\"Scenario_1,Scenario_2,Scenario_7:1:1:Search Results:mysearchresults,Scenario_8:0:0:Search Results:Search Results\",\"icon_image_file\":\"\",\"ntwl\":false,\"set_home_page_on_update\":true,\"search_box_default\":\"Search Here Search Here\",\"third_party_reporting_partner\":null,\"change_home_page\":true,\"country\":\"SA\",\"enable_third_party_content\":true}" [-] [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mysearch.avg.com [-] [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: free-keylogger.en.softonic.com [-] [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: amfclgbdpgndipgoegfpkkgobahigbcl [-] [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: kdidombaedgpfiiedeimiebkmbilgmlc ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [25808 Bytes] - [17/02/2017 21:43:09] C:\AdwCleaner\AdwCleaner[S0].txt - [21644 Bytes] - [17/02/2017 21:39:38]########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [25956 Bytes] ########## Link to post Share on other sites More sharing options...
Aura Posted February 17, 2017 ID:1102589 Share Posted February 17, 2017 The first log is the actual fixlist.txt. You need to save that file in the same location as FRST.exe, launch FRST, and then click on the "Fix" button. The computer will reboot after the fix, and a file called fixlog.txt will be left where fixlist.txt was. You then need to copy/paste the content of that log in your next reply. Link to post Share on other sites More sharing options...
Ralee Posted February 17, 2017 Author ID:1102598 Share Posted February 17, 2017 Hope i got it right this time.... Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02 Ran by Hp (17-02-2017 19:07:10) Run:1 Running from C:\Users\Hp\Downloads Loaded Profiles: Hp & (Available Profiles: Hp & Guest) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [kbdsprt] => [X] HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [AdobeBridge] => [X] AppInit_DLLs-x32: c:\progra~2\browse~1\sprote~1.dll => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File GroupPolicyUsers\S-1-5-21-2588610484-973985184-251928395-1002\User: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION Winsock: Catalog5 06 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File Winsock: Catalog5-x64 06 C:\Program Files\Bonjour\mdnsNSP.dll => No File HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION URLSearchHook: HKLM-x32 - (No Name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File URLSearchHook: HKU\S-1-5-21-2588610484-973985184-251928395-1000 - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File URLSearchHook: HKU\S-1-5-21-2588610484-973985184-251928395-1000 - (No Name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File SearchScopes: HKLM-x32 -> DefaultScope Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms} SearchScopes: HKLM-x32 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms} SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> Moikrug URL = hxxp://moikrug.ru/persons/?clid=154468&charset=utf-8&keywords={searchTerms}&submitted=1 SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms} SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4FAEDDA2-6351-43E6-8568-4A45396FC74C}&mid=ef04ad78bd8547d1a8051943ef5e7851-36711ed55615b87e9c4cf224ac236fc32b85bd82&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2013-05-08 02:39:22&v=18.2.0.829&pid=safeguard&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> {C9FF56E2-80AA-494C-970C-397580307ACF} URL = hxxp://www.alnaddy.com/search/?q={searchTerms}&r=524 BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll => No File BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File Toolbar: HKLM-x32 - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.3.0\ViProtocol.dll [2016-03-25] (AVG Secure Search) FF user.js: detected! => C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\user.js [2013-05-08] FF NewTab: Mozilla\Firefox\Profiles\r0evgay0.default -> hxxp://www.mysearchresults.com/?c=2402&t=15&nt=nt1&uid=BCC87061F493CD2C69EB9BD14A5643A3 FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r0evgay0.default -> AVG Secure Search FF DefaultSearchEngine,S: Mozilla\Firefox\Profiles\r0evgay0.default -> FF DefaultSearchUrl: Mozilla\Firefox\Profiles\r0evgay0.default -> FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\r0evgay0.default -> FF SearchEngineOrder.1,S: Mozilla\Firefox\Profiles\r0evgay0.default -> FF SelectedSearchEngine: Mozilla\Firefox\Profiles\r0evgay0.default -> AVG Secure Search FF SelectedSearchEngine,S: Mozilla\Firefox\Profiles\r0evgay0.default -> FF Keyword.URL: Mozilla\Firefox\Profiles\r0evgay0.default -> FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-24] FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\alnaddyToolbar.xml [2013-04-22] FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\avg-secure-search.xml [2016-03-25] FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\ybqs-yandex.xml [2012-03-05] FF Extension: (Hotspot Shield Helper (Please allow this installation)) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2016-03-26] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-03-26] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-26] [not signed] FF Extension: (Hotspot Shield Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2016-03-26] [not signed] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-02-28] FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.3.0\\npsitesafety.dll [No File] S4 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [X] S2 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X] R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-02-17] (Anchorfree Inc.) S3 ALSysIO; \??\C:\Users\Hp\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION S3 ampa; \??\C:\Windows\system32\ampa.sys [X] S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X] S3 taphss; system32\DRIVERS\taphss.sys [X] AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\ChromeHTML: -> <==== ATTENTION CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File Task: {0944FDF1-E7E8-41C0-87BF-E803A005D93F} - System32\Tasks\{2A7A4B3C-5D02-406F-B62F-D9B380838A4E} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\sp51029.exe -d C:\Windows\system32 Task: {132256E3-B2A8-47E2-B29C-3B3645BBE535} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {38C270F1-F3F6-451C-87A5-7B31A1B95EC9} - System32\Tasks\{CA17C987-2612-44D4-8712-C0EF095362B2} => pcalua.exe -a "C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe" Task: {4FE5ADB1-0AEF-417E-90AC-C563B9E7D26F} - System32\Tasks\Baidu PC Faster Update => $szInstallingDir\Updater.exe Task: {538A4155-A4DA-4709-AE42-31F04E9CA73D} - System32\Tasks\{AD7BD7A9-84A8-4283-AAB4-8ACB27831CEE} => pcalua.exe -a C:\Users\Hp\Desktop\jjjjjjjjjjjjjjjjjjjjjjjjjjjjjj\UtilityOnlineMarch09\64-bit\setup.exe -d C:\Windows\system32 Task: {9CBB4995-01A8-4242-8923-E931A5830654} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {B1D17603-A7B4-4D32-93AC-1022BA91CAEF} - System32\Tasks\{9C2AE2F6-D4A3-4D11-A454-11BA3FC50514} => pcalua.exe -a C:\Users\Work\Desktop\sp53540.exe -d C:\Windows\system32 Task: {BDDFE0B0-C9F3-43B6-914F-6DADAB6CAD83} - System32\Tasks\{2F184749-FE00-43CA-8869-131E4D964F22} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\Nero7_chm_Enu.exe -d C:\Users\Hp\AppData\Roaming\IDM Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {ED1D8354-4F3D-44BB-8C26-C9A50D09F7DD} - System32\Tasks\{47C72562-1501-404F-BD86-4A4C0378B1CF} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\wlsetup-web.exe -d C:\Users\Hp\AppData\Roaming\IDM Task: {F34C8D72-8CB0-44F7-9E7B-E2FAB16479FF} - System32\Tasks\{16AADBCC-DFFD-44CA-B81C-2E0B05359184} => pcalua.exe -a D:\Setup.exe -d D:\ Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A [123] MSCONFIG\Services: hshld => 2 MSCONFIG\Services: HssTrayService => 3 MSCONFIG\Services: vToolbarUpdater19.3.0 => 2 MSCONFIG\startupreg: UpdateMyDrivers => C:\Program Files (x86)\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" FirewallRules: [{16B3920F-6309-4F62-AF73-66822FC027EF}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe FirewallRules: [{2983E7EC-4BCD-423B-AF42-F1AFA7886A1D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe FirewallRules: [{781D07E9-1822-4977-A284-A62969063EAC}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe FirewallRules: [{737C12A3-FDCE-44D7-B5DB-3ACBF9216945}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe FirewallRules: [{EADB1E9C-D5D5-4A7F-B4D7-27820C8EFC4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe FirewallRules: [{1073625D-4EA2-4B3C-B3BC-16A5211FF9D4}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe FirewallRules: [{92E29DA7-3160-41C6-B9F0-A19A4059595C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe FirewallRules: [{F9E01E00-C509-4ECC-90B1-CBB224DC4418}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe FirewallRules: [{E8C59255-CE1E-483B-8CA3-CA4CDD8BCE57}] => (Allow) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe C:\Program Files (x86)\Baidu Security C:\Program Files (x86)\Hotspot Shield C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml C:\ProgramData\AVG SafeGuard toolbar C:\Users\Hp\AppData\Local\AVG SafeGuard toolbar C:\Users\Hp\AppData\LocalLow\blekko EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\kbdsprt => value removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully "c:\progra~2\browse~1\sprote~1.dll" => Value data removed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key removed successfully HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key removed successfully HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key removed successfully HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => key removed successfully HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key removed successfully HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key removed successfully HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key removed successfully HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key removed successfully HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => key removed successfully HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2588610484-973985184-251928395-1002\User => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully HKLM\SOFTWARE\Policies\Google => key removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Policies\Google => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006 => key removed successfully HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006 => key removed successfully HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => value removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\Yandex => key removed successfully HKCR\Wow6432Node\CLSID\Yandex => key not found. HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Moikrug => key removed successfully HKCR\CLSID\Moikrug => key not found. HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Yandex => key removed successfully HKCR\CLSID\Yandex => key not found. HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C9FF56E2-80AA-494C-970C-397580307ACF} => key removed successfully HKCR\CLSID\{C9FF56E2-80AA-494C-970C-397580307ACF} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key removed successfully HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => key removed successfully HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value removed successfully HKCR\Wow6432Node\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => key not found. HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => value removed successfully HKCR\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => key not found. HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value removed successfully HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => key not found. HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => value removed successfully HKCR\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => key not found. HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value removed successfully HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => key not found. HKCR\PROTOCOLS\Handler\linkscanner => key not found. HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found. HKCR\PROTOCOLS\Handler\livecall => key not found. HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. HKCR\PROTOCOLS\Handler\msnim => key not found. HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => key not found. HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => key not found. C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\user.js => moved successfully C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\user.js => not found. Firefox "newtab" removed successfully Firefox DefaultSearchEngine removed successfully Firefox DefaultSearchEngine,S removed successfully Firefox DefaultSearchUrl removed successfully Firefox SearchEngineOrder.1 removed successfully Firefox SearchEngineOrder.1,S removed successfully Firefox SelectedSearchEngine removed successfully Firefox SelectedSearchEngine,S removed successfully Firefox "Keyword.URL" removed successfully C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi => moved successfully C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi => path removed successfully C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\alnaddyToolbar.xml => moved successfully C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\avg-secure-search.xml => moved successfully C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\ybqs-yandex.xml => moved successfully C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com => moved successfully C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => moved successfully C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => moved successfully C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com => moved successfully C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => moved successfully HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key removed successfully HKLM\System\CurrentControlSet\Services\MsgPlusService => key removed successfully MsgPlusService => service removed successfully HKLM\System\CurrentControlSet\Services\TeamViewer => key removed successfully TeamViewer => service removed successfully taphss6 => Unable to stop service. HKLM\System\CurrentControlSet\Services\taphss6 => key removed successfully taphss6 => service removed successfully HKLM\System\CurrentControlSet\Services\ALSysIO => key removed successfully ALSysIO => service removed successfully HKLM\System\CurrentControlSet\Services\ampa => key removed successfully ampa => service removed successfully HKLM\System\CurrentControlSet\Services\BprotectEx => key removed successfully BprotectEx => service removed successfully HKLM\System\CurrentControlSet\Services\ewusbnet => key removed successfully ewusbnet => service removed successfully HKLM\System\CurrentControlSet\Services\hwdatacard => key removed successfully hwdatacard => service removed successfully HKLM\System\CurrentControlSet\Services\hwusbdev => key removed successfully hwusbdev => service removed successfully HKLM\System\CurrentControlSet\Services\PCFApiUtil => key removed successfully PCFApiUtil => service removed successfully HKLM\System\CurrentControlSet\Services\taphss => key removed successfully taphss => service removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACC5B116-C09D-429E-9ACF-768FA52DC072}\\SystemComponent => value removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\ChromeHTML => key removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => key removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0944FDF1-E7E8-41C0-87BF-E803A005D93F} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0944FDF1-E7E8-41C0-87BF-E803A005D93F} => key removed successfully C:\Windows\System32\Tasks\{2A7A4B3C-5D02-406F-B62F-D9B380838A4E} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A7A4B3C-5D02-406F-B62F-D9B380838A4E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{132256E3-B2A8-47E2-B29C-3B3645BBE535} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{132256E3-B2A8-47E2-B29C-3B3645BBE535} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38C270F1-F3F6-451C-87A5-7B31A1B95EC9} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38C270F1-F3F6-451C-87A5-7B31A1B95EC9} => key removed successfully C:\Windows\System32\Tasks\{CA17C987-2612-44D4-8712-C0EF095362B2} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA17C987-2612-44D4-8712-C0EF095362B2} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FE5ADB1-0AEF-417E-90AC-C563B9E7D26F} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FE5ADB1-0AEF-417E-90AC-C563B9E7D26F} => key removed successfully C:\Windows\System32\Tasks\Baidu PC Faster Update => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{538A4155-A4DA-4709-AE42-31F04E9CA73D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{538A4155-A4DA-4709-AE42-31F04E9CA73D} => key removed successfully C:\Windows\System32\Tasks\{AD7BD7A9-84A8-4283-AAB4-8ACB27831CEE} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD7BD7A9-84A8-4283-AAB4-8ACB27831CEE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CBB4995-01A8-4242-8923-E931A5830654} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CBB4995-01A8-4242-8923-E931A5830654} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1D17603-A7B4-4D32-93AC-1022BA91CAEF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1D17603-A7B4-4D32-93AC-1022BA91CAEF} => key removed successfully C:\Windows\System32\Tasks\{9C2AE2F6-D4A3-4D11-A454-11BA3FC50514} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9C2AE2F6-D4A3-4D11-A454-11BA3FC50514} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDDFE0B0-C9F3-43B6-914F-6DADAB6CAD83} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDDFE0B0-C9F3-43B6-914F-6DADAB6CAD83} => key removed successfully C:\Windows\System32\Tasks\{2F184749-FE00-43CA-8869-131E4D964F22} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2F184749-FE00-43CA-8869-131E4D964F22} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED1D8354-4F3D-44BB-8C26-C9A50D09F7DD} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED1D8354-4F3D-44BB-8C26-C9A50D09F7DD} => key removed successfully C:\Windows\System32\Tasks\{47C72562-1501-404F-BD86-4A4C0378B1CF} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{47C72562-1501-404F-BD86-4A4C0378B1CF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F34C8D72-8CB0-44F7-9E7B-E2FAB16479FF} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F34C8D72-8CB0-44F7-9E7B-E2FAB16479FF} => key removed successfully C:\Windows\System32\Tasks\{16AADBCC-DFFD-44CA-B81C-2E0B05359184} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{16AADBCC-DFFD-44CA-B81C-2E0B05359184} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully C:\ProgramData\TEMP => ":862BDB1A" ADS removed successfully. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hshld => key removed successfully HKLM\System\CurrentControlSet\Services\hshld => key not found. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HssTrayService => key removed successfully HKLM\System\CurrentControlSet\Services\HssTrayService => key not found. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\vToolbarUpdater19.3.0 => key removed successfully HKLM\System\CurrentControlSet\Services\vToolbarUpdater19.3.0 => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateMyDrivers => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt => key removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16B3920F-6309-4F62-AF73-66822FC027EF} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2983E7EC-4BCD-423B-AF42-F1AFA7886A1D} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{781D07E9-1822-4977-A284-A62969063EAC} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{737C12A3-FDCE-44D7-B5DB-3ACBF9216945} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EADB1E9C-D5D5-4A7F-B4D7-27820C8EFC4D} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1073625D-4EA2-4B3C-B3BC-16A5211FF9D4} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92E29DA7-3160-41C6-B9F0-A19A4059595C} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9E01E00-C509-4ECC-90B1-CBB224DC4418} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8C59255-CE1E-483B-8CA3-CA4CDD8BCE57} => value removed successfully C:\Program Files (x86)\Baidu Security => moved successfully C:\Program Files (x86)\Hotspot Shield => moved successfully C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully C:\ProgramData\AVG SafeGuard toolbar => moved successfully C:\Users\Hp\AppData\Local\AVG SafeGuard toolbar => moved successfully C:\Users\Hp\AppData\LocalLow\blekko => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 4194304 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16468217 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 1261859 B Edge => 0 B Chrome => 1898809 B Firefox => 136590816 B Opera => 758000605 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 ProgramData => 0 B systemprofile => 42475239 B systemprofile32 => 198174 B LocalService => 132244 B NetworkService => 0 B Hp => 569578148 B TEMP => 66228 B Mr C => 175015703 B fbwuser.Hp-PC => 0 B Guest => 108826 B RecycleBin => 2540512715 B EmptyTemp: => 4 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:14:27 ==== Link to post Share on other sites More sharing options...
Aura Posted February 17, 2017 ID:1102607 Share Posted February 17, 2017 Awesome Let's do a last scan with EEK to look for remnants, and get a fresh set of FRST logs after. Emsisoft Emergency Kit Follow the instructions below to run a scan using the Emsisoft Emergency Kit. Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder; Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it. After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes). Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected; If it asks you for a reboot to delete some items, click on Ok to reboot automatically; After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it; This time, click on Logs; From there, go under the Quarantine Log tab, and click on the Export button; Save the log on your desktop, then open it, and copy/paste its content in your next reply; Farbar Recovery Scan Tool (FRST) - Scan mode Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply. Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds; Click on the Scan button; On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files; Copy and paste the content of both FRST.txt and Addition.txt in your next reply; Your next reply(ies) should include: Copy/pasted content of EEK's clean log; Copy/pasted content of FRST.txt; Copy/pasted content of Addition.txt; Link to post Share on other sites More sharing options...
Ralee Posted February 18, 2017 Author ID:1102829 Share Posted February 18, 2017 Emsisoft Emergency Kit - Version 12.0 Quarantine log Date Source Event Detection 2/18/2017 9:48:07 PM C:\Users\Hp\AppData\Roaming\baidu Moved to quarantine Application.AppInstall (A) 2/18/2017 9:48:07 PM Key: HKEY_USERS\S-1-5-21-2588610484-973985184-251928395-1002.BAK\SOFTWARE\APPDATALOW\SOFTWARE\CONDUIT Moved to quarantine Application.Toolbar (A) 2/18/2017 9:48:06 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP Moved to quarantine Application.Win32.InstallAd (A) 2/18/2017 9:48:06 PM Key: HKEY_USERS\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\SMARTBAR Moved to quarantine Application.InstallAd (A) 2/18/2017 9:48:06 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Moved to quarantine Application.AdReg (A) 2/18/2017 9:48:06 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CBC3E05D-F841-452A-A600-E8D8BBEA63DA} Moved to quarantine Application.AdReg (A) 2/18/2017 9:48:06 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Moved to quarantine Application.AdReg (A) 2/18/2017 9:48:06 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Moved to quarantine Application.AdReg (A) 2/18/2017 9:48:05 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Moved to quarantine Application.AdReg (A) 2/18/2017 9:48:05 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Moved to quarantine Application.AdReg (A) 2/18/2017 9:48:05 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CONTEXTMENUNOTIFIER Moved to quarantine Application.AdReg (A) 2/18/2017 9:48:05 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CONTEXTMENUNOTIFIER.1 Moved to quarantine Application.AdReg (A) 2/18/2017 9:48:05 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CUSTOMINTERNETSECURITYIMPL Moved to quarantine Application.AdReg (A) 2/18/2017 9:48:05 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CUSTOMINTERNETSECURITYIMPL.1 Moved to quarantine Application.AdReg (A) 2/18/2017 9:48:04 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.SEARCHPROVIDERMANAGER Moved to quarantine Application.AdReg (A) 2/18/2017 9:48:03 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.SEARCHPROVIDERMANAGER.1 Moved to quarantine Application.AdReg (A) 2/18/2017 9:48:02 PM Key: HKEY_USERS\S-1-5-21-2588610484-973985184-251928395-1002.BAK\SOFTWARE\SOFTONIC Moved to quarantine Application.InstallAd (A) 2/18/2017 9:48:02 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\A2ZLYRICS-15 Moved to quarantine Application.InstallAd (A) 2/18/2017 9:48:01 PM Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\OBJECT Moved to quarantine Application.InstallAd (A) 2/18/2017 9:48:00 PM C:\Program Files (x86)\Spyware Terminator\is-U89DG.tmp Moved to quarantine Application.Toolbar (A) 2/18/2017 9:48:00 PM C:\Program Files (x86)\Spyrix Free Parental Control\is-NEKPJ.tmp Moved to quarantine DeepScan:Generic.Malware.SIFMHspr.6139D8C3 (B) 2/18/2017 9:47:59 PM C:\Program Files (x86)\Spyware Terminator\is-BFPLS.tmp Moved to quarantine Application.Toolbar (A) 2/18/2017 9:47:32 PM C:\Users\Mr C\Desktop\real-free-keylogger-274-1\Real Free Keylogger.exe Moved to quarantine Gen:Variant.Application.Emathi.2 (B) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017 01 Ran by Hp (administrator) on TRAC (18-02-2017 22:31:33) Running from C:\Users\Hp\Downloads Loaded Profiles: Hp & Guest (Available Profiles: Hp & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\Free Desktop Clock\timeserv.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (SoftPerfect) C:\Program Files\NetWorx\networx.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Microsoft Corporation) C:\Windows\System32\calc.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Mozilla Foundation) C:\Program Files\Zimbra\Zimbra Desktop\win64\prism\zdclient.exe () C:\Program Files\Zimbra\Zimbra Desktop\win64\zdesktop.exe (Emsisoft Ltd) C:\EEK\bin64\a2emergencykit.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7620424 2016-11-17] (SoftPerfect) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [Verbose] => "C:\Program Files (x86)\NCH Software\Verbose\verbose.exe" -logon HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-14] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-13] (Piriform Ltd) HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [AtomicAlarmClock6] => C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe [4652544 2013-06-27] () HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: G - G:\Lenovo_Suite.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: J - J:\Lenovo_Suite.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {2fd233a1-5900-11e1-bc84-c3c8f51b191e} - G:\AutoRun.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {903b68ba-6d28-11e5-85a0-70f3952fbf70} - J:\Lenovo_Suite.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {ad67e7c1-6236-11e5-93db-70f3952fbf70} - "G:\WD Drive Unlock.exe" autoplay=true HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {c0fe8dbd-66ff-11e3-8c6b-70f3952fbf70} - G:\autorun.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {d7d97cdb-e8fc-11e3-9158-70f3952fbf70} - G:\setup.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {e4cf3203-bcb5-11e0-82d3-70f3952fbf70} - E:\AutoRun.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {e4cf3214-bcb5-11e0-82d3-70f3952fbf70} - G:\AutoRun.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {fafd8126-bf35-11e0-af24-001e101f79c9} - G:\AutoRun.exe HKU\S-1-5-21-2588610484-973985184-251928395-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3821136 2013-11-01] (Tonec Inc.) HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-13] (Piriform Ltd) HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Run: [uTorrent] => C:\Users\Mr C\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-06-13] (BitTorrent Inc.) HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\MountPoints2: G - "G:\WD Drive Unlock.exe" autoplay=true HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\MountPoints2: {903b68ba-6d28-11e5-85a0-70f3952fbf70} - J:\Lenovo_Suite.exe HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\MountPoints2: {ad67e7c1-6236-11e5-93db-70f3952fbf70} - "G:\WD Drive Unlock.exe" autoplay=true HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\MountPoints2: {e4cf3214-bcb5-11e0-82d3-70f3952fbf70} - E:\AutoRun.exe HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\MountPoints2: {fafd8126-bf35-11e0-af24-001e101f79c9} - E:\AutoRun.exe ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-14] (AVAST Software) ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{715E3615-F9F7-4E49-ACC3-2DE4C01CBA2D}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{BE741787-BE55-40EC-8ACA-A7E2A07874DF}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{E4718D6B-FEC8-4805-AB76-A4AF2A1861B7}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{F3C17A44-4D83-4202-B3ED-FF5EB9931108}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-sa/?ocid=iehp HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ksa.msn.com/?C=SA BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-10-29] (Internet Download Manager, Tonec Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-26] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-14] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-26] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-14] (AVAST Software) DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File FireFox: ======== FF ProfilePath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default [2017-02-18] FF Homepage: Mozilla\Firefox\Profiles\r0evgay0.default -> hxxp://www.google.com/ FF Extension: (Grammarly for Firefox) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2017-01-13] FF Extension: (Firefox Hotfix) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31] FF Extension: (Norwell History Tools) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\norvel@history.xpi [2016-04-30] FF Extension: (Adblock Plus) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-28] FF Extension: (YouTube Flash Video Player) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-02-15] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48 FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-15] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-15] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 FF HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5 [2013-11-01] [not signed] FF HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5 FF HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mr C\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Mr C\AppData\Roaming\IDM\idmmzcc5 [2010-01-01] [not signed] FF HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mr C\AppData\Roaming\IDM\idmmzcc5 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-18] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-26] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-18] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-26] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File] FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-05-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-04] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-04] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-05-11] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-27] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2588610484-973985184-251928395-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2013-05-11] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013-05-11] (RealPlayer) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchKeyword: Default -> google.com.sa CHR Profile: C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default [2017-02-17] CHR Extension: (Adblock Plus) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-01] CHR Extension: (IDM Integration Module) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-10-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13] CHR Extension: (Prayers Gadget) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihkdpidinkflcjdmjabjbdhnmmaanp [2016-07-11] CHR Extension: (Chrome Media Router) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01] Opera: ======= OPR Extension: (SurfEasy Proxy, an Opera Software Company) - C:\Users\Hp\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2016-12-14] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2016-10-22] (SUPERAntiSpyware.com) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-15] (AVAST Software s.r.o.) R2 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2013-04-24] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-14] (AVAST Software) S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.) S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] () S4 Realtek87B; C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed] S4 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-14] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-14] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-14] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-14] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-14] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-15] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126088 2017-02-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-14] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [74680 2017-02-14] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [991496 2017-02-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-14] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337080 2017-02-15] (AVAST Software) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.) U5 cmderd; C:\Windows\System32\Drivers\cmderd.sys [23168 2013-09-24] (COMODO) R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [35352 2016-11-11] (Connectify) R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] () R1 epp; C:\EEK\bin64\epp.sys [114968 2016-10-31] (Emsisoft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] () R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-09] (REALiX(tm)) U5 inspect; C:\Windows\System32\Drivers\inspect.sys [96800 2013-09-24] (COMODO) S3 iscFlash; c:\SwSetup\SP55299\iscflashx64.sys [45632 2010-10-15] (Insyde Software) R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-15] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-17] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-17] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-17] (Malwarebytes) S3 Neo_me; C:\Windows\System32\DRIVERS\Neo_0048.sys [29808 2011-06-06] (SoftEther Corporation) R1 networx; C:\Windows\System32\drivers\networx.sys [72632 2016-10-04] (NetFilterSDK.com) S3 qciusbnet; C:\Windows\System32\DRIVERS\qciusbnet.sys [158720 2012-02-17] (Quanta Computer Inc.) S3 qciusbser; C:\Windows\System32\DRIVERS\qciusbser.sys [123648 2012-02-17] (Quanta Computer Inc.) S3 qntbulk; C:\Windows\System32\Drivers\qntbulk.sys [49664 2012-02-17] (Windows (R) Win 7 DDK provider) S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation ) R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [402136 2015-10-10] (Realsil Semiconductor Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33448 2015-10-10] (Synaptics Incorporated) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2015-12-07] (Western Digital Technologies) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB) U3 ZAPrivacyService; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-18 22:31 - 2017-02-18 22:35 - 00028845 _____ C:\Users\Hp\Downloads\FRST.txt 2017-02-18 22:26 - 2017-02-18 22:26 - 02422784 _____ (Farbar) C:\Users\Hp\Downloads\FRST64.exe 2017-02-18 22:22 - 2017-02-18 22:22 - 00014416 _____ C:\Users\Hp\Downloads\fixlist (1).txt 2017-02-18 21:51 - 2017-02-18 21:51 - 00006774 _____ C:\Users\Hp\Desktop\Quarantine_170218-215030.txt 2017-02-18 21:16 - 2017-02-18 21:51 - 00000000 ____D C:\EEK 2017-02-18 21:05 - 2017-02-18 21:06 - 00000000 ____D C:\Users\Hp\Downloads\New folder (3) 2017-02-17 21:58 - 2017-02-17 21:58 - 00014416 _____ C:\Users\Hp\Downloads\fixlist.txt 2017-02-17 21:33 - 2017-02-17 22:11 - 00000000 ____D C:\AdwCleaner 2017-02-17 19:59 - 2017-02-17 19:59 - 00060343 _____ C:\Users\Hp\Desktop\JRT.txt 2017-02-17 19:50 - 2017-02-17 19:50 - 01663040 _____ (Malwarebytes) C:\Users\Hp\Desktop\JRT.exe 2017-02-17 19:46 - 2017-02-17 19:46 - 04015056 _____ C:\Users\Hp\Desktop\AdwCleaner.exe 2017-02-17 19:23 - 2017-02-17 19:23 - 00000008 __RSH C:\Users\Hp\ntuser.pol 2017-02-17 19:21 - 2017-02-17 19:25 - 05148600 _____ C:\Windows\system32\FNTCACHE.DAT 2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 ___HD C:\$AV_ASW 2017-02-17 19:07 - 2017-02-17 19:19 - 00037110 _____ C:\Users\Hp\Downloads\Fixlog.txt 2017-02-17 14:57 - 2017-02-17 15:32 - 00070681 _____ C:\Users\Hp\Desktop\Addition.txt 2017-02-17 14:53 - 2017-02-18 22:31 - 00000000 ____D C:\FRST 2017-02-17 14:53 - 2017-02-17 15:33 - 00050853 _____ C:\Users\Hp\Desktop\FRST.txt 2017-02-15 10:30 - 2017-02-15 10:30 - 00207590 _____ C:\Users\Hp\Desktop\Malware log.txt 2017-02-15 09:50 - 2017-02-17 21:49 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-02-15 09:50 - 2017-02-17 21:49 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-02-15 09:50 - 2017-02-15 20:00 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-02-15 09:50 - 2017-02-15 09:50 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-02-15 09:49 - 2017-02-17 21:49 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-02-15 09:48 - 2017-02-15 09:48 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-02-15 09:48 - 2017-02-15 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-02-15 09:48 - 2017-02-15 09:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-02-15 09:48 - 2017-02-15 09:48 - 00000000 ____D C:\Program Files\Malwarebytes 2017-02-15 09:48 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-02-15 09:44 - 2017-02-15 09:45 - 55566792 _____ (Malwarebytes ) C:\Users\Hp\Desktop\mb3-setup-consumer-3.0.6.1469.exe 2017-02-15 08:41 - 2017-02-15 08:41 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-02-15 08:41 - 2017-02-15 08:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2017-02-15 08:38 - 2017-02-14 20:23 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-02-15 07:35 - 2017-02-15 07:35 - 01638880 _____ (AVG Technologies CZ) C:\Users\Hp\Desktop\AutoExec64.exe 2017-02-15 06:56 - 2017-02-15 08:40 - 00003870 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1487130947 2017-02-15 06:56 - 2017-02-15 06:56 - 00001043 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2017-02-15 06:56 - 2017-02-15 06:56 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-02-15 06:54 - 2017-02-15 06:53 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2017-02-15 06:53 - 2017-02-15 06:53 - 01948128 _____ (AVG Technologies CZ) C:\Users\Hp\Desktop\AutoExec.exe 2017-02-15 06:50 - 2017-02-15 06:50 - 00000000 ____D C:\Users\Hp\AppData\Roaming\AVAST Software 2017-02-15 06:34 - 2017-02-15 06:43 - 00000000 ____D C:\AVG_Remover 2017-02-15 06:34 - 2017-02-15 06:34 - 08111408 _____ ( ) C:\Users\Hp\Desktop\AVG_Remover.exe 2017-02-15 06:28 - 2017-02-15 06:28 - 00000000 ____D C:\Users\Hp\AppData\Local\MFAData 2017-02-15 06:21 - 2017-02-15 06:21 - 00399360 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe 2017-02-15 05:44 - 2017-02-15 05:44 - 00899425 _____ C:\Users\Hp\AppData\Local\census.cache 2017-02-15 05:42 - 2017-02-15 05:42 - 01455218 _____ C:\Users\Hp\AppData\Local\ars.cache 2017-02-15 04:42 - 2017-02-15 06:44 - 00000000 ____D C:\Users\Hp\AppData\Local\FSDART 2017-02-15 04:42 - 2017-02-15 04:51 - 00000000 ____D C:\ProgramData\F-Secure 2017-02-15 04:42 - 2017-02-15 04:42 - 00524248 _____ (F-Secure Corporation) C:\Users\Hp\Desktop\F-SecureOnlineScanner.exe 2017-02-15 04:42 - 2017-02-15 04:42 - 00000000 ____D C:\Users\Hp\AppData\Local\F-Secure 2017-02-15 04:40 - 2016-08-22 22:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2017-02-15 04:39 - 2017-02-15 04:39 - 02527376 _____ (Trend Micro Inc.) C:\Users\Hp\Desktop\HousecallLauncher64.exe 2017-02-14 21:16 - 2017-02-14 21:16 - 06521214 _____ C:\Users\Hp\Downloads\---------------------------------.bmp 2017-02-14 20:25 - 2017-02-17 10:10 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-02-14 20:25 - 2017-02-14 20:25 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2017-02-14 20:24 - 2017-02-15 08:39 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2017-02-14 20:24 - 2017-02-14 20:37 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148713716440104 2017-02-14 20:24 - 2017-02-14 20:23 - 00991496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00309784 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00126088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00074680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys 2017-02-14 20:24 - 2017-02-14 20:23 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-02-14 20:21 - 2017-02-15 06:53 - 00000000 ____D C:\Program Files\AVAST Software 2017-02-14 20:20 - 2017-02-14 20:20 - 06655120 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe 2017-02-14 20:20 - 2017-02-14 20:20 - 06655120 _____ (AVAST Software) C:\Users\Hp\Desktop\avast_free_antivirus_setup_online.exe 2017-02-14 16:56 - 2017-02-15 04:59 - 00000010 _____ C:\Users\Hp\AppData\Local\sponge.last.runtime.cache 2017-02-14 16:46 - 2017-02-14 16:46 - 00000000 ____D C:\Windows\Trend Micro 2017-02-14 16:46 - 2017-02-14 16:46 - 00000000 ____D C:\ProgramData\Trend Micro 2017-02-14 16:43 - 2017-02-15 07:00 - 00000000 ____D C:\ProgramData\AVAST Software 2017-02-14 16:40 - 2017-02-14 16:40 - 00000036 _____ C:\Users\Hp\AppData\Local\housecall.guid.cache 2017-02-14 09:44 - 2017-02-14 09:44 - 00017091 _____ C:\Users\Hp\Downloads\Training_Schedule_Feb.14_Feb.15 (1).xlsx 2017-02-14 09:21 - 2017-02-14 09:21 - 00021027 _____ C:\Users\Hp\Downloads\Training_Schedule_Feb.14_Feb.15.xlsx 2017-02-09 23:43 - 2017-02-09 23:43 - 00067563 _____ C:\Users\Hp\Desktop\1JJ0VL.pdf 2017-02-09 23:43 - 2017-02-09 23:43 - 00001334 _____ C:\Users\Hp\Desktop\1JJ0VL - Shortcut.lnk 2017-02-09 23:41 - 2017-02-09 23:41 - 00067563 _____ C:\Users\Hp\Downloads\1JJ0VL.pdf 2017-02-08 10:03 - 2017-02-08 10:03 - 00069220 _____ C:\Users\Hp\Downloads\1JE22F.pdf 2017-02-06 05:26 - 2017-02-06 05:26 - 00109163 _____ C:\Users\Hp\Downloads\YRBK 2015 RFA Excel Final.zip 2017-02-06 05:23 - 2017-02-06 05:23 - 00034304 _____ C:\Users\Hp\Downloads\fy2015cobbook117.xls 2017-02-06 05:23 - 2017-02-06 05:23 - 00034304 _____ C:\Users\Hp\Downloads\fy2015cobbook106.xls 2017-02-06 05:22 - 2017-02-06 05:22 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook185.xls 2017-02-06 05:22 - 2017-02-06 05:22 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook171.xls 2017-02-06 05:21 - 2017-02-06 05:21 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook184.xls 2017-02-06 05:21 - 2017-02-06 05:21 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook162.xls 2017-02-06 05:21 - 2017-02-06 05:21 - 00034304 _____ C:\Users\Hp\Downloads\fy2015cobbook161.xls 2017-02-06 05:20 - 2017-02-06 05:20 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook83.xls 2017-02-06 05:18 - 2017-02-06 05:18 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook3.xls 2017-02-03 02:48 - 2017-02-16 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeKeyl0gger 2017-02-03 02:48 - 2017-02-15 06:21 - 00000000 ____D C:\Program Files (x86)\ASDECO Manager 2017-02-03 02:48 - 2017-02-03 02:50 - 00000000 ____D C:\Users\Hp\AppData\Roaming\ASDECO Manager 2017-02-03 02:47 - 2016-04-12 22:12 - 00829377 _____ (IwantSoft ) C:\Users\Hp\Downloads\setup (PASSW0RD = 123987).exe 2017-02-03 02:46 - 2017-02-03 02:46 - 00757173 _____ C:\Users\Hp\Downloads\fklogger.zip 2017-02-03 02:45 - 2016-08-05 11:19 - 00424592 _____ C:\Windows\runkey.exe 2017-02-03 02:39 - 2017-02-03 02:39 - 09339624 _____ (Spyrix Security Inc.) C:\Users\Hp\Desktop\sfk_setupcn.exe 2017-02-02 00:34 - 2017-02-02 00:34 - 00075032 _____ C:\Users\Hp\Desktop\HSS-sd-update.exe 2017-01-22 18:06 - 2017-01-22 18:07 - 40537320 _____ (Opera Software) C:\Users\Hp\Desktop\Opera_42.0.2393.137_Campaign_70_Setup.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-18 22:30 - 2016-09-07 00:12 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-02-18 21:48 - 2016-07-13 02:01 - 00000000 ___HD C:\Program Files (x86)\Spyrix Free Parental Control 2017-02-18 21:48 - 2013-06-01 22:39 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator 2017-02-18 21:47 - 2016-03-10 20:06 - 00000000 ____D C:\Users\Mr C\Desktop\real-free-keylogger-274-1 2017-02-18 08:24 - 2016-08-31 01:18 - 00000000 ____D C:\Program Files (x86)\Opera 2017-02-17 21:57 - 2009-07-14 07:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-17 21:57 - 2009-07-14 07:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-17 21:47 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-17 20:27 - 2012-02-25 17:42 - 00000000 ____D C:\Windows\System32\Tasks\Games 2017-02-17 19:23 - 2011-05-31 13:13 - 00000000 ____D C:\Users\Hp 2017-02-17 19:20 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf 2017-02-17 19:10 - 2011-05-31 14:39 - 00000000 ____D C:\Users\Hp\AppData\LocalLow\Temp 2017-02-17 19:08 - 2009-07-14 06:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2017-02-17 19:08 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2017-02-17 10:17 - 2011-06-04 11:38 - 00000000 ____D C:\Users\Hp\AppData\Local\Adobe 2017-02-16 16:54 - 2016-06-13 06:38 - 00000000 ____D C:\Users\Guest 2017-02-16 16:54 - 2014-12-01 08:18 - 00000000 ____D C:\Users\TEMP 2017-02-16 16:53 - 2011-05-31 14:38 - 00000000 ____D C:\Users\Hp\AppData\Roaming\uTorrent 2017-02-16 16:40 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-02-16 16:40 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-02-16 16:40 - 2011-10-02 12:43 - 00000000 ____D C:\Users\Mr C 2017-02-16 11:03 - 2012-05-14 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-02-15 14:33 - 2012-02-19 00:46 - 00000000 ____D C:\Users\Hp\AppData\Roaming\vlc 2017-02-15 14:30 - 2009-07-14 08:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-15 08:31 - 2013-06-01 23:01 - 00000000 ____D C:\Program Files\COMODO 2017-02-15 06:45 - 2015-10-08 00:35 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000UA.job 2017-02-15 06:45 - 2015-10-08 00:35 - 00000854 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000Core.job 2017-02-15 06:44 - 2011-05-31 14:01 - 00000000 ____D C:\ProgramData\MFAData 2017-02-15 06:41 - 2016-02-27 15:15 - 00000000 ____D C:\ProgramData\Avg 2017-02-14 20:25 - 2015-10-10 02:02 - 00000000 ____D C:\Program Files\Common Files\AV 2017-02-14 17:03 - 2016-10-26 13:59 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Free Desktop Clock 3 2017-02-14 17:03 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration 2017-02-14 17:02 - 2011-06-21 08:18 - 00000000 ____D C:\ProgramData\Real 2017-02-02 01:24 - 2016-03-16 01:24 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Hotspot Shield 2017-02-01 01:28 - 2012-05-13 02:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-01-28 22:14 - 2016-08-31 01:20 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-01-21 23:40 - 2016-10-30 11:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Files in the root of some directories ======= 2016-11-20 22:32 - 2016-11-28 09:41 - 0000132 _____ () C:\Users\Hp\AppData\Roaming\Adobe PNG Format CS6 Prefs 2013-03-18 23:46 - 2016-08-10 14:38 - 0000205 _____ () C:\Users\Hp\AppData\Roaming\burnaware.ini 2012-12-17 14:14 - 2013-05-25 19:21 - 0001155 _____ () C:\Users\Hp\AppData\Roaming\evmanage.prf 2012-12-16 09:30 - 2012-12-19 19:24 - 0003934 _____ () C:\Users\Hp\AppData\Roaming\evpro32.prf 2016-10-10 16:11 - 2016-10-10 16:11 - 0001456 _____ () C:\Users\Hp\AppData\Local\Adobe Save for Web 13.0 Prefs 2017-02-15 05:42 - 2017-02-15 05:42 - 1455218 _____ () C:\Users\Hp\AppData\Local\ars.cache 2017-02-15 05:44 - 2017-02-15 05:44 - 0899425 _____ () C:\Users\Hp\AppData\Local\census.cache 2013-10-12 22:57 - 2013-10-12 22:57 - 0003584 _____ () C:\Users\Hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-02-14 16:40 - 2017-02-14 16:40 - 0000036 _____ () C:\Users\Hp\AppData\Local\housecall.guid.cache 2011-10-25 00:24 - 2016-08-10 23:00 - 0007579 _____ () C:\Users\Hp\AppData\Local\Resmon.ResmonCfg 2017-02-14 16:56 - 2017-02-15 04:59 - 0000010 _____ () C:\Users\Hp\AppData\Local\sponge.last.runtime.cache 2012-03-15 23:01 - 2012-03-15 23:01 - 0000000 _____ () C:\ProgramData\._ntmpdbx_ ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-27 00:17 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017 01 Ran by Hp (18-02-2017 22:37:08) Running from C:\Users\Hp\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2011-05-31 10:12:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2588610484-973985184-251928395-500 - Administrator - Disabled) Guest (S-1-5-21-2588610484-973985184-251928395-501 - Limited - Disabled) => C:\Users\Guest Hp (S-1-5-21-2588610484-973985184-251928395-1000 - Administrator - Enabled) => C:\Users\Hp Mr C (S-1-5-21-2588610484-973985184-251928395-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) 7-Zip 16.02 (HKLM-x32\...\7-Zip) (Version: 16.02 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Aiseesoft Total Video Converter Platinum 6.3.28 (HKLM-x32\...\{3661F243-518C-4d05-8BDF-7B10CC22689F}_is1) (Version: 6.3.28 - Aiseesoft Studio) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.206.1717.117 - Alps Electric) Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) AOMEI Partition Assistant Standard Edition 5.2 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - Aomei Technology Co., Ltd.) Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software) AVG 2016 (HKLM\...\{ACC5B116-C09D-429E-9ACF-768FA52DC072}) (Version: 16.0.4545 - AVG Technologies) Avidemux 2.5 (HKLM-x32\...\Avidemux 2.5) (Version: 2.5.4.6714 - ) AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.4 - GPL Public release.) AxCrypt 2.1.1398.0 (HKLM\...\{D164A256-AD4D-411C-B3FA-77AFA593A326}) (Version: 2.1.1398.0 - AxCrypt AB) Bigasoft Total Video Converter 5.0.10.5862 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C6750}_is1) (Version: - Bigasoft Corporation) Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.) BurnAware Free 6.0 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware) CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) COMODO Internet Security Premium (HKLM\...\{F1EC4151-805B-4097-B9BB-7D71A417AAF1}) (Version: 6.1.14723.2813 - COMODO Security Solutions Inc.) CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version: - CyberGhost S.R.L.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diff Doc (HKLM-x32\...\Diff Doc_is1) (Version: - Softinterface, Inc.) DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/) Driver Booster 3.4 (HKLM-x32\...\Driver Booster_is1) (Version: 3.4 - IObit) DriverEasy 4.9.5 (HKLM\...\DriverEasy_is1) (Version: 4.9.5.0 - Easeware) Dropbox (HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.) Duplicate Cleaner 2.1b (HKLM-x32\...\Duplicate Cleaner) (Version: 2.1b - DigitalVolcano) ExamDiff 1.9 (Build 1.9.0.2) (HKLM-x32\...\ExamDiff_is1) (Version: 1.9.0.2 - PrestoSoft LLC) ExamView Assessment Suite (HKLM-x32\...\ExamView Pro) (Version: - ) Free Desktop Clock 3.0 (HKLM\...\Free Desktop Clock_is1) (Version: - Drive Software Company) Free Video Joiner (HKLM-x32\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version: - FreeVideoJoiner.com) FreeKeyl0gger (HKLM-x32\...\FreeKeyl0gger) (Version: - IwantSoft ,Inc.) GeekBuddy (HKLM-x32\...\{16EA7646-0EC3-4CF8-8484-432D07E267BA}) (Version: 4.25.167 - Comodo Security Solutions Inc) Golden Al-Wafi Translator (C:\Program Files (x86)\Golden Al-Wafi Translator\) (HKLM-x32\...\ST6UNST #2) (Version: - ) Golden Al-Wafi Translator (HKLM-x32\...\ST6UNST #1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.) Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Hao123.com (HKLM-x32\...\Hao123.com) (Version: - ) <==== ATTENTION Hao123-Client (HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\hao123desk-sa) (Version: 1.0.0.1106 - Baidu Online Network Technology (Beijing) Co., Ltd.) <==== ATTENTION Hijri Calendar 1.4 (HKLM-x32\...\Hijri Calendar_is1) (Version: 1.4 - DivineIslam) HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.26.37 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) InstallLoginWithSmartCard Application (HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\4160695148.eservices.moi.gov.sa) (Version: - eservices.moi.gov.sa) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle) KeyBlaze Typing Tutor (HKLM-x32\...\KeyBlaze) (Version: 2.14 - NCH Software) K-Lite Codec Pack 10.0.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.5 - ) Lenovo Smart Assistant 1.03 (HKLM-x32\...\VibeRomFlash) (Version: 1.03.0.0 - Lenovo) Machete Lite 3.7 (HKLM-x32\...\{91D8E9BA-6BDB-4559-89CD-633EBED4C385}) (Version: 3.7.22 - MacheteSoft) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Messenger Plus! Community Smartbar (HKLM-x32\...\{56E7FDE0-5957-4626-9C47-5CD23A3C75AD}) (Version: 1.6.1.788 - Messenger Plus!) <==== ATTENTION Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Document Recrypt Tool (HKLM-x32\...\{90150000-2007-0409-0000-0000000FF1CE}) (Version: 15.0.4433.1502 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mobile Genie (HKLM-x32\...\{CB5B32BF-550C-4663-BBB0-20E29EB200B5}) (Version: 1.003.010 - COMPANY) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla) Mozilla Firefox 49.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x64 en-US)) (Version: 49.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla) Mozilla Thunderbird 45.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.5.0 (x86 en-US)) (Version: 45.5.0 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) NaturalReader 14 (HKLM-x32\...\{9BB1F2B5-0A9D-402B-9613-DC5BCF878C22}) (Version: 1.00.0000 - Naturalsoft) NbuExplorer version 3.0 (HKLM-x32\...\{6C58B3E8-0822-490B-BC94-40CC02A6B37F}_is1) (Version: 3.0 - Petr Vilem) Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG) NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version: - Softperfect) Next Video Converter version 4.0.3 (HKLM-x32\...\{752EC6FD-1CEB-409B-AEF5-A297943102EA}_is1) (Version: 4.0.3 - NextVideoSoft Inc.) Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden Nokia Software Updater (HKLM-x32\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia) Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.3.89.0 - Nokia) Nokia Suite (x32 Version: 3.3.89.0 - Nokia) Hidden Opera Stable 38.0.2220.41 (HKLM-x32\...\Opera 38.0.2220.41) (Version: 38.0.2220.41 - Opera Software) Opera Stable 38.0.2220.41 (HKLM-x32\...\Opera 38.0.2220.411) (Version: 38.0.2220.41 - Opera Software) PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) PC Search 24 (HKLM-x32\...\{AB7228BB-209B-4243-8C24-1E755C644549}) (Version: 1.24.0000 - USDA-ARS-Nutrient Data Lab) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.201.0 - Tracker Software Products Ltd) PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.4.17 - Prolific Technology INC) Quick Startup 2.9.0.823 (HKLM-x32\...\Quick Startup_is1) (Version: - Glarysoft.com) RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks) REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0145 - ) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform) Revo Uninstaller Pro 2.2.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.2.3 - VS Revo Group, Ltd.) SafeZone Stable 3.55.2393.527 (x32 Version: 3.55.2393.527 - Avast Software) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.) Sandboxie 5.14 (64-bit) (HKLM\...\Sandboxie) (Version: 5.14 - Sandboxie Holdings, LLC) ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1148 - SUPERAntiSpyware.com) Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer) Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium) TEncoder Video Converter version 3.6.0 64bit (HKLM-x32\...\{7B1F9D22-568D-4109-B128-040BF8A932FC}_is1) (Version: 3.6.0 64bit - ozok) TimeLeft (HKLM-x32\...\TIMELEFT3_is1) (Version: 3.62 - NesterSoft Inc.) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Verbose Text to Speech (HKLM-x32\...\Verbose) (Version: 2.01 - NCH Software) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) WD Security (x32 Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 4.8.8.0 - BiniSoft.org) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version: - ) Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation) WinGuard Pro 7.7.9 (HKLM-x32\...\WinGuard Pro_is1) (Version: - ) WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. ) Word Password Recovery Standard (HKLM-x32\...\Word Password Recovery Standard) (Version: - SmartKey, Inc.) Zimbra Desktop (64-bit) (HKLM\...\{9D3B5C7A-BB5B-4B92-8CF7-AE28F9E4C24A}) (Version: 7.2.8.12102 - Zimbra) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1E3AEDB6-3F31-4F72-8A09-772AF7F7F4B3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-14] (AVAST Software) Task: {268543AD-AD20-4471-8C99-E72567D90648} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-14] (AVAST Software) Task: {2A233CCD-14F6-447F-8CC6-511B126B2A23} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000Core => C:\Users\Hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-08] (Dropbox, Inc.) Task: {302BA404-49CA-4975-A9FE-8AE67DCFF515} - System32\Tasks\Opera scheduled Autoupdate 1472800215 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-30] (Opera Software) Task: {387C0FD6-F918-4901-B2CC-7B2EFD2B4846} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {3E5331C1-0D62-4EF2-93B0-BA0E964505F6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000UA => C:\Users\Hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-08] (Dropbox, Inc.) Task: {43185D05-029E-4140-97C9-37A38C1F3254} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2588610484-973985184-251928395-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {464645A2-CF13-4A93-9941-2CB5EA891858} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {4689ADF2-1067-4528-B68D-D2C09CEB9AA2} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cfpconfg.exe Task: {4C4CA173-F99A-4527-A267-55767BA46C1F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-04] (Adobe Systems Incorporated) Task: {689C7773-4B87-4CA0-8415-F447492A266B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {711FC1A5-3E52-466F-AF3E-7D2715133AE1} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cis.exe Task: {75B9B3DD-ED68-4BC7-8E1D-0770DF628432} - System32\Tasks\SafeZone scheduled Autoupdate 1487130947 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-03] (Avast Software) Task: {76E752E5-61F4-4D1D-B0CF-99D7AB150A9D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe Task: {798CB577-5E44-4FD6-A30C-67692A172A06} - System32\Tasks\GoogleUpdateTaskMachineCore1d2340992d2ad2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.) Task: {86A498DF-D86E-4FBC-87D1-DA0FAF246ACA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2588610484-973985184-251928395-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {911973FE-BB9D-4018-B471-E6DCF3F3DF0C} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cfpconfg.exe Task: {9169B514-DA0B-4536-A62A-91D89662A43D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {959034D6-A1FA-426C-93A6-018FCAF5FE92} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cfpconfg.exe Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => %windir%\system32\srtasks.exe Task: {996F3875-8B44-4ABA-BF3D-8D67C8327528} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Task: {A0B83486-D6B0-4375-8B1F-A8A0540F7FF9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2588610484-973985184-251928395-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe Task: {A763D1AF-6982-46EC-BAA8-C60BB08CBC57} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2588610484-973985184-251928395-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.) Task: {A8C1BDC5-539F-445D-A1BC-F1B2266FC6DB} - System32\Tasks\Opera scheduled Autoupdate 1472595558 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-30] (Opera Software) Task: {AF74B3A8-F495-458F-A591-D45231B28C9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.) Task: {BBCA27E9-4A97-4EDB-B85F-F910B5360D71} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {C7170B82-46E4-4EFF-89CF-D948EF679DF1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) Task: {C8847EA6-13C6-4DC9-960B-70684F79FFF6} - System32\Tasks\{499D67E9-84AD-4FD4-82C9-CE36A0412CD5} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\sp47359.exe -d C:\Users\Hp\AppData\Roaming\IDM Task: {C8F7623E-6C6D-40D7-A956-F559771FC433} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.) Task: {D1A2D437-3508-4E21-B526-1E5C8D77A75F} - System32\Tasks\GoogleUpdateTaskMachineUA1d23409990f5b2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.) Task: {D7241891-808C-4E01-8C00-79B5069C1175} - System32\Tasks\AdobeAAMUpdater-1.0-Hp-PC-Hp => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {E22F693A-1C86-4398-A1E4-70449AD45891} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cfpconfg.exe Task: {F383F3A4-7151-4AF9-99CA-64802B89C31D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-13] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000Core.job => C:\Users\Hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000UA.job => C:\Users\Hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 ____R () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 ____R () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2011-05-31 14:43 - 2009-06-02 01:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2010-07-15 07:44 - 2010-07-15 07:44 - 00020032 ____R () C:\Program Files\Unlocker\UnlockerCOM.dll 2013-12-18 17:13 - 2012-12-06 13:09 - 00136704 _____ () C:\Windows\System32\zlhp1600.dll 2013-12-18 16:41 - 2012-12-06 13:52 - 00136704 _____ () C:\Windows\System32\zlhp2600.dll 2013-12-18 16:34 - 2012-09-18 15:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll 2012-03-03 12:05 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll 2013-12-18 16:35 - 2012-09-18 15:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll 2013-12-18 17:43 - 2012-12-04 20:33 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL 2016-10-26 13:59 - 2013-04-24 19:20 - 02007040 _____ () C:\Program Files\Free Desktop Clock\timeserv.exe 2017-02-15 09:48 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-02-15 09:48 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2016-11-21 03:16 - 2016-11-17 15:37 - 00831488 _____ () C:\Program Files\NetWorx\sqlite.dll 2017-02-14 20:23 - 2017-02-14 20:23 - 00162600 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll 2017-02-14 20:23 - 2017-02-14 20:23 - 00792656 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll 2016-10-05 04:18 - 2016-10-05 04:18 - 00200192 _____ () C:\Program Files\Zimbra\Zimbra Desktop\win64\zdesktop.exe 2016-11-23 14:08 - 2016-11-23 14:08 - 00528896 _____ () C:\Users\Hp\AppData\Local\Zimbra\Zimbra Desktop\data\tmp\java\sqlite-3.7.51-sqlitejdbc.dll 2017-02-14 20:23 - 2017-02-14 20:23 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-02-14 20:23 - 2017-02-14 20:23 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-02-14 20:23 - 2017-02-14 20:23 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-02-14 20:23 - 2017-02-14 20:23 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2016-09-02 10:10 - 2016-06-30 15:31 - 67945512 _____ () C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.dll 2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-09-02 10:10 - 2016-06-30 15:31 - 02203176 _____ () C:\Program Files (x86)\Opera\38.0.2220.41_0\libglesv2.dll 2016-09-02 10:10 - 2016-06-30 15:31 - 00087080 _____ () C:\Program Files (x86)\Opera\38.0.2220.41_0\libegl.dll 2011-06-14 09:11 - 2011-06-14 09:11 - 00856064 _____ () C:\Program Files\Zimbra\Zimbra Desktop\win64\prism\xulrunner\js3250.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\123simsen.com -> www.123simsen.com There are 7749 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-13 03:02 - 2016-11-13 01:41 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2588610484-973985184-251928395-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\Control Panel\Desktop\\Wallpaper -> C:\Users\Mr C\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2588610484-973985184-251928395-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AESTFilters => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: AvgAMPS => 3 MSCONFIG\Services: AVGIDSAgent => 2 MSCONFIG\Services: avgsvc => 2 MSCONFIG\Services: avgwd => 2 MSCONFIG\Services: BcmBtRSupport => 2 MSCONFIG\Services: EASEUS Agent => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: hpsrv => 2 MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: MsgPlusService => 2 MSCONFIG\Services: NBService => 3 MSCONFIG\Services: NMIndexingService => 3 MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2 MSCONFIG\Services: Realtek87B => 2 MSCONFIG\Services: ScrybeUpdater => 2 MSCONFIG\Services: ServiceLayer => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: STacSV => 2 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk => C:\Windows\pss\Scrybe.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TimeLeft.lnk => C:\Windows\pss\TimeLeft.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: ADSNWK => C:\Windows\System32\adsnwk.exe MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: COMODO Internet Security => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe MSCONFIG\startupreg: Dropbox Update => "C:\Users\Hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: MessengerPlusForSkypeService => "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" MSCONFIG\startupreg: MobileMonitor => C:\Program Files (x86)\Mobile Genie\MobileMonitor.exe start MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray MSCONFIG\startupreg: NSU_agent => "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe" MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{13BD5CD5-3FF1-4CAD-96CB-0297646304D2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{3CF6DEF4-791E-4964-891B-DE087B71D232}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [TCP Query User{90A2BCF6-6724-4FED-96F8-2F26988E12B7}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{EE81AFD7-DCD5-4016-9DC8-F04FEE88E37A}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{A8C5B3E3-FBDD-45FC-9D5D-58A01E526A9C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{5415F7A7-2F06-4344-92EE-E43019E9E08A}C:\call of duty- modern warfare 3\iw5mp_server.exe] => (Allow) C:\call of duty- modern warfare 3\iw5mp_server.exe FirewallRules: [UDP Query User{94F3C177-1E1D-461C-9054-09305C957146}C:\call of duty- modern warfare 3\iw5mp_server.exe] => (Allow) C:\call of duty- modern warfare 3\iw5mp_server.exe FirewallRules: [{F9B2219A-1CA1-4F98-832B-4803BE8A1FD6}] => (Allow) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe FirewallRules: [{18F4AF78-7A57-44CC-BF67-1D13C1B11E6C}] => (Allow) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe FirewallRules: [{BBBB6032-CF01-4DA6-B6E6-2B07E35B3E21}] => (Allow) LPort=1542 FirewallRules: [{26506410-3A4A-42C8-9105-129E5A05EC8E}] => (Allow) LPort=1542 FirewallRules: [{845B6461-6596-480E-AE52-5E049AF322D9}] => (Allow) LPort=53 FirewallRules: [{352EA28F-2EB7-4357-A5A2-E393EE437646}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE FirewallRules: [{D9834F20-E324-4B17-8282-195CCB98EC8E}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE FirewallRules: [{7A8E07EF-7AC1-4EAF-B615-3D978EBA5E35}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe FirewallRules: [{51B20902-E5B9-4D99-AE5C-A1A1CF70E67F}] => (Allow) C:\Users\Hp\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{68E4F057-923D-4773-97F8-701C806651E5}] => (Allow) C:\Users\Hp\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{59E6CA36-D60F-480F-9BC7-4FF2CF22C71C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{3F05B128-BADA-47E7-BF71-C5B9822BA406}] => (Allow) LPort=2869 FirewallRules: [{77113237-B569-45BB-B6D0-97813C10CE49}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{2E224BE6-322F-467D-8CF1-87C48493A1A4}C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{64F43151-6602-4584-98DF-2E8041CB21C2}C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{86B3C0E4-A92A-4A93-89C2-A1D2FDE2546D}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe FirewallRules: [{D7ADEA8A-B261-4B3B-902C-EB0F1F106E1C}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe FirewallRules: [{964B3E8A-7CE7-4A43-B1DF-7594F1491D16}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe FirewallRules: [{5D47C276-C631-4E22-AF6F-AF1B393B67A6}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe FirewallRules: [{20CCD95B-E163-4CDF-A40F-7E5FBCE2643A}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe FirewallRules: [{B1D634BD-60B8-4A69-8BFE-AEF4A2ADF40A}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe FirewallRules: [{B91B4B37-BB45-4966-8972-2ABA4DEE49A1}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe FirewallRules: [{4F6D7798-D969-4CE9-8523-0654863E84B1}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe FirewallRules: [{AE2EAB57-2D4E-404A-8935-5909909C8CD8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{5C2FDFCA-34BF-4F3D-B920-A0720E5ABE28}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{D51EBF60-335D-40BA-B3B6-397AAA075824}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2B965201-3776-4E34-9848-20F175D0D7E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A9CC7741-B4B0-44FF-8685-F8D5BCF42989}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{D2767BF1-B880-4AA1-A761-6AEC6E8ACC90}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{732962E8-436F-4E37-BA94-1B83DE3576BA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{D9F555F1-FB0F-4F28-9D71-2F36F06B2B68}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{E383D4A5-6EEF-472E-B822-F66D4E72E2B1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{0EE76FAD-1B11-437B-A68D-29693CF8B001}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{C099B6E3-F0F6-4C36-8ED0-1B584874FC83}] => (Allow) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{273058EA-C20A-4998-9C46-CE5320B75CCB}] => (Block) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{268300EB-97D5-4B6F-9D1D-E9305867E7B2}] => (Allow) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BFF8B330-4C8E-4143-8793-9EB54F24BF47}] => (Allow) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{ADB372A5-093D-4840-AF97-264C06B3F448}] => (Allow) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9199EB47-87B1-48BC-9580-B598D1C5AF1F}] => (Block) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{584ED426-6F1B-491D-B49D-BDB471238743}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{E105CA4C-33D3-42BD-BD6A-23447BB4CAF2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{5BB2A2E7-BB3B-4EEA-85EB-3A5EABDAA382}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hp\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{D229DDBE-76C4-437A-938E-2B2588A7D464}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hp\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{7B40DE0C-3FC9-4B7F-B966-53E2D16DE6B9}] => (Block) C:\Program Files (x86)\Naturalsoft\NR14\NR14.exe FirewallRules: [TCP Query User{B7F4A7BB-CE6C-4ECC-97EE-4833B2E4C0A9}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hp\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{E2D97C28-17D0-45C9-9587-7BBF06DA9530}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hp\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{8C529B00-41E9-4AC2-8BBE-8476DEB40CB3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{70B4F6C3-810D-4EA8-B5B1-AC8994C8184A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{AF2AEA21-EEBC-4490-BFD0-F5599F3F23A6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B7D3DF56-8E12-4323-BF79-70653311CC00}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E4C741AE-4693-4BF0-92AA-CF551565D701}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe FirewallRules: [{D560BE67-E42C-4436-A862-C1E3BA94562A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{3F5752B1-A079-40C3-80F3-3B1E5B86E967}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{1E32C9AC-835F-470C-9517-6780968C6A85}] => (Allow) LPort=1900 FirewallRules: [{38B0A773-750F-42C1-BBFD-8963BE8CB116}] => (Allow) LPort=2869 FirewallRules: [{4CC677AF-6506-41F1-AE08-B6938753B766}] => (Allow) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{80133B6E-1BB0-4198-BEEB-841117478E3D}] => (Allow) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0FB14003-13FB-49FD-AE42-045FF07F5788}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{729C374D-06CD-4EFF-935E-519E5DC60A84}] => (Allow) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe FirewallRules: [{0FB955DB-A560-47B0-9ECB-80C62D8B5A7A}] => (Allow) C:\Program Files\NetWorx\networx.exe FirewallRules: [{DC1527C4-2615-4F86-9128-E00FEB8C61EF}] => (Allow) C:\Program Files (x86)\Connectify\Connectify.exe FirewallRules: [{CA71AB33-3F5E-4575-BA7B-E1A1A3EA59BB}] => (Allow) %ProgramFiles% (x86)\Internet Download Manager\IDMan.exe FirewallRules: [{39101FA8-6210-47F7-883C-72672298FA62}] => (Allow) %ProgramFiles% (x86)\Mozilla Thunderbird\thunderbird.exe FirewallRules: [{452275DC-F617-4229-90B9-C3E552B8A282}] => (Allow) %ProgramFiles%\Microsoft Office\Office14\MSOHTMED.EXE FirewallRules: [{3259D78A-B393-4E30-8D5E-DF35FFF0FE42}] => (Allow) %ProgramFiles%\Windows Defender\MSASCui.exe FirewallRules: [{E79EC077-9287-4648-A115-CB878B06A7F3}] => (Allow) C:\Users\Hp\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{792A6AE4-6349-4B25-B560-D38CEF6B35E1}] => (Allow) C:\Users\Hp\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{1BFFA0BF-A574-4CDB-8465-1FDE9C2E7C2A}C:\program files (x86)\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\java.exe FirewallRules: [UDP Query User{6B723B53-C848-4716-BC01-2F91E1F1BAC3}C:\program files (x86)\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\java.exe FirewallRules: [{A11B2A95-6A34-4B64-A95F-CB03FF3231AF}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\java.exe FirewallRules: [{FBD24921-5117-49C8-91CF-ACC87A9AEDE2}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\java.exe FirewallRules: [{C2D7B993-9961-478B-9726-D67991DBDBB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 18-02-2017 08:21:08 Windows Update ==================== Faulty Device Manager Devices ============= Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: MediaTek DA USB VCOM Port (COM11) Description: MediaTek DA USB VCOM Port Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318} Manufacturer: MediaTek Inc. Service: usbser Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Microsoft Virtual WiFi Miniport Adapter Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: VPN Client Adapter - me Description: VPN Client Adapter - me Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: SoftEther Corporation Service: Neo_me Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Anchorfree HSS VPN Adapter Description: Anchorfree HSS VPN Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Anchorfree HSS VPN Adapter Service: taphss6 Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: MediaTek PreLoader USB VCOM (Android) (COM13) Description: MediaTek PreLoader USB VCOM (Android) Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318} Manufacturer: MediaTek Inc. Service: wdm_usb Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: EASEUS Disk Enumerator Description: EASEUS Disk Enumerator Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: EUDISK Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (02/18/2017 09:46:03 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll". Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (02/18/2017 09:36:43 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll". Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (02/18/2017 04:28:09 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll". Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (02/18/2017 10:49:06 AM) (Source: ESENT) (EventID: 474) (User: ) Description: wuaueng.dll (832) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 714866688 (0x000000002a9c0000) (database page 21815 (0x5537)) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The expected checksum was [e2e7e2e7f917e11c:0d92f26d32e0555c:a62e59d13b826417:9ecf61300fce5938] and the actual checksum was [e2e2e2e2f912a919:0d92f26d32e0555c:a62b59d43b822c17:9ecf61300fce5938]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/18/2017 08:23:09 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll". Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (02/18/2017 08:21:12 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2588610484-973985184-251928395-1000.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {f44bc666-778f-4b86-a0ce-d7b123888db7} Error: (02/17/2017 07:52:29 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2588610484-973985184-251928395-1000.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {159fa4ea-12f0-4a8c-a3e8-7f0695cfd9d2} Error: (02/17/2017 07:07:48 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2588610484-973985184-251928395-1000.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {07ea2a08-7bf0-47b0-a391-5c5177e4904a} Error: (02/17/2017 07:07:46 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {bb836cca-3291-4013-8b86-6386578f5427} Error: (02/17/2017 07:07:45 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2588610484-973985184-251928395-1000.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {07ea2a08-7bf0-47b0-a391-5c5177e4904a} System errors: ============= Error: (02/18/2017 08:27:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: December, 2016 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 7 and Windows Server 2008 R2 for x64 (KB3205402). Error: (02/17/2017 09:50:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (02/17/2017 09:50:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. Error: (02/17/2017 09:46:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\athihvs.dll Error: (02/17/2017 09:41:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (02/17/2017 09:41:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (02/17/2017 09:41:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (02/17/2017 09:41:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The WD Drive Manager service terminated unexpectedly. It has done this 1 time(s). Error: (02/17/2017 09:41:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Atomic Alarm Clock Time service terminated unexpectedly. It has done this 1 time(s). Error: (02/17/2017 09:41:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz Percentage of memory in use: 94% Total physical RAM: 3893.86 MB Available physical RAM: 217.32 MB Total Virtual: 8313.9 MB Available Virtual: 994.54 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:264.66 GB) (Free:166.54 GB) NTFS Drive e: () (Removable) (Total:1.84 GB) (Free:0.41 GB) FAT Drive h: (Share) (Fixed) (Total:1 GB) (Free:0.21 GB) NTFS Drive o: (My drive) (Fixed) (Total:200 GB) (Free:9.08 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5B722412) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=264.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=200 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Aura Posted February 20, 2017 ID:1103076 Share Posted February 20, 2017 (edited) That looks good. Now, do you see the following programs listed in the Control Panel? If you do, uninstall them. If not, let me know. Hao123.com Hao123-Client Messenger Plus! Community Smartbar Edited February 20, 2017 by Aura Link to post Share on other sites More sharing options...
Ralee Posted February 20, 2017 Author ID:1103111 Share Posted February 20, 2017 1 hour ago, Aura said: That looks good. Now, do you see the following programs listed in the Control Panel? If you do, uninstall them. If not, let me know. Hao123.com Hao123-Client Messenger Plus! Community Smartbar Nope. Don't see them in the control panel Link to post Share on other sites More sharing options...
Aura Posted February 20, 2017 ID:1103117 Share Posted February 20, 2017 Alright, follow the instructions below. Registry - Export Uninstall Keys On Windows Vista, 7 & 10, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Run as Administrator On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin); On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin); Enter the following commands, one after the other. You'll know when you're ready to input the next command when a new line with a blinking cursor will appear under the precedent one:Note: You can copy and paste these commands instead of typing them. To copy a command inside the command prompt, move your mouse over the blinking cursor, right-click and select Paste. You must have copied the command prior to that (via Ctrl + C or left-click and Copy). reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s > "%userprofile%\Desktop\hklm_uninstall64.txt" reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall /s > "%userprofile%\Desktop\hklm_uninstall32.txt" reg query HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s > "%userprofile%\Desktop\hkcu_uninstall.txt" Once you're done running the commands, two files will have appeared on your desktop:hklm_uninstall32.txt hklm_uninstall64.txt hkcu_uninstall.txt Create a new folder on your Desktop and move the 3 files inside it. Once done, archive (.zip) the folder (right-click on it, select Send to... and select Compressed archive (.zip)); Attach the .zip archive in your next post; Link to post Share on other sites More sharing options...
Ralee Posted February 20, 2017 Author ID:1103159 Share Posted February 20, 2017 Found them HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-sa DisplayIcon REG_SZ "C:\Users\Hp\AppData\Roaming\baidu\hao123-sa\hao123.1.0.0.1106.exe" DisplayName REG_SZ Hao123-Client DisplayVersion REG_SZ 1.0.0.1106 HelpLink REG_SZ http://www.hao123.com/desk.html Publisher REG_SZ Baidu Online Network Technology (Beijing) Co., Ltd. UninstallString REG_SZ "C:\Users\Hp\AppData\Roaming\baidu\hao123-sa\hao123.1.0.0.1106.exe" -uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Hao123.com DisplayName REG_SZ Hao123.com UninstallString REG_SZ C:\Program Files (x86)\Hao123.com\UninstallMinibar.exe NoModify REG_DWORD 0x1 NoRepair REG_DWORD 0x1 DisplayIcon REG_SZ C:\Program Files (x86)\Hao123.com\UninstallMinibar.exe,0 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56E7FDE0-5957-4626-9C47-5CD23A3C75AD} AuthorizedCDFPrefix REG_SZ Comments REG_SZ Contact REG_SZ DisplayVersion REG_SZ 1.6.1.788 HelpLink REG_EXPAND_SZ http://www.msgplus.net HelpTelephone REG_SZ InstallDate REG_SZ 20130209 InstallLocation REG_SZ InstallSource REG_SZ C:\Users\Hp\AppData\Local\Temp\plsk_8bf3.tmp\ ModifyPath REG_EXPAND_SZ MsiExec.exe /X{56E7FDE0-5957-4626-9C47-5CD23A3C75AD} NoModify REG_DWORD 0x1 NoRepair REG_DWORD 0x1 Publisher REG_SZ Messenger Plus! Readme REG_SZ Size REG_SZ EstimatedSize REG_DWORD 0x5170 UninstallString REG_EXPAND_SZ MsiExec.exe /X{56E7FDE0-5957-4626-9C47-5CD23A3C75AD} URLInfoAbout REG_SZ http://pages.msgplus.net/toolbar/faq.html URLUpdateInfo REG_SZ VersionMajor REG_DWORD 0x1 VersionMinor REG_DWORD 0x6 WindowsInstaller REG_DWORD 0x1 Version REG_DWORD 0x1060001 Language REG_DWORD 0x409 DisplayName REG_SZ Messenger Plus! Community Smartbar Link to post Share on other sites More sharing options...
Aura Posted February 20, 2017 ID:1103164 Share Posted February 20, 2017 Good Now, you see these "UninstallString" commands? Press on Windows + X to open the Run command, then copy/paste each of them (one at the time) and press on Enter. This should uninstall each program one by one. Here are the 3 commands: "C:\Users\Hp\AppData\Roaming\baidu\hao123-sa\hao123.1.0.0.1106.exe" -uninstall C:\Program Files (x86)\Hao123.com\UninstallMinibar.exe MsiExec.exe /X{56E7FDE0-5957-4626-9C47-5CD23A3C75AD} Link to post Share on other sites More sharing options...
Ralee Posted February 20, 2017 Author ID:1103165 Share Posted February 20, 2017 What am i doing wrong? Link to post Share on other sites More sharing options...
Aura Posted February 21, 2017 ID:1103231 Share Posted February 21, 2017 It's possible that these files have been removed. Can you try the two others and let me know if you get the same error message? If you do, I'll put together a FRST fix that will remove the Uninstall keys for these programs, and also remove their folders if they're still there. Link to post Share on other sites More sharing options...
Ralee Posted February 21, 2017 Author ID:1103299 Share Posted February 21, 2017 (edited) The 2nd one The 3rd one I might have messed up the order Edited February 21, 2017 by Ralee Link to post Share on other sites More sharing options...
Aura Posted February 21, 2017 ID:1103326 Share Posted February 21, 2017 (edited) All good. For the second one, try to put "" around. "C:\Program Files (x86)\Hao123.com\UninstallMinibar.exe" Edited February 21, 2017 by Aura Link to post Share on other sites More sharing options...
Ralee Posted February 21, 2017 Author ID:1103464 Share Posted February 21, 2017 6 hours ago, Aura said: All good. For the second one, try to put "" around. "C:\Program Files (x86)\Hao123.com\UninstallMinibar.exe" Im getting this... Link to post Share on other sites More sharing options...
Aura Posted February 21, 2017 ID:1103471 Share Posted February 21, 2017 Alright here goes. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located); Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Click on the Fix button; On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Copy and paste its content in your next reply; fixlist.txt Link to post Share on other sites More sharing options...
Ralee Posted February 26, 2017 Author ID:1104454 Share Posted February 26, 2017 Sorry for the delay Fix result of Farbar Recovery Scan Tool (x64) Version: 22-02-2017 Ran by Hp (22-02-2017 22:43:17) Run:4 Running from C:\Users\Hp\Desktop\New folder (3) Loaded Profiles: Hp (Available Profiles: Hp & Guest) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: REG: REG DELETE "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-sa" /f REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Hao123.com" /f REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56E7FDE0-5957-4626-9C47-5CD23A3C75AD}" /f C:\Program Files (x86)\Hao123.com C:\Users\Hp\AppData\Roaming\baidu ***************** Processes closed successfully. ========= REG DELETE "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-sa" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Hao123.com" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56E7FDE0-5957-4626-9C47-5CD23A3C75AD}" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= "C:\Program Files (x86)\Hao123.com" => not found. "C:\Users\Hp\AppData\Roaming\baidu" => not found. The system needed a reboot. ==== End of Fixlog 22:43:20 ==== Link to post Share on other sites More sharing options...
Recommended Posts