Jump to content

Recommended Posts

Hi Ralee :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me the FRST.txt and Addition.txt logs.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

Thank you.

Link to post
Share on other sites

Alright there are quite a few things to address. I'm giving you a heads up right now: some of your programs are broken and needs to be reinstalled. I'll list those at the end of the clean-up.

First, do you know these files and folders? They are all related to keyloggers.

2017-02-03 02:48 - 2017-02-16 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeKeyl0gger
2017-02-03 02:48 - 2017-02-15 06:21 - 00000000 ____D C:\Program Files (x86)\ASDECO Manager
2017-02-03 02:48 - 2017-02-03 02:50 - 00000000 ____D C:\Users\Hp\AppData\Roaming\ASDECO Manager
2017-02-03 02:46 - 2017-02-03 02:46 - 00757173 _____ C:\Users\Hp\Downloads\fklogger.zip
2017-02-03 02:45 - 2016-08-05 11:19 - 00424592 _____ C:\Windows\runkey.exe
2017-02-03 02:39 - 2017-02-03 02:39 - 09339624 _____ (Spyrix Security Inc.) C:\Users\Hp\Desktop\sfk_setupcn.exe

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

  • a2zLyrics-15
  • Bundled software uninstaller
  • DefaultTab
  • Hao123.com
  • Hao123-Client
  • Messenger Plus! Community Smartbar


If you have an issue when uninstalling a program, please let me know.

Now we'll run a first big fix with FRST, followed by a quick sweep with JRT and AdwCleaner.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

Your next reply(ies) should therefore contain:

  • Answer to my question about the keylogger file(s) and folder(s) on your system;
  • Confirmation that you uninstalled the programs listed above, if not, which one(s) and why;
  • Copy/pasted content of FRST's fixlog.txt;
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

fixlist.txt

Link to post
Share on other sites

3 minutes ago, Aura said:

Alright there are quite a few things to address. I'm giving you a heads up right now: some of your programs are broken and needs to be reinstalled. I'll list those at the end of the clean-up.

First, do you know these files and folders? They are all related to keyloggers.


2017-02-03 02:48 - 2017-02-16 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeKeyl0gger
2017-02-03 02:48 - 2017-02-15 06:21 - 00000000 ____D C:\Program Files (x86)\ASDECO Manager
2017-02-03 02:48 - 2017-02-03 02:50 - 00000000 ____D C:\Users\Hp\AppData\Roaming\ASDECO Manager
2017-02-03 02:46 - 2017-02-03 02:46 - 00757173 _____ C:\Users\Hp\Downloads\fklogger.zip
2017-02-03 02:45 - 2016-08-05 11:19 - 00424592 _____ C:\Windows\runkey.exe
2017-02-03 02:39 - 2017-02-03 02:39 - 09339624 _____ (Spyrix Security Inc.) C:\Users\Hp\Desktop\sfk_setupcn.exe

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

  • a2zLyrics-15
  • Bundled software uninstaller
  • DefaultTab
  • Hao123.com
  • Hao123-Client
  • Messenger Plus! Community Smartbar


If you have an issue when uninstalling a program, please let me know.

5

Yes i installed a keylogger. Although imnot sure about the runkey.exe

The programs you listed, i dont see them and cant find them so how do i uninstall them?

Link to post
Share on other sites

5 hours ago, Aura said:

Your next reply(ies) should therefore contain:

  • Answer to my question about the keylogger file(s) and folder(s) on your system;
  • Confirmation that you uninstalled the programs listed above, if not, which one(s) and why;
  • Copy/pasted content of FRST's fixlog.txt;
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
 
  • I installed a keylogger.
  • I didnt uninstall them because i don't know where they are
  • Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
    Ran by Hp (administrator) on TRAC (17-02-2017 14:53:43)
    Running from C:\Users\Hp\Downloads
    Loaded Profiles: Hp &  (Available Profiles: Hp & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Opera)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    () C:\Program Files\Free Desktop Clock\timeserv.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (SoftPerfect) C:\Program Files\NetWorx\networx.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera_crashreporter.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Foundation) C:\Program Files\Zimbra\Zimbra Desktop\win64\prism\zdclient.exe
    () C:\Program Files\Zimbra\Zimbra Desktop\win64\zdesktop.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
    (VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7620424 2016-11-17] (SoftPerfect)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKLM-x32\...\Run: [Verbose] => "C:\Program Files (x86)\NCH Software\Verbose\verbose.exe" -logon
    HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [kbdsprt] => [X]
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-14] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-13] (Piriform Ltd)
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [AtomicAlarmClock6] => C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe [4652544 2013-06-27] ()
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: G - G:\Lenovo_Suite.exe
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: J - J:\Lenovo_Suite.exe
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {2fd233a1-5900-11e1-bc84-c3c8f51b191e} - G:\AutoRun.exe
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {903b68ba-6d28-11e5-85a0-70f3952fbf70} - J:\Lenovo_Suite.exe
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {ad67e7c1-6236-11e5-93db-70f3952fbf70} - "G:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {c0fe8dbd-66ff-11e3-8c6b-70f3952fbf70} - G:\autorun.exe
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {d7d97cdb-e8fc-11e3-9158-70f3952fbf70} - G:\setup.exe
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {e4cf3203-bcb5-11e0-82d3-70f3952fbf70} - E:\AutoRun.exe
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {e4cf3214-bcb5-11e0-82d3-70f3952fbf70} - G:\AutoRun.exe
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {fafd8126-bf35-11e0-af24-001e101f79c9} - G:\AutoRun.exe
    HKU\S-1-5-21-2588610484-973985184-251928395-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
    HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3821136 2013-11-01] (Tonec Inc.)
    HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
    HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-13] (Piriform Ltd)
    HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Run: [uTorrent] => C:\Users\Mr C\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-06-13] (BitTorrent Inc.)
    HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\MountPoints2: G - "G:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\MountPoints2: {903b68ba-6d28-11e5-85a0-70f3952fbf70} - J:\Lenovo_Suite.exe
    HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\MountPoints2: {ad67e7c1-6236-11e5-93db-70f3952fbf70} - "G:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\MountPoints2: {e4cf3214-bcb5-11e0-82d3-70f3952fbf70} - E:\AutoRun.exe
    HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\MountPoints2: {fafd8126-bf35-11e0-af24-001e101f79c9} - E:\AutoRun.exe
    AppInit_DLLs-x32: c:\progra~2\browse~1\sprote~1.dll => No File
    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-14] (AVAST Software)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
    GroupPolicyUsers\S-1-5-21-2588610484-973985184-251928395-1002\User: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 06 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File 
    Winsock: Catalog5-x64 06 C:\Program Files\Bonjour\mdnsNSP.dll => No File 
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{715E3615-F9F7-4E49-ACC3-2DE4C01CBA2D}: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{BE741787-BE55-40EC-8ACA-A7E2A07874DF}: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{E4718D6B-FEC8-4805-AB76-A4AF2A1861B7}: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{F3C17A44-4D83-4202-B3ED-FF5EB9931108}: [DhcpNameServer] 192.168.2.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    URLSearchHook: HKLM-x32 - (No Name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    URLSearchHook: HKU\S-1-5-21-2588610484-973985184-251928395-1000 - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
    URLSearchHook: HKU\S-1-5-21-2588610484-973985184-251928395-1000 - (No Name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    SearchScopes: HKLM-x32 -> DefaultScope Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms}
    SearchScopes: HKLM-x32 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms}
    SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> Moikrug URL = hxxp://moikrug.ru/persons/?clid=154468&charset=utf-8&keywords={searchTerms}&submitted=1
    SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms}
    SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4FAEDDA2-6351-43E6-8568-4A45396FC74C}&mid=ef04ad78bd8547d1a8051943ef5e7851-36711ed55615b87e9c4cf224ac236fc32b85bd82&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2013-05-08 02:39:22&v=18.2.0.829&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> {C9FF56E2-80AA-494C-970C-397580307ACF} URL = hxxp://www.alnaddy.com/search/?q={searchTerms}&r=524
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-10-29] (Internet Download Manager, Tonec Inc.)
    BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll => No File
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-26] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-14] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-26] (Oracle Corporation)
    BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-14] (AVAST Software)
    Toolbar: HKLM-x32 - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
    Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
    Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
    Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
    Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
    DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.3.0\ViProtocol.dll [2016-03-25] (AVG Secure Search)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default [2017-02-17]
    FF user.js: detected! => C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\user.js [2013-05-08]
    FF NewTab: Mozilla\Firefox\Profiles\r0evgay0.default -> hxxp://www.mysearchresults.com/?c=2402&t=15&nt=nt1&uid=BCC87061F493CD2C69EB9BD14A5643A3
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r0evgay0.default -> AVG Secure Search
    FF DefaultSearchEngine,S: Mozilla\Firefox\Profiles\r0evgay0.default -> 
    FF DefaultSearchUrl: Mozilla\Firefox\Profiles\r0evgay0.default -> 
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\r0evgay0.default -> 
    FF SearchEngineOrder.1,S: Mozilla\Firefox\Profiles\r0evgay0.default -> 
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\r0evgay0.default -> AVG Secure Search
    FF SelectedSearchEngine,S: Mozilla\Firefox\Profiles\r0evgay0.default -> 
    FF Homepage: Mozilla\Firefox\Profiles\r0evgay0.default -> hxxp://www.google.com/
    FF Keyword.URL: Mozilla\Firefox\Profiles\r0evgay0.default -> 
    FF Extension: (Grammarly for Firefox) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2017-01-13]
    FF Extension: (Firefox Hotfix) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
    FF Extension: (Norwell History Tools) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\norvel@history.xpi [2016-04-30]
    FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-24]
    FF Extension: (Adblock Plus) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-28]
    FF Extension: (YouTube Flash Video Player) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-02-15]
    FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\alnaddyToolbar.xml [2013-04-22]
    FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\avg-secure-search.xml [2016-03-25]
    FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\ybqs-yandex.xml [2012-03-05]
    FF Extension: (Hotspot Shield Helper (Please allow this installation)) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2016-03-26] [not signed]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-03-26] [not signed]
    FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-26] [not signed]
    FF Extension: (Hotspot Shield Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2016-03-26] [not signed]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-15]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-15]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
    FF HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5 [2013-11-01] [not signed]
    FF HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5
    FF HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mr C\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\Mr C\AppData\Roaming\IDM\idmmzcc5 [2010-01-01] [not signed]
    FF HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mr C\AppData\Roaming\IDM\idmmzcc5
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-02-28]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-18] ()
    FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
    FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-26] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-26] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-18] ()
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.3.0\\npsitesafety.dll [No File]
    FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-26] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-26] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-05-11] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-04] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-04] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-05-11] (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-27] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-27] (Google Inc.)
    FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2588610484-973985184-251928395-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2013-05-11] (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013-05-11] (RealPlayer)

    Chrome: 
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSearchKeyword: Default -> google.com.sa
    CHR Profile: C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default [2017-02-16]
    CHR Extension: (Adblock Plus) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-01]
    CHR Extension: (IDM Integration Module) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-10-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
    CHR Extension: (Prayers Gadget) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihkdpidinkflcjdmjabjbdhnmmaanp [2016-07-11]
    CHR Extension: (Chrome Media Router) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01]

    Opera: 
    =======
    OPR Extension: (SurfEasy Proxy, an Opera Software Company) - C:\Users\Hp\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2016-12-14]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2016-10-22] (SUPERAntiSpyware.com)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-15] (AVAST Software s.r.o.)
    R2 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-14] (AVAST Software)
    S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
    S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
    S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
    S4 Realtek87B; C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
    S4 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
    S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S4 vToolbarUpdater19.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.3.0\ToolbarUpdater.exe [1888328 2016-03-25] (AVG Secure Search)
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S4 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [X]
    S2 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-14] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-14] (AVAST Software s.r.o.)
    R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-14] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-14] (AVAST Software s.r.o.)
    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-14] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-15] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126088 2017-02-14] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-14] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [74680 2017-02-14] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [991496 2017-02-14] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-14] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-14] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337080 2017-02-15] (AVAST Software)
    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
    U5 cmderd; C:\Windows\System32\Drivers\cmderd.sys [23168 2013-09-24] (COMODO)
    R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [35352 2016-11-11] (Connectify)
    R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-09] (REALiX(tm))
    U5 inspect; C:\Windows\System32\Drivers\inspect.sys [96800 2013-09-24] (COMODO)
    S3 iscFlash; c:\SwSetup\SP55299\iscflashx64.sys [45632 2010-10-15] (Insyde Software)
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-15] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-16] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-16] (Malwarebytes)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-16] (Malwarebytes)
    S3 Neo_me; C:\Windows\System32\DRIVERS\Neo_0048.sys [29808 2011-06-06] (SoftEther Corporation)
    R1 networx; C:\Windows\System32\drivers\networx.sys [72632 2016-10-04] (NetFilterSDK.com)
    S3 qciusbnet; C:\Windows\System32\DRIVERS\qciusbnet.sys [158720 2012-02-17] (Quanta Computer Inc.)
    S3 qciusbser; C:\Windows\System32\DRIVERS\qciusbser.sys [123648 2012-02-17] (Quanta Computer Inc.)
    S3 qntbulk; C:\Windows\System32\Drivers\qntbulk.sys [49664 2012-02-17] (Windows (R) Win 7 DDK provider)
    S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
    R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [402136 2015-10-10] (Realsil Semiconductor Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33448 2015-10-10] (Synaptics Incorporated)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2012-02-25] ()
    R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-02-17] (Anchorfree Inc.)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
    S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2015-12-07] (Western Digital Technologies)
    S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
    S3 ALSysIO; \??\C:\Users\Hp\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
    S3 ampa; \??\C:\Windows\system32\ampa.sys [X]
    S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
    S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X]
    S3 taphss; system32\DRIVERS\taphss.sys [X]
    U3 ZAPrivacyService; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-17 14:53 - 2017-02-17 14:56 - 00036140 _____ C:\Users\Hp\Downloads\FRST.txt
    2017-02-17 14:53 - 2017-02-17 14:53 - 00000000 ____D C:\FRST
    2017-02-17 14:52 - 2017-02-17 14:52 - 02422272 _____ (Farbar) C:\Users\Hp\Downloads\FRST64.exe
    2017-02-16 17:01 - 2017-02-16 17:01 - 00123200 _____ C:\Users\Hp\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-02-15 10:41 - 2017-02-15 10:41 - 00000000 ____D C:\Users\Hp\AppData\LocalLow\uTorrent
    2017-02-15 10:30 - 2017-02-15 10:30 - 00207590 _____ C:\Users\Hp\Desktop\Malware log.txt
    2017-02-15 09:50 - 2017-02-16 16:43 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-02-15 09:50 - 2017-02-16 16:43 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-02-15 09:50 - 2017-02-15 20:00 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-02-15 09:50 - 2017-02-15 09:50 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
    2017-02-15 09:49 - 2017-02-16 16:43 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-02-15 09:48 - 2017-02-15 09:48 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-02-15 09:48 - 2017-02-15 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-02-15 09:48 - 2017-02-15 09:48 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-02-15 09:48 - 2017-02-15 09:48 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-02-15 09:48 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-02-15 09:44 - 2017-02-15 09:45 - 55566792 _____ (Malwarebytes ) C:\Users\Hp\Desktop\mb3-setup-consumer-3.0.6.1469.exe
    2017-02-15 08:41 - 2017-02-15 08:41 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2017-02-15 08:41 - 2017-02-15 08:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2017-02-15 08:38 - 2017-02-14 20:23 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2017-02-15 07:35 - 2017-02-15 07:35 - 01638880 _____ (AVG Technologies CZ) C:\Users\Hp\Desktop\AutoExec64.exe
    2017-02-15 06:56 - 2017-02-15 08:40 - 00003870 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1487130947
    2017-02-15 06:56 - 2017-02-15 06:56 - 00001043 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2017-02-15 06:56 - 2017-02-15 06:56 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2017-02-15 06:54 - 2017-02-15 06:53 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2017-02-15 06:53 - 2017-02-15 06:53 - 01948128 _____ (AVG Technologies CZ) C:\Users\Hp\Desktop\AutoExec.exe
    2017-02-15 06:50 - 2017-02-15 06:50 - 00000000 ____D C:\Users\Hp\AppData\Roaming\AVAST Software
    2017-02-15 06:34 - 2017-02-15 06:43 - 00000000 ____D C:\AVG_Remover
    2017-02-15 06:34 - 2017-02-15 06:34 - 08111408 _____ ( ) C:\Users\Hp\Desktop\AVG_Remover.exe
    2017-02-15 06:28 - 2017-02-15 06:28 - 00000000 ____D C:\Users\Hp\AppData\Local\MFAData
    2017-02-15 06:21 - 2017-02-15 06:21 - 00399360 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
    2017-02-15 05:44 - 2017-02-15 05:44 - 00899425 _____ C:\Users\Hp\AppData\Local\census.cache
    2017-02-15 05:42 - 2017-02-15 05:42 - 01455218 _____ C:\Users\Hp\AppData\Local\ars.cache
    2017-02-15 04:42 - 2017-02-15 06:44 - 00000000 ____D C:\Users\Hp\AppData\Local\FSDART
    2017-02-15 04:42 - 2017-02-15 04:51 - 00000000 ____D C:\ProgramData\F-Secure
    2017-02-15 04:42 - 2017-02-15 04:42 - 00524248 _____ (F-Secure Corporation) C:\Users\Hp\Desktop\F-SecureOnlineScanner.exe
    2017-02-15 04:42 - 2017-02-15 04:42 - 00000000 ____D C:\Users\Hp\AppData\Local\F-Secure
    2017-02-15 04:40 - 2016-08-22 22:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
    2017-02-15 04:39 - 2017-02-15 04:39 - 02527376 _____ (Trend Micro Inc.) C:\Users\Hp\Desktop\HousecallLauncher64.exe
    2017-02-14 21:16 - 2017-02-14 21:16 - 06521214 _____ C:\Users\Hp\Downloads\---------------------------------.bmp
    2017-02-14 20:25 - 2017-02-17 10:10 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
    2017-02-14 20:25 - 2017-02-14 20:25 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2017-02-14 20:24 - 2017-02-15 08:39 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
    2017-02-14 20:24 - 2017-02-14 20:37 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148713716440104
    2017-02-14 20:24 - 2017-02-14 20:23 - 00991496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2017-02-14 20:24 - 2017-02-14 20:23 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2017-02-14 20:24 - 2017-02-14 20:23 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
    2017-02-14 20:24 - 2017-02-14 20:23 - 00309784 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
    2017-02-14 20:24 - 2017-02-14 20:23 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
    2017-02-14 20:24 - 2017-02-14 20:23 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2017-02-14 20:24 - 2017-02-14 20:23 - 00126088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2017-02-14 20:24 - 2017-02-14 20:23 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2017-02-14 20:24 - 2017-02-14 20:23 - 00074680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2017-02-14 20:24 - 2017-02-14 20:23 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
    2017-02-14 20:24 - 2017-02-14 20:23 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2017-02-14 20:21 - 2017-02-15 06:53 - 00000000 ____D C:\Program Files\AVAST Software
    2017-02-14 20:20 - 2017-02-14 20:20 - 06655120 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
    2017-02-14 20:20 - 2017-02-14 20:20 - 06655120 _____ (AVAST Software) C:\Users\Hp\Desktop\avast_free_antivirus_setup_online.exe
    2017-02-14 16:56 - 2017-02-15 04:59 - 00000010 _____ C:\Users\Hp\AppData\Local\sponge.last.runtime.cache
    2017-02-14 16:46 - 2017-02-14 16:46 - 00000000 ____D C:\Windows\Trend Micro
    2017-02-14 16:46 - 2017-02-14 16:46 - 00000000 ____D C:\ProgramData\Trend Micro
    2017-02-14 16:43 - 2017-02-15 07:00 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-02-14 16:40 - 2017-02-14 16:40 - 00000036 _____ C:\Users\Hp\AppData\Local\housecall.guid.cache
    2017-02-09 23:43 - 2017-02-09 23:43 - 00067563 _____ C:\Users\Hp\Desktop\1JJ0VL.pdf
    2017-02-09 23:43 - 2017-02-09 23:43 - 00001334 _____ C:\Users\Hp\Desktop\1JJ0VL - Shortcut.lnk
    2017-02-09 23:41 - 2017-02-09 23:41 - 00067563 _____ C:\Users\Hp\Downloads\1JJ0VL.pdf
    2017-02-08 10:03 - 2017-02-08 10:03 - 00069220 _____ C:\Users\Hp\Downloads\1JE22F.pdf
    2017-02-06 05:26 - 2017-02-06 05:26 - 00109163 _____ C:\Users\Hp\Downloads\YRBK 2015 RFA Excel Final.zip
    2017-02-06 05:23 - 2017-02-06 05:23 - 00034304 _____ C:\Users\Hp\Downloads\fy2015cobbook117.xls
    2017-02-06 05:23 - 2017-02-06 05:23 - 00034304 _____ C:\Users\Hp\Downloads\fy2015cobbook106.xls
    2017-02-06 05:22 - 2017-02-06 05:22 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook185.xls
    2017-02-06 05:22 - 2017-02-06 05:22 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook171.xls
    2017-02-06 05:21 - 2017-02-06 05:21 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook184.xls
    2017-02-06 05:21 - 2017-02-06 05:21 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook162.xls
    2017-02-06 05:21 - 2017-02-06 05:21 - 00034304 _____ C:\Users\Hp\Downloads\fy2015cobbook161.xls
    2017-02-06 05:20 - 2017-02-06 05:20 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook83.xls
    2017-02-06 05:18 - 2017-02-06 05:18 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook3.xls
    2017-02-03 02:48 - 2017-02-16 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeKeyl0gger
    2017-02-03 02:48 - 2017-02-15 06:21 - 00000000 ____D C:\Program Files (x86)\ASDECO Manager
    2017-02-03 02:48 - 2017-02-03 02:50 - 00000000 ____D C:\Users\Hp\AppData\Roaming\ASDECO Manager
    2017-02-03 02:47 - 2016-04-12 22:12 - 00829377 _____ (IwantSoft ) C:\Users\Hp\Downloads\setup (PASSW0RD = 123987).exe
    2017-02-03 02:46 - 2017-02-03 02:46 - 00757173 _____ C:\Users\Hp\Downloads\fklogger.zip
    2017-02-03 02:45 - 2016-08-05 11:19 - 00424592 _____ C:\Windows\runkey.exe
    2017-02-03 02:39 - 2017-02-03 02:39 - 09339624 _____ (Spyrix Security Inc.) C:\Users\Hp\Desktop\sfk_setupcn.exe
    2017-02-02 00:34 - 2017-02-02 00:34 - 00075032 _____ C:\Users\Hp\Desktop\HSS-sd-update.exe
    2017-01-26 04:01 - 2017-01-26 04:01 - 00183395 _____ C:\Users\Hp\Downloads\impact.zip
    2017-01-24 23:30 - 2017-01-25 05:55 - 00000000 ____D C:\Users\Hp\Downloads\New folder (2)
    2017-01-23 23:11 - 2017-01-23 23:11 - 00000829 _____ C:\Users\Hp\Desktop\bluetooth_content_share (2).html
    2017-01-22 18:06 - 2017-01-22 18:07 - 40537320 _____ (Opera Software) C:\Users\Hp\Desktop\Opera_42.0.2393.137_Campaign_70_Setup.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-17 10:17 - 2011-06-04 11:38 - 00000000 ____D C:\Users\Hp\AppData\Local\Adobe
    2017-02-17 10:11 - 2016-08-31 01:18 - 00000000 ____D C:\Program Files (x86)\Opera
    2017-02-16 16:55 - 2009-07-14 07:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-02-16 16:55 - 2009-07-14 07:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-02-16 16:54 - 2016-06-13 06:38 - 00000000 ____D C:\Users\Guest
    2017-02-16 16:54 - 2014-12-01 08:18 - 00000000 ____D C:\Users\TEMP
    2017-02-16 16:53 - 2011-05-31 14:38 - 00000000 ____D C:\Users\Hp\AppData\Roaming\uTorrent
    2017-02-16 16:52 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
    2017-02-16 16:41 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-02-16 16:40 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-02-16 16:40 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-02-16 16:40 - 2011-10-02 12:43 - 00000000 ____D C:\Users\Mr C
    2017-02-16 11:03 - 2012-05-14 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-02-15 14:33 - 2012-02-19 00:46 - 00000000 ____D C:\Users\Hp\AppData\Roaming\vlc
    2017-02-15 14:30 - 2009-07-14 08:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-02-15 12:25 - 2013-02-12 01:06 - 00000000 ____D C:\Users\Hp\AppData\LocalLow\blekko
    2017-02-15 12:19 - 2011-05-31 13:13 - 00000000 ____D C:\Users\Hp
    2017-02-15 08:31 - 2013-06-01 23:01 - 00000000 ____D C:\Program Files\COMODO
    2017-02-15 07:33 - 2013-05-08 02:39 - 00000000 ____D C:\Users\Hp\AppData\Local\AVG SafeGuard toolbar
    2017-02-15 07:32 - 2013-05-08 02:39 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
    2017-02-15 06:45 - 2015-10-08 00:35 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000UA.job
    2017-02-15 06:45 - 2015-10-08 00:35 - 00000854 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000Core.job
    2017-02-15 06:44 - 2011-05-31 14:01 - 00000000 ____D C:\ProgramData\MFAData
    2017-02-15 06:41 - 2016-02-27 15:15 - 00000000 ____D C:\ProgramData\Avg
    2017-02-14 20:25 - 2015-10-10 02:02 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-02-14 17:03 - 2016-10-26 13:59 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Free Desktop Clock 3
    2017-02-14 17:03 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
    2017-02-14 17:02 - 2011-06-21 08:18 - 00000000 ____D C:\ProgramData\Real
    2017-02-13 05:27 - 2015-10-09 23:14 - 00000400 _____ C:\Windows\Tasks\DriverEasy Scheduled Scan.job
    2017-02-12 06:46 - 2016-09-07 00:12 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
    2017-02-01 01:28 - 2012-05-13 02:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-01-28 22:14 - 2016-08-31 01:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2017-01-21 23:40 - 2016-10-30 11:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    ==================== Files in the root of some directories =======

    2013-05-26 22:52 - 2014-01-02 16:20 - 0003736 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    2016-11-20 22:32 - 2016-11-28 09:41 - 0000132 _____ () C:\Users\Hp\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2013-03-18 23:46 - 2016-08-10 14:38 - 0000205 _____ () C:\Users\Hp\AppData\Roaming\burnaware.ini
    2012-12-17 14:14 - 2013-05-25 19:21 - 0001155 _____ () C:\Users\Hp\AppData\Roaming\evmanage.prf
    2012-12-16 09:30 - 2012-12-19 19:24 - 0003934 _____ () C:\Users\Hp\AppData\Roaming\evpro32.prf
    2016-10-10 16:11 - 2016-10-10 16:11 - 0001456 _____ () C:\Users\Hp\AppData\Local\Adobe Save for Web 13.0 Prefs
    2017-02-15 05:42 - 2017-02-15 05:42 - 1455218 _____ () C:\Users\Hp\AppData\Local\ars.cache
    2017-02-15 05:44 - 2017-02-15 05:44 - 0899425 _____ () C:\Users\Hp\AppData\Local\census.cache
    2013-10-12 22:57 - 2013-10-12 22:57 - 0003584 _____ () C:\Users\Hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2017-02-14 16:40 - 2017-02-14 16:40 - 0000036 _____ () C:\Users\Hp\AppData\Local\housecall.guid.cache
    2011-10-25 00:24 - 2016-08-10 23:00 - 0007579 _____ () C:\Users\Hp\AppData\Local\Resmon.ResmonCfg
    2017-02-14 16:56 - 2017-02-15 04:59 - 0000010 _____ () C:\Users\Hp\AppData\Local\sponge.last.runtime.cache
    2012-03-15 23:01 - 2012-03-15 23:01 - 0000000 _____ () C:\ProgramData\._ntmpdbx_

    Some files in TEMP:
    ====================
    2016-06-22 07:43 - 2016-06-22 07:44 - 30533688 _____ () C:\Users\Mr C\AppData\Local\Temp\vlc-2.2.4-win32.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-07-27 00:17

    ==================== End of FRST.txt ============================

  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Windows 7 Home Premium x64 
    Ran by Hp (Administrator) on Fri 02/17/2017 at 19:52:22.55
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    File System: 541 

    Successfully deleted: C:\ProgramData\avg security toolbar (Folder) 
    Successfully deleted: C:\ProgramData\babylon (Folder) 
    Successfully deleted: C:\ProgramData\productdata (Folder) 
    Successfully deleted: C:\ProgramData\Start Menu\Programs\drivereasy (Folder) 
    Successfully deleted: C:\Users\Hp\AppData\Local\{00101D29-6AFD-454E-805F-23BB71A2B091} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0115A043-EE93-4E52-AEC1-E67F6482B5A8} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0115AAD1-2F1D-494B-B90D-35EAAE02E289} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{02F75C16-DEE9-4F10-89F9-5C9D6D77D4EF} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{036E66F0-6C6E-4EBF-9E66-7206ED440B1F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{03AFBCDA-9BD5-44E9-B9CA-D8A136CEF7D0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{03E4E9D7-3B7B-4AF7-A6B8-C2C8CB4A426F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0447FE95-3743-49FA-BD6F-8F6A5E710F72} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{04918479-EAFC-4477-9F53-F4643877CCE0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{04F80F3D-0833-4B50-9BDC-790C5A96F319} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0545AFDA-F7DF-4E56-BBD1-2A4C29AA876D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0595EBB6-95FA-4EF2-8DDE-BA193131BD65} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{05F6222A-5BEB-4DE4-AC76-2D7A26F8DA31} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{06CA8CA0-2234-4ED8-8A75-424AB08F2750} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{071B4A78-D760-4B35-ACEB-7946AC11FB2B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0735FBC3-AD0E-49D9-980F-18E33564EEFD} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{07C0C4FA-F28C-4D99-948F-25D51095473D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{081A4582-46F3-4925-AA14-0B6732DB1981} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{091188FB-3DB2-4D51-8509-67CB51DF8770} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0948C02A-4843-4363-BD69-DBD2D2345697} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{095A5614-CB6E-4F77-B10B-FE05A70196FE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0A1F8239-CBA2-4C9D-93EA-C9DDE639AA91} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0A3E0B23-9B0F-4EDC-BA83-2B899E6CE7AE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0A48C24B-4D09-4950-B9B4-4F9C9D9FE6AC} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0B343543-5AC1-4935-9B97-54BFB21050B6} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0B7B22F2-E25D-498F-967F-8EA458D4419B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0B87CF09-483B-47A4-9EDE-B6959324F4F7} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0C00B2AB-0E14-4B8C-A9F9-79D0A5A55D87} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0C4F7946-51C8-4090-A66B-40419BD3F4DE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0DA91777-9DDB-44F3-84B2-D93A3103499F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0DAF9152-B3A0-4F63-BD80-E23337B99E2D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0F206090-C7ED-4577-8524-DD24533C0DFD} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0FB00A7F-000A-46D2-8E03-3C5F0EFDEF9C} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0FC7E943-0E79-4819-A9A7-9AF8A33C3112} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{0FCDB568-9173-4D9B-B500-D39CF3DE0339} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{10250BB1-D859-4FFE-AAE3-DD2CE23E0F37} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{103545D8-AB75-4C5C-B4AD-7713B045AD5A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{104EA216-639E-44EF-92A1-DBCA3F8FC2A9} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{123D608D-FA1D-4894-871A-54478E950174} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{13AE839C-0760-43EF-98C3-394B5B7EE106} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{142A12D1-D8E7-4043-B8E9-CAD52E33C7F8} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{15480C4E-20C8-45AF-9AC2-4A6E4F1DCF69} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{15A86703-23CB-4424-BA20-95E34065570D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{15E6EE1C-C4F5-41EF-A0A6-C06835080006} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{166C86D8-BC8C-401D-9C82-230A28BEFF8C} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{16A82FF5-C725-434F-8811-77E41FF11569} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{16B53345-E040-48CA-ABFD-C6AE12278647} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{16EB2A5E-7731-438E-8778-F9166CAF40F1} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{17A73BAB-A674-4A1B-90B4-67797BBCAECE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{186F5FA3-E61A-4769-822E-EB3A07491B29} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{18888682-FE2E-4D72-A9F4-25764F22A902} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1A6CD53F-141A-4B1A-AFDD-6A1802A6C4F5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1A7649C0-21E9-4032-B42B-10DFC284FACD} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1AF571A9-3482-4088-A966-56C91FC74D4A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1BC3153B-FF5A-4AB2-9F77-DBB775E6FAAD} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1D356733-4A05-40F4-B48F-AB1932DA0E8E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1D8DAF65-E560-4643-AADB-94CC87D180F0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1DA72D31-FB04-4EF3-A47F-D64F50BE4BD6} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1E17DCA9-EC08-42DF-AB95-578CDCCEB808} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1EC7127D-B358-4BE5-91D3-8EA489B3DA63} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1EEDAFF8-80CE-4488-B4F2-9C6762BEBB22} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1F0DC042-1B3A-42A5-BFC0-B344B3C8FCD6} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1F16C135-0222-4BD1-A90C-AC3CCA747A8D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1F1E0B3A-C0BB-4568-8A34-FEF6D61C76B0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{1FA9BDD4-0CB5-4691-8F60-D741FD4B5269} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2019DF77-D06C-4927-8E94-94655812B637} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{209078EF-F71E-4F01-9C0E-BD0336456920} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2139FFDF-A9CD-4C17-B1E4-D872503EBB02} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{221B4BEC-4CB4-4E4C-AB65-8853FA1DAB2C} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{221D8411-F747-4002-A033-DD5C54E3D4A4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{22E1FB80-71F2-4FF8-9BFB-3EE32639C27B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2319D2A3-BC19-47D3-8048-9E921E6717E3} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{231EE036-D0EA-4A43-887B-FADB91BBF875} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{237B2015-05E4-4DB9-B3CC-B34F375BB018} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{23D53E65-9E65-4ED5-BF56-4D528CAD3125} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{24376A3F-5D79-4E32-8D7A-1A905861A2AE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2447B2FE-9C6C-4C1A-8B18-E77C771CE921} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{244FF8B8-50E4-4569-BD1E-32B33E908CEE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{24C29858-B030-4458-952B-B26AFAE254A1} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2514005B-4E8B-449F-A54B-719619268BAA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{253933A0-8F3B-4469-885E-CC3016E95C49} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{25424AEF-DB25-4C01-8AC0-94BAEE26A3A8} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{25C6C77D-6B5F-4105-988D-8DFDB8E0EC48} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2692090D-5DCB-4022-9ABF-927D7801405F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{28CEC33F-2991-487C-8F27-5096E38191B5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2A8B9572-7F0E-45BF-8148-E6310EB3A211} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2AA2B0BF-9B26-4DC0-A7AC-804E7A35ED87} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2C12FD3D-8A41-4368-9F7F-65FF968C9196} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2C793A0E-11EC-496D-AB0E-9B9802E39164} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2C802F18-F2D5-4512-8FAF-F7851077879F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2D08FABD-B409-49E9-935E-1F566D864DC2} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2DA46B0D-A0CD-42F1-BFF1-8A09388F3230} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2E76B885-0C28-482B-91B8-66E01E60AA7E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2EA8812F-479E-4943-863B-DA2D7B3129C8} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{2F2EBE89-8987-45C4-8894-D872429A9C31} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{302BF282-3A8A-43E7-A4B3-854E33EFD089} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{308CC2F9-0819-4609-BD84-5584623115F5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{30A7716C-2667-4A23-B36C-5E1347156434} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{312C5821-039B-4A28-AEE9-17C8667D9CA6} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{31BFEDCA-B9E5-4FB1-A177-3582B0912F13} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3218061A-7F9B-42FE-AF72-BCC79FB02464} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{328520C7-2CBE-48A5-8C4D-2BCA05923357} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{335110ED-5BBE-444B-B005-4B9108C486AA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{33C83D10-D668-4ADB-811A-62821A3AABBD} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{33F4D282-1927-4447-933B-7AB042B33CC1} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{342497C1-165D-490B-AB1B-C7E9C5C2F94A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3475C978-AAB7-4389-A289-995FB6C91311} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{34C55BCA-4FF2-4807-B259-F5FBA4DA72EF} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{356D0578-1195-4BAB-AD2D-C273F7EADFBB} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{358A4674-B389-402C-85AB-7D472E0C62C4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{35977BE0-78B4-498E-848B-480FA9733250} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{36840BBD-1FCB-4BA0-BB1C-7F418E4B929B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{36E18384-1612-42E8-992F-D8ABBD9FAB63} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{38A4AA65-A3C2-4091-A5E2-F5BAAC396B3A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{38D0F7EF-BF3D-42E0-A65B-DF812946E0C2} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{39073E57-69DD-4D1D-896D-5FC2FB9FC88E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{397B6F30-2A27-41FE-807D-DDBC08D16B14} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3A24168B-0C41-491D-AF3E-F164C0857BCE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3A47B3A3-B539-4E27-88DF-E96E27F44BA9} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3AA9D3B9-65D8-46D5-8F96-FEE0DD81E448} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3B06664B-44F8-4999-8436-97520E9F297A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3B3CFBE6-0BA2-40FA-84F6-325476C2CAF9} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3B6392A7-5575-4583-AF4B-D49CDC2F7946} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3BF08AF2-1895-4B99-B33F-D5F4CEBD6BA5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3C805711-5087-4355-B5C2-2FFBB98CDC92} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3CB7208C-6436-41A8-8BA3-E7EBF0BAFEEB} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3D31DA8D-61A9-467E-BFB1-1842B36DD6DE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3E2B114C-113C-4E52-AC3E-14343F84AB54} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3E4000E9-F48E-4303-8EFF-7586147E9BEE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3E742B8E-6C38-4014-B64A-D5B628E9EE4A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3E969854-E1DB-41F1-AD66-0FC7A7848BAC} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{3FAE6B02-C05E-4E6C-A416-37213DA64F26} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{405AE71E-4FD9-4E0D-8FE4-E49C7D455E05} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4128C4AF-381F-4E56-BE52-941318CD90A0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{41559E43-0596-4EA0-9950-2D6EB806384C} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{41601894-04C9-4A76-A7EC-CCD3876C86E5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{41D634D5-0220-4E54-A251-6BD7BE41DC1E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{41D9848B-A10C-4086-8D89-7506E7FBC8DE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4294672A-CC01-444F-A2E7-36525BA8E015} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4420FCC0-2E13-4487-B91B-A0670D94C18F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{445FD555-2C18-4D0A-B4BF-B90E37E2202E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{447A9F5F-999D-48C2-B052-C18D38C53F74} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{44F40740-A8DA-4F52-B29D-6E2AAC6C3918} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{453230F1-7EF0-4207-890A-49A4F863DE5A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{46836D1D-7D81-47BE-9BC9-1B97DC8C1D1D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{46B8F15E-4373-4EC8-8F61-1039F0EF4599} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{46BD40F8-AB7D-4389-94BE-43CBAFA97C78} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{47CFBD10-A6BF-43BA-B7AB-95DB7B3AA424} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{48B48B2A-FD2A-4048-81E5-27E06E1FB9FA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{49109E9E-7956-4853-B543-E0C0C0750638} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{49484CC5-6BD4-44CB-B6D3-F0F6B6E4AC65} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{494DC344-5AC3-40D3-B2C7-8A04105D897D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4A4FA8EA-3978-4524-A5F8-1ECCB9388523} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4B507F01-C403-421D-9B52-2D5D48D14773} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4BC40FF0-652C-4896-8D80-19D870D9BF44} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4C4D3C51-AE1D-4880-A48B-F84A78897306} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4C538BE6-0A29-474E-9AF9-4F2691F73F52} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4C98E60E-D2CC-47C9-B808-E27FBCA42E1E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4CAEE619-608B-4F1B-BBE0-644AAB3261E1} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4CCE1F67-0F5A-4403-8612-44FA5BC9FA8F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4CEC9A63-81BE-44E6-A343-0774E2063986} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4D096FF2-7FA3-49AB-A893-8C15786934B5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4DA63EBA-8095-421F-BD5D-07D35832231D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4DF5DCD6-DC4F-4F39-B16C-3F7E53060DDB} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4E00D835-32BB-4242-B26B-A24CEA9E537E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4E294E60-28D6-4A66-9D5D-2283A53796B9} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{4FF8D771-3E42-4053-A357-941ACDD09CF2} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{50362C67-EE0A-42CD-84A8-8031747FF76B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{515AA1D1-77AC-4F4C-A8C6-98F96F971645} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{5291C35E-D610-41C0-8F21-10F492CE05B2} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{54132DE2-8DE0-4C3C-897B-4BB75F8B495D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{544ACC04-EB4C-4182-A15C-B7C1515280BF} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{54B8A2BB-DC55-4F8B-80AE-77DDB609B90F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{555A5214-3D24-4A59-BAA5-4B3935889C2A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{55BA3533-66BA-4EC5-A2B6-4D9C19F48CC7} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{569DBB16-0606-4CC7-B724-BF4BE29E478D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{56ADA279-1AB0-4944-BFD6-F930176A3C3C} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{5728B29F-A117-4150-94FD-86AF37B61878} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{577A7635-52AC-4913-B043-C27225DA8F69} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{57A75FA6-13CC-4495-9D0F-3CDDF8A479FC} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{57E0B17A-9F3D-4FD1-B810-B5F368069040} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{57E13B3D-F979-478D-8935-B56832740FC3} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{58361125-5462-418E-994A-6D2096F97E03} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{587A2FA1-EA72-4D0F-B2FB-D146BB0BDAEC} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{58E16E4C-BD53-407D-9689-0609A6001C92} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{590D98BF-71B7-47B9-87D2-C9E7C98FB27C} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{591912CE-DC75-43DB-954B-4B271CCF1B2F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{59504C10-A328-4B29-B010-0908959FEE7E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{597DA1D9-7E8E-495F-AC1D-6961AE464CE4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{5B5DD0AC-28E6-4F68-894B-1FFD16E9A071} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{5C13F4D7-731F-4E17-85A2-E527F0831F0F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{5C99AB84-E129-431F-81AB-323D933D4538} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{5CE1CC4E-0ABC-43E5-A5A1-150A2762A97D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{5E9C6617-6CFE-4BB2-9364-6AD2134C9144} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{5EAEE4D1-A274-4CBA-9134-0D30EABE8A5D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{5FAC8F2C-F61A-4613-AB4A-0CD1B47F4B68} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{5FC70778-0E43-45A5-BBDD-DB6138B59267} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{5FD79C62-8042-49D9-A0E2-F47A076E6323} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{5FFEC7C0-25B7-47CD-9569-4F0D0D30E56F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{60C76680-CB2B-4A2C-BF12-EF749713F3E1} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{614A01DF-B281-4931-BED3-9FF430F437CD} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6173BB2D-CB3C-4B0F-9E71-F365BF3FDD87} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{61874C3D-1782-4684-AAEA-34347220BBD4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{620D02C4-621B-4D1A-83FE-D9E881A98CBF} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6329E71B-A6BB-4620-95A2-A8D18FD6C811} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{63BCFD6B-45DC-4A8A-BC1A-D3BDD2F4E6FC} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{63DB6BA9-6A56-4648-AFA2-D3A1A09E9E00} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6406C324-693A-4B0B-9568-B7122479AC78} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6419442A-1AD9-4A30-B6E6-B920270490B4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{648FF200-C821-459B-938B-2A1D02931F04} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{64C37F89-0427-4B12-B04E-1D4705794D23} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{64EBEB79-E092-400A-BC9B-6A0CBD2E8149} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{656ECBC4-01B9-4650-86B9-496E7FC64120} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{65F0A7CE-27BB-46BC-809F-5BEF39F9CBF7} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{662F0882-0490-4CC7-8A9C-BEC738A83A67} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{66445ABD-6BB4-4C91-89B6-65F5DAA6D0CB} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{66862CCA-62D0-4DE9-A8A3-05F98893E250} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{66A45DF7-4DEA-4FA1-843D-7CEE3183F8E3} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6741C3E1-52BB-4102-98E1-4BB55AE280D8} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{681636C9-1AE9-439E-82AF-A3035A6FD452} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{684D6F35-23AD-4044-8FA8-AB13C6AAEEA0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{68BBD972-E8D2-4A50-BF69-5DDA8527BBDF} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{69083158-D095-4A3E-881C-6E2D1F68006A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{690D59E8-E56A-4A1D-9BDD-032553DECFEF} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{699E7A36-4E5A-4FE6-A160-8A046586237F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{69A5C0E9-1590-42A1-A03F-22344F0DE0EE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6AD6EE56-5F18-4EF6-BA07-8376BE2DA242} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6B5AC493-FB6E-4143-9A55-421C80067462} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6BBEE1ED-62AC-4863-9B9B-DBA0E60083CD} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6C5379F8-95FB-4297-B3FB-284AE5D10636} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6C8D0B4D-0BE2-403F-9E0F-3A3FFC6297EF} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6CE0A86A-B440-448C-B946-1871465DDC1B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6CF58FEB-4989-4F44-8195-A2E627E8A09E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6D0CF027-95BF-4C23-9591-4637CEF24197} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6D49BA0D-E9B4-4693-B9BE-2DEFD2228129} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6EEBDEAE-A96C-4D28-8AE9-8C37F655BDB8} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{6F02D213-82D0-4D69-8BD4-1E58E5DB5807} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{702996E6-C438-4878-900F-56D07C418773} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{713C35A7-7845-43AA-B839-0F0A2F371722} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{72565B34-6CC8-4CA6-8C1F-B509A7168E01} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{72C1E1C2-796A-4AAC-A699-823E580066A6} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{731D7162-FC7C-4497-8D4C-4D95AF724DC4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{73C034F4-5108-4A48-B09B-C41F440B89F0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{73F5518F-0270-4189-BDF8-8F716D680A00} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{74FD58FA-550A-4E29-ABFE-322369FF719B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{75ABB610-FB81-4364-924A-B71F78796286} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{76A7006F-2251-4E95-86C0-0C7EDF81EB72} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{76A91FD2-5A93-4276-8872-8F26FB61986E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{76EC515C-5925-4CD0-8F2E-9AD9DB471A97} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{77EDF1EC-C416-4EE0-A39C-88E1A94C39DF} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{7853F299-466B-49DE-93C8-0ABAFEFF2ED2} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{78E7E1AD-1627-4F1C-B3D9-F40D7B31955A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{792340C7-1C8B-4623-BF9C-FB06216FBFAB} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{79669C9E-A751-4C3A-A3F2-C7E92CE0F8EC} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{79CD8A6B-8A74-4BCC-B362-3D364A840EB8} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{7AA78110-8FBF-439D-99CD-318B9CA0B16D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{7C1BF77D-BEC1-4FD3-AF09-2E6DDEE7D9EF} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{7DB7A59C-3E27-4EBA-BAC1-F1890A2DEF1F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{7E2FBB1B-E9FA-40AC-B9BC-13524CD1DE0A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{7E30AD5C-7BD9-446F-92C5-C340F8983EF3} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{7EAB7530-C177-42DA-8DA3-815A0051A897} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{7F5C23A7-5224-4A64-81DB-93B70B38EC33} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{7FC791DC-96FE-47DD-B291-3F56AEAEBA4F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{801FB723-2CE8-41F3-993E-7C9B4E169D2E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{804873B8-D2BC-462F-AD99-C524D39CBF80} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{807C8F07-30E4-4326-B039-68B47D6AA3A7} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8221AD68-EB1D-4ECE-B600-8C3DF5BB3921} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8279D7EB-6503-41BB-9025-E92CCDAE1238} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{828B1AB5-DE59-40CA-8CDC-C8AD56A51F7F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{82A69521-CF14-4BB2-B72E-2256F22BDB98} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{82EBA1A9-6123-4041-9649-5FB5C152B3C7} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{83342150-9DB4-4552-A941-0234FB99CD0B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{83565304-EF17-410C-93AB-8D2B605A620C} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8371BEA1-8E3E-4E8B-9D6E-9E9E909D244F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{83754ED6-B376-4228-BBFF-DFC079C14A4A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8390A96D-8783-465F-94D5-CE36921CEDC3} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8433D09B-8996-447A-A4E3-76A5F02FC509} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{847113D7-C31C-419D-B5E0-804CAB21BC1E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{84D4BA6A-D370-496C-B694-8FD6EEC50F9B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8505D0E0-B030-4B01-881A-2268EFBBD8FA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{85303603-AD68-4B62-9E93-2B5AD24D7C14} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{85BA2D4C-B420-4EDC-BD16-BA1B651DB748} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{85DC2361-5B0E-4CCE-B3C2-44F9F84890AB} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{86A3333F-E49D-46C2-9A63-02C3478D23AA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8702EE2E-49F3-434F-92B1-43F135CD2D8A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8719B069-0002-4003-BF15-38748866C43D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8727953A-CDBD-4D87-AE92-484309E025F3} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{87570FCD-5988-48CE-B12A-0CD73429024E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{87741832-184A-47D7-AEE9-1810C93EBBA4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{879816D2-0ECA-4223-9C97-16A26175D11B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{87A4E743-83FD-42ED-B1FE-4FEC81AD25E0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{87DB8BC5-366C-42C0-B4E5-1D1C1FC0CF5B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{88446CB3-DA51-4940-A27C-3325E031E2F0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{88D86BD1-9965-488A-B2A2-1A8F98367DD5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{893EEF37-C994-48A7-9BE3-D2D5474C9712} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{89DA951F-667D-45AD-8B87-8496F2C4CFA6} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8A2771C7-6FFD-4D6E-94E8-DD217490D57A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8A7503FE-A091-4856-9BAF-A0A652366244} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8A8087C0-2987-4B18-8987-0689BE4E098F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8A9F03C4-31D3-48D4-BE46-104D1AFE1C88} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8AA36E5E-DEDB-485B-A4F3-83971F15A148} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8B4D5805-A574-4DAE-A7E5-AEB09987500D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8B6417DB-98D0-4C09-A9D4-CCD9B559C27E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8BB93DE4-78B1-4421-A624-D1DAC0D2C7CD} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8BE289B5-2014-4844-A0EE-530BC889DAB5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8BEA230B-E6D5-472B-9C9B-667F3B943359} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8C8DB0EC-3472-4477-B4C8-5D50C4568468} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8C9B8048-0556-48DE-AA33-6CC7F310202A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8CC08C97-56EF-4507-AE19-B9C684D095C6} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{8E42C0D2-D52E-404A-8ABB-1BC7581CE2D6} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{903BFF90-21E2-47AB-AEBA-3C1312D654CB} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{906F6B96-90DC-4C14-BE40-65870779C7F9} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9226992F-1BED-474C-9F2B-9F37DF58ADFB} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{925E0741-DA19-4D68-B171-3D414FB84CDC} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9282F795-9F84-4907-B041-5585865DC583} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{92BBEBAD-A48D-4663-AD8E-6C8BA76383EA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{92ECCC4C-9EBA-4F5E-9A6C-91F75FAAF186} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{92F4B51F-F5AC-4EB2-964B-7C091BB308FA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9314F113-1B1C-4779-9E48-F069DA7CF7F6} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{93E5C7C5-936F-4080-86EC-51747C000785} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{94F66350-3310-4100-B84F-4558B6A6C646} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9539EC12-5A4B-4881-93C4-8589EBA976DD} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9633F4A6-72A1-4775-A636-F831D591B9FD} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{963C7A70-BD98-4D2D-8F4F-89C845DA6993} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{96DD3231-8FA7-40DC-B443-5C3ADD88DC9A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{970A2F5C-C43A-4308-8B60-EC1B1CEE962E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9727033C-1DDE-4250-BB87-9D1DC9E4F6FD} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{973BD795-04C6-4114-9F7C-2100B2AF3DD8} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{97FDC09C-60E8-460B-88EF-0B7C8F6640E4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{986FD3A0-5D69-4423-A5C0-3D203C2ACEC3} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{98A70905-7D93-4988-B1B0-81DFF3177459} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{98A76DD4-0680-4765-89BA-64877AD12060} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{995DADDD-B83B-4D67-B298-8F463C5F2C59} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{99A78BAE-3B95-4C2E-986C-4F5DF53B1BFC} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9A573676-5084-4EB7-B518-E85EDD344EAA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9C1B11AE-581E-4F3E-AE01-B701B3838462} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9C1DB656-D3C2-4A63-94AB-6A60106DB0A9} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9CF28335-ADB7-4949-A84B-5D0D92F77BF4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9D28DD42-48B8-4C77-9799-1B4916C4502D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9D2B56EE-CE2A-44B5-A8C8-C6049B7F8CDE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9D4DE6AB-B543-4729-96B5-959BF869A13E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9EC7101B-3BE2-4221-BB3B-512BF268D3A1} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{9F95B69D-2277-4664-BE38-0A6C4F80B8F9} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{A02A1280-FB61-4AE4-A886-061563203072} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{A142E4C7-7A87-4B7F-A78B-0A3D1CCD3A7B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{A1D25755-E76D-4C97-87F3-5CE04521A530} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{A21EC594-053A-48F6-9EE6-D56750C3E99A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{A222C78E-8F00-4C9C-8220-5303345A2C0A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{A38BB4CB-7680-4CC6-AF6E-11FC9092B8EA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{A456E892-CE6E-463C-A687-5A0F62B58D19} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{A4AF95F6-4F53-4D89-B5FC-75A9CCE0647C} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{A5B19BE1-43BB-4D23-87E9-9A845D608204} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{A81CF261-16B7-44AE-B7A4-084876460E87} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{A88F81DB-38DA-425D-8627-75151788A9D1} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{A95E946D-6E51-4396-B86E-9034BFFE3CD7} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{A9A2351B-AAC4-4AA0-AD70-7BAB474A8F32} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{AA084F21-58DA-40D6-82AA-44B1DFD98253} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{AA5713F4-668B-4A89-89A5-A8349B24DB9F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{AC1706A8-CBDA-4CA3-A643-CE7A43E76B10} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{AC4CFCE0-87C5-442D-B5AF-E0124B3D5470} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{AD6D3FA1-7C42-4FF7-B8F3-1775BC75E01F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{AECF6C04-6418-410A-B21C-800206781C25} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{AF2BBAE3-46F0-42E3-BD33-D6D7B2E28DFA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{AF3B6AD3-E3A1-4668-B8C5-6754BFFE3762} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{AF62BF31-4524-4ADD-AFBE-63871ADE8812} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{AF641454-58D3-4806-B88E-E819669F1167} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{AF87D3D2-2CE4-4118-9F6A-7F9896FB7613} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B003554B-A912-4C48-9B2D-5E50B625A430} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B08C6133-D185-4639-925E-3B33735C3639} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B0B74701-E366-4E1C-A29D-793119CF15FF} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B1A10760-B373-480B-AA9F-8DC5987F56CE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B1B8407E-C9F2-4996-A287-4AD92DDF492B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B287ABA3-64EF-4019-9ACD-EAC875D66EC2} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B32BE719-F239-4083-97E7-11CA10F174CB} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B408DB63-87E1-4A58-94DB-52EFDC28CFEC} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B42124EA-1C83-44A7-A2D3-7B1279AA98B9} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B5135937-0FD4-4814-B1D5-9F1E186E5A8F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B620463C-C341-4E79-AE0C-35C9DCED4266} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B63C59BC-5C9B-4730-B032-460A5CF36410} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B66B09E7-C034-47F7-996A-8F8A35617106} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B6B4BCB4-53BB-4ED5-A60B-F6B8234D380E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B6CF2930-04F6-4248-9C30-7814BFED1F9A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B83F9C08-4E60-48CB-991E-2176D19679ED} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{B84D7AFA-0680-48A5-A532-F492F3C98CF5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BA013865-0849-49B8-8D73-937180920EE8} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BA3D2B1D-FE10-4C7B-BE90-CDE19B6C926A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BB71346F-2D58-4B39-870A-8E0ED7BD732F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BBD16C45-ACEB-4D8D-AF42-50AFBC292D61} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BC151E67-F444-40DA-929F-E0F1163D4B4F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BD133CB1-27AE-413C-8F18-224B2F589A05} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BDB500C8-EEE8-423D-A008-B9B7B01925DC} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BDB91563-EAEE-4C5B-92DB-FF9267A6FFA6} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BDDDE37E-6925-4F75-BA2F-4FBB8FB6E0B4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BEE2C117-E7FA-4A18-8D6A-C6DEF47FD81B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BF21D049-FC4E-4227-B1F9-54242F7AA9B1} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BF5321B3-E312-4CEC-BCBC-4179C4C3AF52} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BF9236A9-7A9E-4BFF-8E1A-B208843B1BC9} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{BFFEEAF0-FD97-4CF7-8DB7-C452956B4911} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C110D207-057E-4B77-A11E-F0EA10DC1F01} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C1943400-C318-4B80-A090-2957833195D2} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C25CAAAC-6DE6-4209-98BF-2F63F8D402FA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C2B99163-093D-4E56-9440-D9620903DD58} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C3607C91-6DCB-48E6-9171-6EB91B8B9FE2} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C383D24B-BE27-4E63-933E-351C60A6CD3A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C38500E0-0887-4B6F-8770-40D54F7C242D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C42517BC-8BF8-487D-A101-77059CBD1EA1} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C47E99E5-3FE2-4C61-B6B8-CEAED8810BCB} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C4B84728-A862-4992-934E-20F63AAF6D0B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C4EBE896-E498-44C9-A88A-ABB8656C0EAF} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C539E913-4022-488E-B1D6-82242B3D2DE7} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C81E45DE-E812-4C93-A29E-D46EEC0191B5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C847A011-9457-4E71-BC1A-73294E035CE5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C86EAA97-A6E4-42F9-A600-D1BCD24BF3E9} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C9441B01-48F3-4D67-A557-A46D98F1AEBD} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{C96A4994-CBF0-47AB-B9FC-63A04911C825} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{CA3CCE59-D9F1-44D1-A3FC-4BA73AFABD6D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{CC37AD17-381E-4467-B91B-B7B94689DB99} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{CC5EC308-1C2B-49E6-BBAB-02408C64F292} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{CC6A8704-E46D-49B5-BA69-9A27E58D9971} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{CCF692C3-54B0-4C4B-B891-1AF6675C5D39} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{CD5718BF-7E4C-440C-9A0D-BABA8A05C6D7} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{CDC59681-7900-4245-9543-33CEEA7F637E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{CEDBF0CC-B218-4136-9D3B-F614BF1CDA45} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{CF07B1D4-76B7-4037-80FA-8677D001907F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{CF532376-9D5C-4052-8DFE-17195EACBFA5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D0317E4C-AD02-49BE-93BF-6905D90C3621} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D0695122-5474-4700-8FC2-31B15DCB7378} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D0AA27DC-030C-428B-A64E-D9860062ECD5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D1FEE0CD-4ABB-41FE-B2DA-BDE8AEA180D0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D20399A1-321F-4D21-A7A8-0797272559C5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D2CEE0AF-57F2-404C-820D-207B285C8440} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D2FD6082-732D-4497-BC95-208D10A2645C} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D33AF267-C2F5-44B3-8AC1-E7B411E37A21} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D362B2E0-44B9-4A03-A722-2B3520A410A0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D3FDC050-2433-4B26-8725-573EBCE8E246} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D44A9B34-D980-403A-B5A2-9120B7725D12} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D4EAF48A-81C2-4442-9EA4-90DD035A352C} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D59C4CA3-64F3-4908-8D19-9EB3D78D00AA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D5E33F82-3DFF-43D1-B98C-493AEF56CF7A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D68859FF-600D-40CC-8B39-3F9BC52C43E5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D69ACB80-DE2E-49CD-B6C7-FEE7092EA79B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D6A4781D-F51C-45F4-8356-A2331CD2FE7D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D77B77E5-DA8F-4546-95D5-8A32E38337AB} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D7E45F2F-1405-4325-AB74-178946765162} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D80181FF-8BDB-4E1E-A370-6D76C738789A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D88EB182-B959-4C90-9A14-A322CFDCFADA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D8998D7D-7D55-4466-9D76-FBF3CCC06ACD} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D92D72C2-FA54-4449-9B10-7E8200860B3D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D93036B4-8C80-4DD5-A1B4-B48DD843238F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{D9A4D833-BB06-4371-AAE3-BC70B45D87A9} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{DA374BB7-B4A2-42BB-A62B-82EE6C55003D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{DA8C197E-9728-4FD8-AF3A-B8A8288695C6} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{DB2CD126-D3A6-42D0-97BF-58AF74393E1B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{DB537D51-9D55-46E9-9E6C-EE8114256433} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{DD598B7C-34DD-4037-A9C5-2FD47BE7B95D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{DD5E31C4-DAF1-41F2-A172-B6C3F28B33D3} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{DE15BDB6-C296-471F-9C7F-38124A78A959} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{DE2B0B14-70EE-4BD5-A1E8-63E94F15A4AB} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{DE5F88FE-449A-4B6B-B9C9-A25CA70412D0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{DF29E4C7-CD44-40CE-8D10-79A0332131C0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{DF38C528-C09C-471A-A3C7-46459EBEFE4E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{DF40B0AE-42D4-4416-8CD7-1CD99A9A5C1E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{DFF90FE1-AF53-4782-A50C-9BB30742CF80} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E0228129-D8DB-44B6-944E-42F5834DB266} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E0FE4A6E-37F9-47A0-8189-918AB4170826} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E104C409-EDBA-42A1-B8F7-4BE1FADB7039} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E11A90A1-A9EE-442F-A8B2-54C2A20EEAB4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E2D1EA87-0C2F-45F9-9A1A-E5624FDC59ED} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E383EFF9-3264-48F2-A426-DA4405438680} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E3A13291-8529-41AD-B81B-369584BC5A05} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E3D4B39C-8608-46CB-A67F-6F22937B6574} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E42BB4BD-F77D-43D4-A860-CB7FD6FEB713} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E4FF8311-E3B4-43DD-8B9D-3583BCD4939E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E50654C4-4C31-4483-9E1B-82DF9F7B6A48} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E540A754-BFFB-425F-AE3B-47E8690F95C1} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E59363BE-E6AA-4CBA-BD53-154B5ACBB252} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E62B6D09-8CD6-4B48-8C89-FE9CFC987D7A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E64B67D9-A2B1-4C70-892F-D350CF793BCA} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E8C82584-7852-4372-9DE0-5B636B5171A1} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{E98EC320-5BD9-4C1C-8152-284077346D76} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{EA15FD95-0478-40D0-8622-B8002DA6E772} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{EABA2C1F-C1B2-4B2B-B4AD-9D18BB45DB55} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{EAF9D544-3DD8-4ECB-9766-E743A623F639} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{EB464290-C0EE-4B83-AC4D-42C9F564BF8D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{EB8665C0-5E28-419A-8E86-9AA8F7982F90} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{EBF22655-1AFD-4505-9C3F-06C26353A84C} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{EC164CE6-7D75-4DE3-A544-0848E6204092} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{ECD13AAF-728D-455E-B90B-C6CACD92085C} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{EDE91D60-B17B-4E80-BEDF-8B03EE08C142} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{EE4ACA06-C4A6-4E94-8331-0730446DF191} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{EF65FD03-792E-45FD-A384-DB4B9F29AF8A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F016C582-C890-4A32-A476-DEC4B7706DFE} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F03C5FB8-A1D4-4A1F-8CF5-8F7FFB07BA92} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F0E769C7-8273-456F-A86E-2AFBBF50509E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F1818B0E-A7D1-4701-9391-7F909A68D49F} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F2A368CE-9F51-4C7E-9A5E-330FC99EA434} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F2AB304E-C918-490A-B5A1-2728D4CA3CE4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F3C8AE8B-E821-429E-A8AB-D708A09165F4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F484BC1A-37FE-4F40-8993-803C3615FF96} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F5959361-5379-4692-BFB2-07AA40B2C76D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F6791A14-1850-461A-96E5-5B80BA212AE5} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F6CDC922-1C09-4A92-AB3F-3B57CA8C4F87} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F7FC048B-90D1-4EB1-8347-0F07E5BCDE19} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F805C665-5976-4A05-BB0B-64E389BD67E0} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F8276435-B057-4242-9995-47805317370D} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{F9B7D313-634D-4F27-BB95-BDD8B0E1333E} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{FA437601-8AC0-4258-A181-51410BA1CF08} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{FA5D943D-AA7A-437C-B9FC-D96B47B8FF9B} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{FB2D14F4-AAB4-4064-80F5-0E70D8CEB38A} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{FC2B6985-7262-443E-9E84-9AF275DD2A82} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{FC8A43E0-58E5-440F-84C3-CC0D300A2EAB} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{FC932888-FAD9-455E-8BDD-42EA0D2F6E29} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\{FDDF7202-973B-44B3-B7EE-909F72D3B7E4} (Empty Folder)
    Successfully deleted: C:\Users\Hp\AppData\Local\apn (Folder) 
    Successfully deleted: C:\Users\Hp\AppData\Local\crashrpt (Folder) 
    Successfully deleted: C:\Users\Hp\AppData\Local\packageaware (Folder) 
    Successfully deleted: C:\Users\Hp\AppData\Local\slimware utilities inc (Folder) 
    Successfully deleted: C:\Users\Hp\Appdata\LocalLow\avg safeguard toolbar (Folder) 
    Successfully deleted: C:\Users\Hp\Appdata\LocalLow\Toolbar4 (Folder) 
    Successfully deleted: C:\Users\Hp\AppData\Roaming\babylon (Folder) 
    Successfully deleted: C:\Users\Hp\AppData\Roaming\drivercure (Folder) 
    Successfully deleted: C:\Users\Hp\AppData\Roaming\getrighttogo (Folder) 
    Successfully deleted: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Invalidprefs.js (File) 
    Successfully deleted: C:\Users\Hp\AppData\Roaming\pdfforge (Folder) 
    Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) 
    Successfully deleted: C:\users\Public\Documents\guid (Folder) 
    Successfully deleted: C:\Windows\system32\drivers\swdumon.sys (File) 
    Successfully deleted: C:\Windows\system32\Tasks\Driver Booster Scheduler (Task)
    Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (Hp) (Task)
    Successfully deleted: C:\Windows\Tasks\DriverEasy Scheduled Scan.job (Task) 
    Successfully deleted: C:\Program Files (x86)\avg security toolbar (Folder) 
    Successfully deleted: C:\Program Files (x86)\Common Files\avg secure search\vtoolbarupdater (Folder) 
    Successfully deleted: C:\Program Files (x86)\myfree codec (Folder) 
    Successfully deleted: C:\Program Files (x86)\oapps (Folder) 
    Successfully deleted: C:\Program Files (x86)\yuna software (Folder) 
    Successfully deleted: C:\ProgramData\Barowsoe2sAve (Folder)
    Successfully deleted: C:\Windows\SysWOW64\REN1D40.tmp (File) 

    Deleted the following from C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\prefs.js
    user_pref(aol_toolbar.default.homepage.check, false);
    user_pref(aol_toolbar.default.search.check, false);
    user_pref(avg.install.Revert_DSP, Alnaddy);
    user_pref(avg.install.Revert_HP, hxxp://www.alnaddy.com/?afltid=wbpk);
    user_pref(avg.userPreferences.URLBarFocus.whiteList, bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com
    user_pref(extensions.51748da6c914d.scode, (function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
    user_pref(extensions.BabylonToolbar.prtkDS, 0);
    user_pref(extensions.BabylonToolbar.prtkHmpg, 0);
    user_pref(extensions.aacec7c99b789494a9cd9cf2130be4fe27837d0b0c96842e7b0acb09c864a5978com43905.43905.internaldb.monetization_plugin_bundledUrls.value, %7B%22dealply_s%22%3A
    user_pref(extensions.addon@defaulttab.com.install-event-fired, true);
    user_pref(extensions.alnaddyToolbar.admin, false);
    user_pref(extensions.alnaddyToolbar.aflt, wbpk);
    user_pref(extensions.alnaddyToolbar.appId, {D651E893-3D08-458D-A242-0E6B862E6507});
    user_pref(extensions.alnaddyToolbar.autoRvrt, false);
    user_pref(extensions.alnaddyToolbar.cntry, RO);
    user_pref(extensions.alnaddyToolbar.dfltLng, );
    user_pref(extensions.alnaddyToolbar.dfltSrch, true);
    user_pref(extensions.alnaddyToolbar.excTlbr, false);
    user_pref(extensions.alnaddyToolbar.hdrMd5, 8E9CA45FD913ACF9841D1C58165A3DA3);
    user_pref(extensions.alnaddyToolbar.hmpg, true);
    user_pref(extensions.alnaddyToolbar.hmpgUrl, hxxp://www.alnaddy.com/?afltid=wbpk);
    user_pref(extensions.alnaddyToolbar.id, 9c3d57ea00000000000000ff7a96e75a);
    user_pref(extensions.alnaddyToolbar.instlDay, 15817);
    user_pref(extensions.alnaddyToolbar.instlRef, );
    user_pref(extensions.alnaddyToolbar.keyWordUrl, hxxp://www.alnaddy.com/search/?q=);
    user_pref(extensions.alnaddyToolbar.lastVrsnTs, 1.6.9.164:08:53);
    user_pref(extensions.alnaddyToolbar.newTab, true);
    user_pref(extensions.alnaddyToolbar.newTabUrl, hxxp://www.alnaddy.com/?afltid=wbpk);
    user_pref(extensions.alnaddyToolbar.pnu_alnaddy1, {\newVrsn\:\25\,\lastVrsn\:\15\,\vrsnLoad\:\\,\showMsg\:\false\,\showSilent\:\true\,\msgTs\:13833140
    user_pref(extensions.alnaddyToolbar.prdct, alnaddyToolbar);
    user_pref(extensions.alnaddyToolbar.prtnrId, alnaddy);
    user_pref(extensions.alnaddyToolbar.sg, none);
    user_pref(extensions.alnaddyToolbar.smplGrp, none);
    user_pref(extensions.alnaddyToolbar.srchPrvdr, Alnaddy);
    user_pref(extensions.alnaddyToolbar.tlbrId, alnaddy1);
    user_pref(extensions.alnaddyToolbar.tlbrSrchUrl, hxxp://www.alnaddy.com/search/?q=);
    user_pref(extensions.alnaddyToolbar.vrsn, 1.6.9.16);
    user_pref(extensions.alnaddyToolbar.vrsnTs, 1.6.9.164:08:53);
    user_pref(extensions.alnaddyToolbar.vrsni, 1.6.9.16);
    user_pref(extensions.alnaddyToolbar_i.dnsErr, true);
    user_pref(extensions.alnaddyToolbar_i.hmpg, true);
    user_pref(extensions.alnaddyToolbar_i.newTab, true);
    user_pref(extensions.alnaddyToolbar_i.smplGrp, none);
    user_pref(extensions.alnaddyToolbar_i.vrsnTs, 1.6.9.164:08:53);
    user_pref(extensions.crossrider.bic, 141ae48a8ca231a648171f8e1b6fe764);
    user_pref(extensions.defaulttab.PIR7, 1456546007);
    user_pref(extensions.defaulttab.active.affiliate, 2402);
    user_pref(extensions.defaulttab.active.overridechromesearch, false);
    user_pref(extensions.defaulttab.active.overridekeywordsearch, false);
    user_pref(extensions.defaulttab.browserID, BCC87061F493CD2C69EB9BD14A5643A3);
    user_pref(extensions.defaulttab.config, {\set_default_search\:\Search Here|Search Here\,\features\:[{\engine\:\\,\ai\:0,\location\:7,\additional_config\:\\
    user_pref(extensions.defaulttab.firstrun, false);
    user_pref(extensions.defaulttab.installdate, 1352843287);
    user_pref(extensions.defaulttab.installedVersion, 2.4);
    user_pref(extensions.defaulttab.useNewTabWhiteList, false);
    user_pref(extensions.ffxtlbr@alnaddyToolbar.com.install-event-fired, true);
    user_pref(extensions.ffxtlbr@funmoods.com.install-event-fired, true);
    user_pref(extensions.helperbar.DockingPositionDown, false);
    user_pref(extensions.helperbar.LastHiddenTime, 23522997);
    user_pref(extensions.helperbar.SmartbarDisabled, false);
    user_pref(extensions.helperbar.SmartbarStateMinimaized, false);
    user_pref(extensions.helperbar.Visibility, false);
    user_pref(extensions.searchpredict@speedbit.com.install-event-fired, true);
    user_pref(keyword.keywordURL, hxxp://search.hotspotshield.com/g/results.php?c=s&q=);

    Registry: 3 

    Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key) 
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 02/17/2017 at 19:59:10.69
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • # AdwCleaner v6.043 - Logfile created 17/02/2017 at 21:39:38
    # Updated on 27/01/2017 by Malwarebytes
    # Database : 2017-02-13.1 [Server]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Hp - TRAC
    # Running from : C:\Users\Hp\Desktop\AdwCleaner.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support

    ***** [ Services ] *****

    Service Found:  swdumon


    ***** [ Folders ] *****

    Folder Found:  C:\ProgramData\Avg_Update_1114tb
    Folder Found:  C:\ProgramData\Avg_Update_1214tb
    Folder Found:  C:\Users\Hp\AppData\LocalLow\Speedbit
    Folder Found:  C:\Users\Hp\AppData\Roaming\NCdownloader
    Folder Found:  C:\ProgramData\AVG Secure Search
    Folder Found:  C:\ProgramData\Speedbit
    Folder Found:  C:\ProgramData\Application Data\AVG Secure Search
    Folder Found:  C:\ProgramData\Application Data\Speedbit
    Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
    Folder Found:  C:\Users\Public\Documents\Speedbit
    Folder Found:  C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
    Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Found:  C:\extensions


    ***** [ Files ] *****

    No malicious files found.


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    Key Found:  HKLM\SOFTWARE\Classes\Applications\iLividSetupV1.exe
    Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14de519c-6103-4ccf-8690-6a855f270ce0}
    Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27a2caf7-4a52-43c5-b092-55f4bf676c98}
    Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExamView Player
    Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExamView Player_is1
    Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\DefaultTabSearch
    Key Found:  HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
    Key Found:  HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
    Key Found:  HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
    Key Found:  HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
    Key Found:  HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
    Key Found:  HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
    Key Found:  HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    Key Found:  HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
    Key Found:  HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
    Key Found:  HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
    Key Found:  HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
    Key Found:  HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
    Key Found:  HKLM\SOFTWARE\Classes\MsgPlusForSkype.AnimationPackage
    Key Found:  HKLM\SOFTWARE\Classes\MsgPlusForSkype.SkinPack
    Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    Key Found:  HKLM\SOFTWARE\Classes\PCSuiteContactsView
    Key Found:  HKLM\SOFTWARE\Classes\PCSuiteMessagesView
    Key Found:  HKLM\SOFTWARE\Classes\Prod.cap
    Key Found:  HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar
    Key Found:  HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar.1
    Key Found:  HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT
    Key Found:  HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT.3
    Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
    Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
    Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
    Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
    Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found:  HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found:  HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO
    Key Found:  HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1
    Key Found:  HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Found:  HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Found:  HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Found:  HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Found:  HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Found:  HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT
    Key Found:  HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT.1
    Key Found:  HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found:  HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
    Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
    Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
    Key Found:  [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
    Key Found:  [x64] HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
    Key Found:  [x64] HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
    Key Found:  [x64] HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
    Key Found:  [x64] HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
    Key Found:  [x64] HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
    Key Found:  [x64] HKLM\SOFTWARE\Classes\MsgPlusForSkype.AnimationPackage
    Key Found:  [x64] HKLM\SOFTWARE\Classes\MsgPlusForSkype.SkinPack
    Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\PCSuiteContactsView
    Key Found:  [x64] HKLM\SOFTWARE\Classes\PCSuiteMessagesView
    Key Found:  [x64] HKLM\SOFTWARE\Classes\Prod.cap
    Key Found:  [x64] HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar
    Key Found:  [x64] HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT
    Key Found:  [x64] HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT.3
    Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
    Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
    Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found:  [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO
    Key Found:  [x64] HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Found:  [x64] HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Found:  [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT
    Key Found:  [x64] HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT.1
    Key Found:  [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found:  [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found:  HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found:  HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found:  HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{37211D63-CCE9-4780-B182-96538CFC6FED}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{8B9C4F32-044E-491C-893E-362CB8A679D5}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CBC3E05C-F841-452A-A600-E8D8BBEA63D9}
    Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CF2BF214-9D1E-4803-9AEB-38552615FD40}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
    Key Found:  HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}
    Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
    Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    Key Found:  HKU\.DEFAULT\Software\IGearSettings
    Key Found:  HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\AVG Security Toolbar
    Key Found:  HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\InstalledThirdPartyPrograms
    Key Found:  HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Minibar
    Key Found:  HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Myfree Codec
    Key Found:  HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\smarttweak
    Key Found:  HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Softonic
    Key Found:  HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\speedypc software
    Key Found:  HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\YahooPartnerToolbar
    Key Found:  HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\yuna software
    Key Found:  HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\MINIBAR
    Key Found:  HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\AppDataLow\Toolbar
    Key Found:  HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\AppDataLow\Software\Conduit
    Key Found:  HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\blekko
    Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\SBConvert
    Key Found:  HKU\S-1-5-18\Software\IGearSettings
    Key Found:  HKCU\Software\AVG Security Toolbar
    Key Found:  HKCU\Software\InstalledThirdPartyPrograms
    Key Found:  HKCU\Software\Minibar
    Key Found:  HKCU\Software\Myfree Codec
    Key Found:  HKCU\Software\smarttweak
    Key Found:  HKCU\Software\Softonic
    Key Found:  HKCU\Software\speedypc software
    Key Found:  HKCU\Software\YahooPartnerToolbar
    Key Found:  HKCU\Software\yuna software
    Key Found:  HKCU\Software\MINIBAR
    Key Found:  HKCU\Software\AppDataLow\Toolbar
    Key Found:  HKCU\Software\AppDataLow\Software\Conduit
    Key Found:  HKLM\SOFTWARE\AVG Secure Search
    Key Found:  HKLM\SOFTWARE\AVG Security Toolbar
    Key Found:  HKLM\SOFTWARE\Myfree Codec
    Key Found:  HKLM\SOFTWARE\SP Global
    Key Found:  HKLM\SOFTWARE\SProtector
    Key Found:  HKLM\SOFTWARE\W3I
    Key Found:  HKLM\SOFTWARE\yuna software
    Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
    Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Plus! for Skype
    Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\blekko
    Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\SBConvert
    Key Found:  [x64] HKCU\Software\AVG Security Toolbar
    Key Found:  [x64] HKCU\Software\InstalledThirdPartyPrograms
    Key Found:  [x64] HKCU\Software\Minibar
    Key Found:  [x64] HKCU\Software\Myfree Codec
    Key Found:  [x64] HKCU\Software\smarttweak
    Key Found:  [x64] HKCU\Software\Softonic
    Key Found:  [x64] HKCU\Software\speedypc software
    Key Found:  [x64] HKCU\Software\YahooPartnerToolbar
    Key Found:  [x64] HKCU\Software\yuna software
    Key Found:  [x64] HKCU\Software\MINIBAR
    Key Found:  [x64] HKCU\Software\AppDataLow\Toolbar
    Key Found:  [x64] HKCU\Software\AppDataLow\Software\Conduit
    Key Found:  [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
    Key Found:  [x64] HKLM\SOFTWARE\Tarma Installer
    Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
    Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
    Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
    Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
    Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
    Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
    Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
    Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
    Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
    Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
    Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
    Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sa.hao123.com
    Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
    Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sa.hao123.com
    Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\AppsHat
    Key Found:  HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found:  HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Found:  HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Found:  HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found:  HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Found:  HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
    Key Found:  HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
    Key Found:  HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
    Key Found:  HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
    Key Found:  HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
    Key Found:  HKLM\SOFTWARE\Classes\protocols\handler\viprotocol


    ***** [ Web browsers ] *****

    Firefox pref Found:  [C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\prefs.js] - "avg.userPreferences.URLBarFocus.whiteList" -  "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w+ live
    Firefox pref Found:  [C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\prefs.js] - "extensions.defaulttab.config" -  "{\"set_default_search\":\"Search Here Search Here\",\"features\":[{\"engine\":\"\",
    Chrome pref Found:  [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearch.avg.com
    Chrome pref Found:  [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Web data] - free-keylogger.en.softonic.com
    Chrome pref Found:  [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - amfclgbdpgndipgoegfpkkgobahigbcl
    Chrome pref Found:  [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - kdidombaedgpfiiedeimiebkmbilgmlc

    *************************

    C:\AdwCleaner\AdwCleaner[S0].txt - [21182 Bytes] - [17/02/2017 21:39:38]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21256 Bytes] ##########

Link to post
Share on other sites

CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [kbdsprt] => [X]
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [AdobeBridge] => [X]
AppInit_DLLs-x32: c:\progra~2\browse~1\sprote~1.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
GroupPolicyUsers\S-1-5-21-2588610484-973985184-251928395-1002\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

Winsock: Catalog5 06 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File 
Winsock: Catalog5-x64 06 C:\Program Files\Bonjour\mdnsNSP.dll => No File 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
URLSearchHook: HKU\S-1-5-21-2588610484-973985184-251928395-1000 - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
URLSearchHook: HKU\S-1-5-21-2588610484-973985184-251928395-1000 - (No Name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
SearchScopes: HKLM-x32 -> DefaultScope Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms}
SearchScopes: HKLM-x32 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms}
SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> Moikrug URL = hxxp://moikrug.ru/persons/?clid=154468&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms}
SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4FAEDDA2-6351-43E6-8568-4A45396FC74C}&mid=ef04ad78bd8547d1a8051943ef5e7851-36711ed55615b87e9c4cf224ac236fc32b85bd82&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2013-05-08 02:39:22&v=18.2.0.829&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> {C9FF56E2-80AA-494C-970C-397580307ACF} URL = hxxp://www.alnaddy.com/search/?q={searchTerms}&r=524
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll => No File
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
Toolbar: HKLM-x32 - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.3.0\ViProtocol.dll [2016-03-25] (AVG Secure Search)

FF user.js: detected! => C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\user.js [2013-05-08]
FF NewTab: Mozilla\Firefox\Profiles\r0evgay0.default -> hxxp://www.mysearchresults.com/?c=2402&t=15&nt=nt1&uid=BCC87061F493CD2C69EB9BD14A5643A3
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r0evgay0.default -> AVG Secure Search
FF DefaultSearchEngine,S: Mozilla\Firefox\Profiles\r0evgay0.default -> 
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\r0evgay0.default -> 
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\r0evgay0.default -> 
FF SearchEngineOrder.1,S: Mozilla\Firefox\Profiles\r0evgay0.default -> 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\r0evgay0.default -> AVG Secure Search
FF SelectedSearchEngine,S: Mozilla\Firefox\Profiles\r0evgay0.default -> 
FF Keyword.URL: Mozilla\Firefox\Profiles\r0evgay0.default -> 
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-24]
FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\alnaddyToolbar.xml [2013-04-22]
FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\avg-secure-search.xml [2016-03-25]
FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\ybqs-yandex.xml [2012-03-05]
FF Extension: (Hotspot Shield Helper (Please allow this installation)) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2016-03-26] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-03-26] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-26] [not signed]
FF Extension: (Hotspot Shield Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2016-03-26] [not signed]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-02-28]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.3.0\\npsitesafety.dll [No File]

S4 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [X]
S2 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X]
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-02-17] (Anchorfree Inc.)
S3 ALSysIO; \??\C:\Users\Hp\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 ampa; \??\C:\Windows\system32\ampa.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]

AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden

HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File

Task: {0944FDF1-E7E8-41C0-87BF-E803A005D93F} - System32\Tasks\{2A7A4B3C-5D02-406F-B62F-D9B380838A4E} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\sp51029.exe -d C:\Windows\system32
Task: {132256E3-B2A8-47E2-B29C-3B3645BBE535} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {38C270F1-F3F6-451C-87A5-7B31A1B95EC9} - System32\Tasks\{CA17C987-2612-44D4-8712-C0EF095362B2} => pcalua.exe -a "C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe"
Task: {4FE5ADB1-0AEF-417E-90AC-C563B9E7D26F} - System32\Tasks\Baidu PC Faster Update => $szInstallingDir\Updater.exe 
Task: {538A4155-A4DA-4709-AE42-31F04E9CA73D} - System32\Tasks\{AD7BD7A9-84A8-4283-AAB4-8ACB27831CEE} => pcalua.exe -a C:\Users\Hp\Desktop\jjjjjjjjjjjjjjjjjjjjjjjjjjjjjj\UtilityOnlineMarch09\64-bit\setup.exe -d C:\Windows\system32
Task: {9CBB4995-01A8-4242-8923-E931A5830654} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B1D17603-A7B4-4D32-93AC-1022BA91CAEF} - System32\Tasks\{9C2AE2F6-D4A3-4D11-A454-11BA3FC50514} => pcalua.exe -a C:\Users\Work\Desktop\sp53540.exe -d C:\Windows\system32
Task: {BDDFE0B0-C9F3-43B6-914F-6DADAB6CAD83} - System32\Tasks\{2F184749-FE00-43CA-8869-131E4D964F22} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\Nero7_chm_Enu.exe -d C:\Users\Hp\AppData\Roaming\IDM
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {ED1D8354-4F3D-44BB-8C26-C9A50D09F7DD} - System32\Tasks\{47C72562-1501-404F-BD86-4A4C0378B1CF} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\wlsetup-web.exe -d C:\Users\Hp\AppData\Roaming\IDM
Task: {F34C8D72-8CB0-44F7-9E7B-E2FAB16479FF} - System32\Tasks\{16AADBCC-DFFD-44CA-B81C-2E0B05359184} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A [123]

MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: vToolbarUpdater19.3.0 => 2
MSCONFIG\startupreg: UpdateMyDrivers => C:\Program Files (x86)\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

FirewallRules: [{16B3920F-6309-4F62-AF73-66822FC027EF}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{2983E7EC-4BCD-423B-AF42-F1AFA7886A1D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{781D07E9-1822-4977-A284-A62969063EAC}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{737C12A3-FDCE-44D7-B5DB-3ACBF9216945}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{EADB1E9C-D5D5-4A7F-B4D7-27820C8EFC4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{1073625D-4EA2-4B3C-B3BC-16A5211FF9D4}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{92E29DA7-3160-41C6-B9F0-A19A4059595C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{F9E01E00-C509-4ECC-90B1-CBB224DC4418}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{E8C59255-CE1E-483B-8CA3-CA4CDD8BCE57}] => (Allow) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe

C:\Program Files (x86)\Baidu Security
C:\Program Files (x86)\Hotspot Shield
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
C:\ProgramData\AVG SafeGuard toolbar
C:\Users\Hp\AppData\Local\AVG SafeGuard toolbar
C:\Users\Hp\AppData\LocalLow\blekko

EmptyTemp:

 

# AdwCleaner v6.043 - Logfile created 17/02/2017 at 21:43:09
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Hp - TRAC
# Running from : C:\Users\Hp\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: swdumon


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Avg_Update_1114tb
[-] Folder deleted: C:\ProgramData\Avg_Update_1214tb
[-] Folder deleted: C:\Users\Hp\AppData\LocalLow\Speedbit
[-] Folder deleted: C:\Users\Hp\AppData\Roaming\NCdownloader
[-] Folder deleted: C:\ProgramData\AVG Secure Search
[-] Folder deleted: C:\ProgramData\Speedbit
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Speedbit
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Folder deleted: C:\Users\Public\Documents\Speedbit
[-] Folder deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder deleted: C:\extensions


***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1.exe
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14de519c-6103-4ccf-8690-6a855f270ce0}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27a2caf7-4a52-43c5-b092-55f4bf676c98}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExamView Player
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExamView Player_is1
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\DefaultTabSearch
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[-] Key deleted: HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
[-] Key deleted: HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
[-] Key deleted: HKLM\SOFTWARE\Classes\MsgPlusForSkype.AnimationPackage
[-] Key deleted: HKLM\SOFTWARE\Classes\MsgPlusForSkype.SkinPack
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\PCSuiteContactsView
[-] Key deleted: HKLM\SOFTWARE\Classes\PCSuiteMessagesView
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT
[-] Key deleted: HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT.3
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO
[-] Key deleted: HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
[-] Key deleted: HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbTask
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT
[-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MsgPlusForSkype.AnimationPackage
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MsgPlusForSkype.SkinPack
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\PCSuiteContactsView
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\PCSuiteMessagesView
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT.3
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{37211D63-CCE9-4780-B182-96538CFC6FED}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8B9C4F32-044E-491C-893E-362CB8A679D5}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CBC3E05C-F841-452A-A600-E8D8BBEA63D9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CF2BF214-9D1E-4803-9AEB-38552615FD40}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\.DEFAULT\Software\IGearSettings
[-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\AVG Security Toolbar
[-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\InstalledThirdPartyPrograms
[-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Minibar
[-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Myfree Codec
[-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\smarttweak
[-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Softonic
[-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\speedypc software
[-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\YahooPartnerToolbar
[-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\yuna software
[#] Key deleted on reboot: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\MINIBAR
[-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\AppDataLow\Toolbar
[-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\blekko
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\SBConvert
[#] Key deleted on reboot: HKU\S-1-5-18\Software\IGearSettings
[#] Key deleted on reboot: HKCU\Software\AVG Security Toolbar
[#] Key deleted on reboot: HKCU\Software\InstalledThirdPartyPrograms
[#] Key deleted on reboot: HKCU\Software\Minibar
[#] Key deleted on reboot: HKCU\Software\Myfree Codec
[#] Key deleted on reboot: HKCU\Software\smarttweak
[#] Key deleted on reboot: HKCU\Software\Softonic
[#] Key deleted on reboot: HKCU\Software\speedypc software
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\yuna software
[#] Key deleted on reboot: HKCU\Software\MINIBAR
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Toolbar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKLM\SOFTWARE\AVG Secure Search
[-] Key deleted: HKLM\SOFTWARE\AVG Security Toolbar
[-] Key deleted: HKLM\SOFTWARE\Myfree Codec
[-] Key deleted: HKLM\SOFTWARE\SP Global
[-] Key deleted: HKLM\SOFTWARE\SProtector
[-] Key deleted: HKLM\SOFTWARE\W3I
[-] Key deleted: HKLM\SOFTWARE\yuna software
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Plus! for Skype
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\blekko
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2588610484-973985184-251928395-1000\Software\SBConvert
[#] Key deleted on reboot: [x64] HKCU\Software\AVG Security Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\InstalledThirdPartyPrograms
[#] Key deleted on reboot: [x64] HKCU\Software\Minibar
[#] Key deleted on reboot: [x64] HKCU\Software\Myfree Codec
[#] Key deleted on reboot: [x64] HKCU\Software\smarttweak
[#] Key deleted on reboot: [x64] HKCU\Software\Softonic
[#] Key deleted on reboot: [x64] HKCU\Software\speedypc software
[#] Key deleted on reboot: [x64] HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: [x64] HKCU\Software\yuna software
[#] Key deleted on reboot: [x64] HKCU\Software\MINIBAR
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Conduit
[-] Key deleted: [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
[-] Key deleted: [x64] HKLM\SOFTWARE\Tarma Installer
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sa.hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sa.hao123.com
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\AppsHat
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "avg.userPreferences.URLBarFocus.whiteList" -  "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w+ live\\.\\w+ isearch\\.avg\\.com mysearch\\.avg\\.com"
[-] Chrome preferences cleaned: "extensions.defaulttab.config" -  "{\"set_default_search\":\"Search Here Search Here\",\"features\":[{\"engine\":\"\",\"ai\":0,\"location\":7,\"additional_config\":\"\",\"url\":\"hxxp://i.defaulttabjs.info/dtab/javascript.js?channel=2402\",\"type\":\"js\",\"feature\":\"DP\"},{\"engine\":\"\",\"ai\":0,\"location\":13,\"additional_config\":\"\",\"url\":\"hxxp://nps.pastaleads.com/npsb/logic.js?originid=D16B1DF2-7282-E311-B7DA-001517D1792A&SiteId=Sales&ToolbarId=&ProductName=ToolbarId=2402\",\"type\":\"js\",\"feature\":\"NP\"}],\"set_default_search_on_update\":true,\"change_default_search\":true,\"use_dns_error_handling\":true,\"set_home_page_to\":\"hxxp://www.mysearchresults.com/?c=2402&t=15\",\"new_tab_url\":\"hxxp://www.mysearchresults.com/?c=2402&t=15&nt=nt1\",\"set_search_box\":true,\"change_dns_error_handling_on_update\":false,\"version\":1,\"search_engines\":[{\"search_engine\":\"Search Here Search Here\",\"search_query_string\":\"c=2402&t=15&q={searchTerms}\",\"toolbar_search_engine_config_id\":3321,\"third_party_feed_identifier\":\"\",\"search_engine_id\":99,\"base_url\":\"hxxp://www.mysearchresults.com/search\"},{\"search_engine\":\"Facebook\",\"search_query_string\":\"\",\"toolbar_search_engine_config_id\":3322,\"third_party_feed_identifier\":\"\",\"search_engine_id\":88,\"base_url\":\"hxxp://www.facebook.com/search.php?q={searchTerms}\"},{\"search_engine\":\"Amazon\",\"search_query_string\":\"&field-keywords={searchTerms}\",\"toolbar_search_engine_config_id\":3323,\"third_party_feed_identifier\":\"\",\"search_engine_id\":85,\"base_url\":\"hxxp://www.amazon.com/mn/search/?encoding=UTF8\"},{\"search_engine\":\"Wikipedia\",\"search_query_string\":\"\",\"toolbar_search_engine_config_id\":3324,\"third_party_feed_identifier\":\"\",\"search_engine_id\":86,\"base_url\":\"hxxp://en.wikipedia.org/wiki/{searchTerms}\"},{\"search_engine\":\"Twitter\",\"search_query_string\":\"\",\"toolbar_search_engine_config_id\":3325,\"third_party_feed_identifier\":\"\",\"search_engine_id\":87,\"base_url\":\"hxxps://twitter.com/#!/search?q={searchTerms}\"},{\"search_engine\":\"eBay\",\"search_query_string\":\"\",\"toolbar_search_engine_config_id\":3326,\"third_party_feed_identifier\":\"\",\"search_engine_id\":92,\"base_url\":\"hxxp://www.ebay.com/sch/?_nkw={searchTerms}\"}],\"channel\":2402,\"revision\":1,\"dns_error_handling\":\"Scenario_1,Scenario_2,Scenario_7:1:1:Search Results:mysearchresults,Scenario_8:0:0:Search Results:Search Results\",\"icon_image_file\":\"\",\"ntwl\":false,\"set_home_page_on_update\":true,\"search_box_default\":\"Search Here Search Here\",\"third_party_reporting_partner\":null,\"change_home_page\":true,\"country\":\"SA\",\"enable_third_party_content\":true}"
[-] [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mysearch.avg.com
[-] [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: free-keylogger.en.softonic.com
[-] [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: amfclgbdpgndipgoegfpkkgobahigbcl
[-] [C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: kdidombaedgpfiiedeimiebkmbilgmlc


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [25808 Bytes] - [17/02/2017 21:43:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [21644 Bytes] - [17/02/2017 21:39:38]########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [25956 Bytes] ##########

Link to post
Share on other sites

The first log is the actual fixlist.txt. You need to save that file in the same location as FRST.exe, launch FRST, and then click on the "Fix" button. The computer will reboot after the fix, and a file called fixlog.txt will be left where fixlist.txt was. You then need to copy/paste the content of that log in your next reply.

Link to post
Share on other sites

Hope i got it right this time....

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Hp (17-02-2017 19:07:10) Run:1
Running from C:\Users\Hp\Downloads
Loaded Profiles: Hp &  (Available Profiles: Hp & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [kbdsprt] => [X]
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [AdobeBridge] => [X]
AppInit_DLLs-x32: c:\progra~2\browse~1\sprote~1.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
GroupPolicyUsers\S-1-5-21-2588610484-973985184-251928395-1002\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

Winsock: Catalog5 06 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File 
Winsock: Catalog5-x64 06 C:\Program Files\Bonjour\mdnsNSP.dll => No File 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
URLSearchHook: HKU\S-1-5-21-2588610484-973985184-251928395-1000 - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
URLSearchHook: HKU\S-1-5-21-2588610484-973985184-251928395-1000 - (No Name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
SearchScopes: HKLM-x32 -> DefaultScope Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms}
SearchScopes: HKLM-x32 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms}
SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> Moikrug URL = hxxp://moikrug.ru/persons/?clid=154468&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> Yandex URL = hxxp://yandex.ru/yandsearch?clid=154468&text={searchTerms}
SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4FAEDDA2-6351-43E6-8568-4A45396FC74C}&mid=ef04ad78bd8547d1a8051943ef5e7851-36711ed55615b87e9c4cf224ac236fc32b85bd82&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2013-05-08 02:39:22&v=18.2.0.829&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> {C9FF56E2-80AA-494C-970C-397580307ACF} URL = hxxp://www.alnaddy.com/search/?q={searchTerms}&r=524
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll => No File
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
Toolbar: HKLM-x32 - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.3.0\ViProtocol.dll [2016-03-25] (AVG Secure Search)

FF user.js: detected! => C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\user.js [2013-05-08]
FF NewTab: Mozilla\Firefox\Profiles\r0evgay0.default -> hxxp://www.mysearchresults.com/?c=2402&t=15&nt=nt1&uid=BCC87061F493CD2C69EB9BD14A5643A3
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r0evgay0.default -> AVG Secure Search
FF DefaultSearchEngine,S: Mozilla\Firefox\Profiles\r0evgay0.default -> 
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\r0evgay0.default -> 
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\r0evgay0.default -> 
FF SearchEngineOrder.1,S: Mozilla\Firefox\Profiles\r0evgay0.default -> 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\r0evgay0.default -> AVG Secure Search
FF SelectedSearchEngine,S: Mozilla\Firefox\Profiles\r0evgay0.default -> 
FF Keyword.URL: Mozilla\Firefox\Profiles\r0evgay0.default -> 
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-24]
FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\alnaddyToolbar.xml [2013-04-22]
FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\avg-secure-search.xml [2016-03-25]
FF SearchPlugin: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\ybqs-yandex.xml [2012-03-05]
FF Extension: (Hotspot Shield Helper (Please allow this installation)) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2016-03-26] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-03-26] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-26] [not signed]
FF Extension: (Hotspot Shield Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2016-03-26] [not signed]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-02-28]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.3.0\\npsitesafety.dll [No File]

S4 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [X]
S2 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X]
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-02-17] (Anchorfree Inc.)
S3 ALSysIO; \??\C:\Users\Hp\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 ampa; \??\C:\Windows\system32\ampa.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]

AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden

HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File
CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll => No File

Task: {0944FDF1-E7E8-41C0-87BF-E803A005D93F} - System32\Tasks\{2A7A4B3C-5D02-406F-B62F-D9B380838A4E} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\sp51029.exe -d C:\Windows\system32
Task: {132256E3-B2A8-47E2-B29C-3B3645BBE535} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {38C270F1-F3F6-451C-87A5-7B31A1B95EC9} - System32\Tasks\{CA17C987-2612-44D4-8712-C0EF095362B2} => pcalua.exe -a "C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe"
Task: {4FE5ADB1-0AEF-417E-90AC-C563B9E7D26F} - System32\Tasks\Baidu PC Faster Update => $szInstallingDir\Updater.exe 
Task: {538A4155-A4DA-4709-AE42-31F04E9CA73D} - System32\Tasks\{AD7BD7A9-84A8-4283-AAB4-8ACB27831CEE} => pcalua.exe -a C:\Users\Hp\Desktop\jjjjjjjjjjjjjjjjjjjjjjjjjjjjjj\UtilityOnlineMarch09\64-bit\setup.exe -d C:\Windows\system32
Task: {9CBB4995-01A8-4242-8923-E931A5830654} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B1D17603-A7B4-4D32-93AC-1022BA91CAEF} - System32\Tasks\{9C2AE2F6-D4A3-4D11-A454-11BA3FC50514} => pcalua.exe -a C:\Users\Work\Desktop\sp53540.exe -d C:\Windows\system32
Task: {BDDFE0B0-C9F3-43B6-914F-6DADAB6CAD83} - System32\Tasks\{2F184749-FE00-43CA-8869-131E4D964F22} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\Nero7_chm_Enu.exe -d C:\Users\Hp\AppData\Roaming\IDM
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {ED1D8354-4F3D-44BB-8C26-C9A50D09F7DD} - System32\Tasks\{47C72562-1501-404F-BD86-4A4C0378B1CF} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\wlsetup-web.exe -d C:\Users\Hp\AppData\Roaming\IDM
Task: {F34C8D72-8CB0-44F7-9E7B-E2FAB16479FF} - System32\Tasks\{16AADBCC-DFFD-44CA-B81C-2E0B05359184} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A [123]

MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: vToolbarUpdater19.3.0 => 2
MSCONFIG\startupreg: UpdateMyDrivers => C:\Program Files (x86)\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

FirewallRules: [{16B3920F-6309-4F62-AF73-66822FC027EF}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{2983E7EC-4BCD-423B-AF42-F1AFA7886A1D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{781D07E9-1822-4977-A284-A62969063EAC}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{737C12A3-FDCE-44D7-B5DB-3ACBF9216945}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{EADB1E9C-D5D5-4A7F-B4D7-27820C8EFC4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{1073625D-4EA2-4B3C-B3BC-16A5211FF9D4}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{92E29DA7-3160-41C6-B9F0-A19A4059595C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{F9E01E00-C509-4ECC-90B1-CBB224DC4418}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{E8C59255-CE1E-483B-8CA3-CA4CDD8BCE57}] => (Allow) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe

C:\Program Files (x86)\Baidu Security
C:\Program Files (x86)\Hotspot Shield
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
C:\ProgramData\AVG SafeGuard toolbar
C:\Users\Hp\AppData\Local\AVG SafeGuard toolbar
C:\Users\Hp\AppData\LocalLow\blekko

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\kbdsprt => value removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"c:\progra~2\browse~1\sprote~1.dll" => Value data removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2588610484-973985184-251928395-1002\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Policies\Google => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006 => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => value removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\Yandex => key removed successfully
HKCR\Wow6432Node\CLSID\Yandex => key not found. 
HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Moikrug => key removed successfully
HKCR\CLSID\Moikrug => key not found. 
HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Yandex => key removed successfully
HKCR\CLSID\Yandex => key not found. 
HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKU\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C9FF56E2-80AA-494C-970C-397580307ACF} => key removed successfully
HKCR\CLSID\{C9FF56E2-80AA-494C-970C-397580307ACF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key removed successfully
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => key removed successfully
HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value removed successfully
HKCR\Wow6432Node\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => key not found. 
HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => value removed successfully
HKCR\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => key not found. 
HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. 
HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value removed successfully
HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => key not found. 
HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => value removed successfully
HKCR\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => key not found. 
HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. 
HKU\S-1-5-21-2588610484-973985184-251928395-1002.BAK\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value removed successfully
HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => key not found. 
HKCR\PROTOCOLS\Handler\linkscanner => key not found. 
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found. 
HKCR\PROTOCOLS\Handler\livecall => key not found. 
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
HKCR\PROTOCOLS\Handler\msnim => key not found. 
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => key not found. 
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => key not found. 
C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\user.js => moved successfully
C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\user.js => not found.
Firefox "newtab" removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox DefaultSearchEngine,S removed successfully
Firefox DefaultSearchUrl removed successfully
Firefox SearchEngineOrder.1 removed successfully
Firefox SearchEngineOrder.1,S removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox SelectedSearchEngine,S removed successfully
Firefox "Keyword.URL" removed successfully
C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi => moved successfully
C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi => path removed successfully
C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\alnaddyToolbar.xml => moved successfully
C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\avg-secure-search.xml => moved successfully
C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\searchplugins\ybqs-yandex.xml => moved successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com => moved successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => moved successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key removed successfully
HKLM\System\CurrentControlSet\Services\MsgPlusService => key removed successfully
MsgPlusService => service removed successfully
HKLM\System\CurrentControlSet\Services\TeamViewer => key removed successfully
TeamViewer => service removed successfully
taphss6 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\taphss6 => key removed successfully
taphss6 => service removed successfully
HKLM\System\CurrentControlSet\Services\ALSysIO => key removed successfully
ALSysIO => service removed successfully
HKLM\System\CurrentControlSet\Services\ampa => key removed successfully
ampa => service removed successfully
HKLM\System\CurrentControlSet\Services\BprotectEx => key removed successfully
BprotectEx => service removed successfully
HKLM\System\CurrentControlSet\Services\ewusbnet => key removed successfully
ewusbnet => service removed successfully
HKLM\System\CurrentControlSet\Services\hwdatacard => key removed successfully
hwdatacard => service removed successfully
HKLM\System\CurrentControlSet\Services\hwusbdev => key removed successfully
hwusbdev => service removed successfully
HKLM\System\CurrentControlSet\Services\PCFApiUtil => key removed successfully
PCFApiUtil => service removed successfully
HKLM\System\CurrentControlSet\Services\taphss => key removed successfully
taphss => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACC5B116-C09D-429E-9ACF-768FA52DC072}\\SystemComponent => value removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\ChromeHTML => key removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => key removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key removed successfully
HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0944FDF1-E7E8-41C0-87BF-E803A005D93F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0944FDF1-E7E8-41C0-87BF-E803A005D93F} => key removed successfully
C:\Windows\System32\Tasks\{2A7A4B3C-5D02-406F-B62F-D9B380838A4E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A7A4B3C-5D02-406F-B62F-D9B380838A4E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{132256E3-B2A8-47E2-B29C-3B3645BBE535} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{132256E3-B2A8-47E2-B29C-3B3645BBE535} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38C270F1-F3F6-451C-87A5-7B31A1B95EC9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38C270F1-F3F6-451C-87A5-7B31A1B95EC9} => key removed successfully
C:\Windows\System32\Tasks\{CA17C987-2612-44D4-8712-C0EF095362B2} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA17C987-2612-44D4-8712-C0EF095362B2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FE5ADB1-0AEF-417E-90AC-C563B9E7D26F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FE5ADB1-0AEF-417E-90AC-C563B9E7D26F} => key removed successfully
C:\Windows\System32\Tasks\Baidu PC Faster Update => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{538A4155-A4DA-4709-AE42-31F04E9CA73D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{538A4155-A4DA-4709-AE42-31F04E9CA73D} => key removed successfully
C:\Windows\System32\Tasks\{AD7BD7A9-84A8-4283-AAB4-8ACB27831CEE} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD7BD7A9-84A8-4283-AAB4-8ACB27831CEE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CBB4995-01A8-4242-8923-E931A5830654} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CBB4995-01A8-4242-8923-E931A5830654} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1D17603-A7B4-4D32-93AC-1022BA91CAEF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1D17603-A7B4-4D32-93AC-1022BA91CAEF} => key removed successfully
C:\Windows\System32\Tasks\{9C2AE2F6-D4A3-4D11-A454-11BA3FC50514} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9C2AE2F6-D4A3-4D11-A454-11BA3FC50514} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDDFE0B0-C9F3-43B6-914F-6DADAB6CAD83} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDDFE0B0-C9F3-43B6-914F-6DADAB6CAD83} => key removed successfully
C:\Windows\System32\Tasks\{2F184749-FE00-43CA-8869-131E4D964F22} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2F184749-FE00-43CA-8869-131E4D964F22} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED1D8354-4F3D-44BB-8C26-C9A50D09F7DD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED1D8354-4F3D-44BB-8C26-C9A50D09F7DD} => key removed successfully
C:\Windows\System32\Tasks\{47C72562-1501-404F-BD86-4A4C0378B1CF} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{47C72562-1501-404F-BD86-4A4C0378B1CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F34C8D72-8CB0-44F7-9E7B-E2FAB16479FF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F34C8D72-8CB0-44F7-9E7B-E2FAB16479FF} => key removed successfully
C:\Windows\System32\Tasks\{16AADBCC-DFFD-44CA-B81C-2E0B05359184} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{16AADBCC-DFFD-44CA-B81C-2E0B05359184} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
C:\ProgramData\TEMP => ":862BDB1A" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hshld => key removed successfully
HKLM\System\CurrentControlSet\Services\hshld => key not found. 
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HssTrayService => key removed successfully
HKLM\System\CurrentControlSet\Services\HssTrayService => key not found. 
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\vToolbarUpdater19.3.0 => key removed successfully
HKLM\System\CurrentControlSet\Services\vToolbarUpdater19.3.0 => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateMyDrivers => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16B3920F-6309-4F62-AF73-66822FC027EF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2983E7EC-4BCD-423B-AF42-F1AFA7886A1D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{781D07E9-1822-4977-A284-A62969063EAC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{737C12A3-FDCE-44D7-B5DB-3ACBF9216945} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EADB1E9C-D5D5-4A7F-B4D7-27820C8EFC4D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1073625D-4EA2-4B3C-B3BC-16A5211FF9D4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92E29DA7-3160-41C6-B9F0-A19A4059595C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9E01E00-C509-4ECC-90B1-CBB224DC4418} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8C59255-CE1E-483B-8CA3-CA4CDD8BCE57} => value removed successfully
C:\Program Files (x86)\Baidu Security => moved successfully
C:\Program Files (x86)\Hotspot Shield => moved successfully
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully
C:\ProgramData\AVG SafeGuard toolbar => moved successfully
C:\Users\Hp\AppData\Local\AVG SafeGuard toolbar => moved successfully
C:\Users\Hp\AppData\LocalLow\blekko => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 4194304 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16468217 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 1261859 B
Edge => 0 B
Chrome => 1898809 B
Firefox => 136590816 B
Opera => 758000605 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0
ProgramData => 0 B
systemprofile => 42475239 B
systemprofile32 => 198174 B
LocalService => 132244 B
NetworkService => 0 B
Hp => 569578148 B
TEMP => 66228 B
Mr C => 175015703 B
fbwuser.Hp-PC => 0 B
Guest => 108826 B

RecycleBin => 2540512715 B
EmptyTemp: => 4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:14:27 ====

Link to post
Share on other sites

Awesome :) Let's do a last scan with EEK to look for remnants, and get a fresh set of FRST logs after.

G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

Your next reply(ies) should include:

  • Copy/pasted content of EEK's clean log;
  • Copy/pasted content of FRST.txt;
  • Copy/pasted content of Addition.txt;

Link to post
Share on other sites

Emsisoft Emergency Kit - Version 12.0
Quarantine log

Date    Source    Event    Detection    
2/18/2017 9:48:07 PM    C:\Users\Hp\AppData\Roaming\baidu    Moved to quarantine    Application.AppInstall (A)    
2/18/2017 9:48:07 PM    Key: HKEY_USERS\S-1-5-21-2588610484-973985184-251928395-1002.BAK\SOFTWARE\APPDATALOW\SOFTWARE\CONDUIT    Moved to quarantine    Application.Toolbar (A)    
2/18/2017 9:48:06 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP    Moved to quarantine    Application.Win32.InstallAd (A)    
2/18/2017 9:48:06 PM    Key: HKEY_USERS\S-1-5-21-2588610484-973985184-251928395-1000\SOFTWARE\SMARTBAR    Moved to quarantine    Application.InstallAd (A)    
2/18/2017 9:48:06 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}    Moved to quarantine    Application.AdReg (A)    
2/18/2017 9:48:06 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CBC3E05D-F841-452A-A600-E8D8BBEA63DA}    Moved to quarantine    Application.AdReg (A)    
2/18/2017 9:48:06 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}    Moved to quarantine    Application.AdReg (A)    
2/18/2017 9:48:06 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921}    Moved to quarantine    Application.AdReg (A)    
2/18/2017 9:48:05 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}    Moved to quarantine    Application.AdReg (A)    
2/18/2017 9:48:05 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}    Moved to quarantine    Application.AdReg (A)    
2/18/2017 9:48:05 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CONTEXTMENUNOTIFIER    Moved to quarantine    Application.AdReg (A)    
2/18/2017 9:48:05 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CONTEXTMENUNOTIFIER.1    Moved to quarantine    Application.AdReg (A)    
2/18/2017 9:48:05 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CUSTOMINTERNETSECURITYIMPL    Moved to quarantine    Application.AdReg (A)    
2/18/2017 9:48:05 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.CUSTOMINTERNETSECURITYIMPL.1    Moved to quarantine    Application.AdReg (A)    
2/18/2017 9:48:04 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.SEARCHPROVIDERMANAGER    Moved to quarantine    Application.AdReg (A)    
2/18/2017 9:48:03 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOOLBAR3.SEARCHPROVIDERMANAGER.1    Moved to quarantine    Application.AdReg (A)    
2/18/2017 9:48:02 PM    Key: HKEY_USERS\S-1-5-21-2588610484-973985184-251928395-1002.BAK\SOFTWARE\SOFTONIC    Moved to quarantine    Application.InstallAd (A)    
2/18/2017 9:48:02 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\A2ZLYRICS-15    Moved to quarantine    Application.InstallAd (A)    
2/18/2017 9:48:01 PM    Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\OBJECT    Moved to quarantine    Application.InstallAd (A)    
2/18/2017 9:48:00 PM    C:\Program Files (x86)\Spyware Terminator\is-U89DG.tmp    Moved to quarantine    Application.Toolbar (A)    
2/18/2017 9:48:00 PM    C:\Program Files (x86)\Spyrix Free Parental Control\is-NEKPJ.tmp    Moved to quarantine    DeepScan:Generic.Malware.SIFMHspr.6139D8C3 (B)    
2/18/2017 9:47:59 PM    C:\Program Files (x86)\Spyware Terminator\is-BFPLS.tmp    Moved to quarantine    Application.Toolbar (A)    
2/18/2017 9:47:32 PM    C:\Users\Mr C\Desktop\real-free-keylogger-274-1\Real Free Keylogger.exe    Moved to quarantine    Gen:Variant.Application.Emathi.2 (B)    
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017 01
Ran by Hp (administrator) on TRAC (18-02-2017 22:31:33)
Running from C:\Users\Hp\Downloads
Loaded Profiles: Hp & Guest (Available Profiles: Hp & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Free Desktop Clock\timeserv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Mozilla Foundation) C:\Program Files\Zimbra\Zimbra Desktop\win64\prism\zdclient.exe
() C:\Program Files\Zimbra\Zimbra Desktop\win64\zdesktop.exe
(Emsisoft Ltd) C:\EEK\bin64\a2emergencykit.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7620424 2016-11-17] (SoftPerfect)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Verbose] => "C:\Program Files (x86)\NCH Software\Verbose\verbose.exe" -logon
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-14] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-13] (Piriform Ltd)
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Run: [AtomicAlarmClock6] => C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe [4652544 2013-06-27] ()
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: G - G:\Lenovo_Suite.exe
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: J - J:\Lenovo_Suite.exe
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {2fd233a1-5900-11e1-bc84-c3c8f51b191e} - G:\AutoRun.exe
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {903b68ba-6d28-11e5-85a0-70f3952fbf70} - J:\Lenovo_Suite.exe
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {ad67e7c1-6236-11e5-93db-70f3952fbf70} - "G:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {c0fe8dbd-66ff-11e3-8c6b-70f3952fbf70} - G:\autorun.exe
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {d7d97cdb-e8fc-11e3-9158-70f3952fbf70} - G:\setup.exe
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {e4cf3203-bcb5-11e0-82d3-70f3952fbf70} - E:\AutoRun.exe
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {e4cf3214-bcb5-11e0-82d3-70f3952fbf70} - G:\AutoRun.exe
HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\MountPoints2: {fafd8126-bf35-11e0-af24-001e101f79c9} - G:\AutoRun.exe
HKU\S-1-5-21-2588610484-973985184-251928395-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3821136 2013-11-01] (Tonec Inc.)
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-13] (Piriform Ltd)
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Run: [uTorrent] => C:\Users\Mr C\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-06-13] (BitTorrent Inc.)
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\MountPoints2: G - "G:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\MountPoints2: {903b68ba-6d28-11e5-85a0-70f3952fbf70} - J:\Lenovo_Suite.exe
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\MountPoints2: {ad67e7c1-6236-11e5-93db-70f3952fbf70} - "G:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\MountPoints2: {e4cf3214-bcb5-11e0-82d3-70f3952fbf70} - E:\AutoRun.exe
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\MountPoints2: {fafd8126-bf35-11e0-af24-001e101f79c9} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-14] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{715E3615-F9F7-4E49-ACC3-2DE4C01CBA2D}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{BE741787-BE55-40EC-8ACA-A7E2A07874DF}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{E4718D6B-FEC8-4805-AB76-A4AF2A1861B7}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{F3C17A44-4D83-4202-B3ED-FF5EB9931108}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-2588610484-973985184-251928395-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ar-sa/?ocid=iehp
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ksa.msn.com/?C=SA
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-10-29] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-26] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-26] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-14] (AVAST Software)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default [2017-02-18]
FF Homepage: Mozilla\Firefox\Profiles\r0evgay0.default -> hxxp://www.google.com/
FF Extension: (Grammarly for Firefox) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2017-01-13]
FF Extension: (Firefox Hotfix) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Norwell History Tools) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\norvel@history.xpi [2016-04-30]
FF Extension: (Adblock Plus) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-28]
FF Extension: (YouTube Flash Video Player) - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\r0evgay0.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-02-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-15]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-15]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5 [2013-11-01] [not signed]
FF HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hp\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mr C\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Mr C\AppData\Roaming\IDM\idmmzcc5 [2010-01-01] [not signed]
FF HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mr C\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-18] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-18] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-05-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-05-11] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-27] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2588610484-973985184-251928395-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2013-05-11] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013-05-11] (RealPlayer)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.com.sa
CHR Profile: C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default [2017-02-17]
CHR Extension: (Adblock Plus) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-01]
CHR Extension: (IDM Integration Module) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Prayers Gadget) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihkdpidinkflcjdmjabjbdhnmmaanp [2016-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01]

Opera: 
=======
OPR Extension: (SurfEasy Proxy, an Opera Software Company) - C:\Users\Hp\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2016-12-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2016-10-22] (SUPERAntiSpyware.com)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-15] (AVAST Software s.r.o.)
R2 AtomicAlarmClock; C:\Program Files\Free Desktop Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-14] (AVAST Software)
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S4 Realtek87B; C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S4 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-14] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-14] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-14] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-14] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-14] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126088 2017-02-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-14] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [74680 2017-02-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [991496 2017-02-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-14] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337080 2017-02-15] (AVAST Software)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
U5 cmderd; C:\Windows\System32\Drivers\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [35352 2016-11-11] (Connectify)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
R1 epp; C:\EEK\bin64\epp.sys [114968 2016-10-31] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-09] (REALiX(tm))
U5 inspect; C:\Windows\System32\Drivers\inspect.sys [96800 2013-09-24] (COMODO)
S3 iscFlash; c:\SwSetup\SP55299\iscflashx64.sys [45632 2010-10-15] (Insyde Software)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-15] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-17] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-17] (Malwarebytes)
S3 Neo_me; C:\Windows\System32\DRIVERS\Neo_0048.sys [29808 2011-06-06] (SoftEther Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [72632 2016-10-04] (NetFilterSDK.com)
S3 qciusbnet; C:\Windows\System32\DRIVERS\qciusbnet.sys [158720 2012-02-17] (Quanta Computer Inc.)
S3 qciusbser; C:\Windows\System32\DRIVERS\qciusbser.sys [123648 2012-02-17] (Quanta Computer Inc.)
S3 qntbulk; C:\Windows\System32\Drivers\qntbulk.sys [49664 2012-02-17] (Windows (R) Win 7 DDK provider)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [402136 2015-10-10] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33448 2015-10-10] (Synaptics Incorporated)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2015-12-07] (Western Digital Technologies)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
U3 ZAPrivacyService; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-18 22:31 - 2017-02-18 22:35 - 00028845 _____ C:\Users\Hp\Downloads\FRST.txt
2017-02-18 22:26 - 2017-02-18 22:26 - 02422784 _____ (Farbar) C:\Users\Hp\Downloads\FRST64.exe
2017-02-18 22:22 - 2017-02-18 22:22 - 00014416 _____ C:\Users\Hp\Downloads\fixlist (1).txt
2017-02-18 21:51 - 2017-02-18 21:51 - 00006774 _____ C:\Users\Hp\Desktop\Quarantine_170218-215030.txt
2017-02-18 21:16 - 2017-02-18 21:51 - 00000000 ____D C:\EEK
2017-02-18 21:05 - 2017-02-18 21:06 - 00000000 ____D C:\Users\Hp\Downloads\New folder (3)
2017-02-17 21:58 - 2017-02-17 21:58 - 00014416 _____ C:\Users\Hp\Downloads\fixlist.txt
2017-02-17 21:33 - 2017-02-17 22:11 - 00000000 ____D C:\AdwCleaner
2017-02-17 19:59 - 2017-02-17 19:59 - 00060343 _____ C:\Users\Hp\Desktop\JRT.txt
2017-02-17 19:50 - 2017-02-17 19:50 - 01663040 _____ (Malwarebytes) C:\Users\Hp\Desktop\JRT.exe
2017-02-17 19:46 - 2017-02-17 19:46 - 04015056 _____ C:\Users\Hp\Desktop\AdwCleaner.exe
2017-02-17 19:23 - 2017-02-17 19:23 - 00000008 __RSH C:\Users\Hp\ntuser.pol
2017-02-17 19:21 - 2017-02-17 19:25 - 05148600 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 ___HD C:\$AV_ASW
2017-02-17 19:07 - 2017-02-17 19:19 - 00037110 _____ C:\Users\Hp\Downloads\Fixlog.txt
2017-02-17 14:57 - 2017-02-17 15:32 - 00070681 _____ C:\Users\Hp\Desktop\Addition.txt
2017-02-17 14:53 - 2017-02-18 22:31 - 00000000 ____D C:\FRST
2017-02-17 14:53 - 2017-02-17 15:33 - 00050853 _____ C:\Users\Hp\Desktop\FRST.txt
2017-02-15 10:30 - 2017-02-15 10:30 - 00207590 _____ C:\Users\Hp\Desktop\Malware log.txt
2017-02-15 09:50 - 2017-02-17 21:49 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-15 09:50 - 2017-02-17 21:49 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-15 09:50 - 2017-02-15 20:00 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-15 09:50 - 2017-02-15 09:50 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-15 09:49 - 2017-02-17 21:49 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-15 09:48 - 2017-02-15 09:48 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-15 09:48 - 2017-02-15 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-15 09:48 - 2017-02-15 09:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-15 09:48 - 2017-02-15 09:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-15 09:48 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-15 09:44 - 2017-02-15 09:45 - 55566792 _____ (Malwarebytes ) C:\Users\Hp\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-15 08:41 - 2017-02-15 08:41 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-02-15 08:41 - 2017-02-15 08:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-02-15 08:38 - 2017-02-14 20:23 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-15 07:35 - 2017-02-15 07:35 - 01638880 _____ (AVG Technologies CZ) C:\Users\Hp\Desktop\AutoExec64.exe
2017-02-15 06:56 - 2017-02-15 08:40 - 00003870 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1487130947
2017-02-15 06:56 - 2017-02-15 06:56 - 00001043 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-02-15 06:56 - 2017-02-15 06:56 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-15 06:54 - 2017-02-15 06:53 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-15 06:53 - 2017-02-15 06:53 - 01948128 _____ (AVG Technologies CZ) C:\Users\Hp\Desktop\AutoExec.exe
2017-02-15 06:50 - 2017-02-15 06:50 - 00000000 ____D C:\Users\Hp\AppData\Roaming\AVAST Software
2017-02-15 06:34 - 2017-02-15 06:43 - 00000000 ____D C:\AVG_Remover
2017-02-15 06:34 - 2017-02-15 06:34 - 08111408 _____ ( ) C:\Users\Hp\Desktop\AVG_Remover.exe
2017-02-15 06:28 - 2017-02-15 06:28 - 00000000 ____D C:\Users\Hp\AppData\Local\MFAData
2017-02-15 06:21 - 2017-02-15 06:21 - 00399360 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2017-02-15 05:44 - 2017-02-15 05:44 - 00899425 _____ C:\Users\Hp\AppData\Local\census.cache
2017-02-15 05:42 - 2017-02-15 05:42 - 01455218 _____ C:\Users\Hp\AppData\Local\ars.cache
2017-02-15 04:42 - 2017-02-15 06:44 - 00000000 ____D C:\Users\Hp\AppData\Local\FSDART
2017-02-15 04:42 - 2017-02-15 04:51 - 00000000 ____D C:\ProgramData\F-Secure
2017-02-15 04:42 - 2017-02-15 04:42 - 00524248 _____ (F-Secure Corporation) C:\Users\Hp\Desktop\F-SecureOnlineScanner.exe
2017-02-15 04:42 - 2017-02-15 04:42 - 00000000 ____D C:\Users\Hp\AppData\Local\F-Secure
2017-02-15 04:40 - 2016-08-22 22:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-02-15 04:39 - 2017-02-15 04:39 - 02527376 _____ (Trend Micro Inc.) C:\Users\Hp\Desktop\HousecallLauncher64.exe
2017-02-14 21:16 - 2017-02-14 21:16 - 06521214 _____ C:\Users\Hp\Downloads\---------------------------------.bmp
2017-02-14 20:25 - 2017-02-17 10:10 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-14 20:25 - 2017-02-14 20:25 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-02-14 20:24 - 2017-02-15 08:39 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-02-14 20:24 - 2017-02-14 20:37 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148713716440104
2017-02-14 20:24 - 2017-02-14 20:23 - 00991496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-14 20:24 - 2017-02-14 20:23 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-14 20:24 - 2017-02-14 20:23 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-14 20:24 - 2017-02-14 20:23 - 00309784 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-14 20:24 - 2017-02-14 20:23 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-14 20:24 - 2017-02-14 20:23 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-14 20:24 - 2017-02-14 20:23 - 00126088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-14 20:24 - 2017-02-14 20:23 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-14 20:24 - 2017-02-14 20:23 - 00074680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-14 20:24 - 2017-02-14 20:23 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-14 20:24 - 2017-02-14 20:23 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-14 20:21 - 2017-02-15 06:53 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-14 20:20 - 2017-02-14 20:20 - 06655120 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2017-02-14 20:20 - 2017-02-14 20:20 - 06655120 _____ (AVAST Software) C:\Users\Hp\Desktop\avast_free_antivirus_setup_online.exe
2017-02-14 16:56 - 2017-02-15 04:59 - 00000010 _____ C:\Users\Hp\AppData\Local\sponge.last.runtime.cache
2017-02-14 16:46 - 2017-02-14 16:46 - 00000000 ____D C:\Windows\Trend Micro
2017-02-14 16:46 - 2017-02-14 16:46 - 00000000 ____D C:\ProgramData\Trend Micro
2017-02-14 16:43 - 2017-02-15 07:00 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-14 16:40 - 2017-02-14 16:40 - 00000036 _____ C:\Users\Hp\AppData\Local\housecall.guid.cache
2017-02-14 09:44 - 2017-02-14 09:44 - 00017091 _____ C:\Users\Hp\Downloads\Training_Schedule_Feb.14_Feb.15 (1).xlsx
2017-02-14 09:21 - 2017-02-14 09:21 - 00021027 _____ C:\Users\Hp\Downloads\Training_Schedule_Feb.14_Feb.15.xlsx
2017-02-09 23:43 - 2017-02-09 23:43 - 00067563 _____ C:\Users\Hp\Desktop\1JJ0VL.pdf
2017-02-09 23:43 - 2017-02-09 23:43 - 00001334 _____ C:\Users\Hp\Desktop\1JJ0VL - Shortcut.lnk
2017-02-09 23:41 - 2017-02-09 23:41 - 00067563 _____ C:\Users\Hp\Downloads\1JJ0VL.pdf
2017-02-08 10:03 - 2017-02-08 10:03 - 00069220 _____ C:\Users\Hp\Downloads\1JE22F.pdf
2017-02-06 05:26 - 2017-02-06 05:26 - 00109163 _____ C:\Users\Hp\Downloads\YRBK 2015 RFA Excel Final.zip
2017-02-06 05:23 - 2017-02-06 05:23 - 00034304 _____ C:\Users\Hp\Downloads\fy2015cobbook117.xls
2017-02-06 05:23 - 2017-02-06 05:23 - 00034304 _____ C:\Users\Hp\Downloads\fy2015cobbook106.xls
2017-02-06 05:22 - 2017-02-06 05:22 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook185.xls
2017-02-06 05:22 - 2017-02-06 05:22 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook171.xls
2017-02-06 05:21 - 2017-02-06 05:21 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook184.xls
2017-02-06 05:21 - 2017-02-06 05:21 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook162.xls
2017-02-06 05:21 - 2017-02-06 05:21 - 00034304 _____ C:\Users\Hp\Downloads\fy2015cobbook161.xls
2017-02-06 05:20 - 2017-02-06 05:20 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook83.xls
2017-02-06 05:18 - 2017-02-06 05:18 - 00034816 _____ C:\Users\Hp\Downloads\fy2015cobbook3.xls
2017-02-03 02:48 - 2017-02-16 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeKeyl0gger
2017-02-03 02:48 - 2017-02-15 06:21 - 00000000 ____D C:\Program Files (x86)\ASDECO Manager
2017-02-03 02:48 - 2017-02-03 02:50 - 00000000 ____D C:\Users\Hp\AppData\Roaming\ASDECO Manager
2017-02-03 02:47 - 2016-04-12 22:12 - 00829377 _____ (IwantSoft ) C:\Users\Hp\Downloads\setup (PASSW0RD = 123987).exe
2017-02-03 02:46 - 2017-02-03 02:46 - 00757173 _____ C:\Users\Hp\Downloads\fklogger.zip
2017-02-03 02:45 - 2016-08-05 11:19 - 00424592 _____ C:\Windows\runkey.exe
2017-02-03 02:39 - 2017-02-03 02:39 - 09339624 _____ (Spyrix Security Inc.) C:\Users\Hp\Desktop\sfk_setupcn.exe
2017-02-02 00:34 - 2017-02-02 00:34 - 00075032 _____ C:\Users\Hp\Desktop\HSS-sd-update.exe
2017-01-22 18:06 - 2017-01-22 18:07 - 40537320 _____ (Opera Software) C:\Users\Hp\Desktop\Opera_42.0.2393.137_Campaign_70_Setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-18 22:30 - 2016-09-07 00:12 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-18 21:48 - 2016-07-13 02:01 - 00000000 ___HD C:\Program Files (x86)\Spyrix Free Parental Control
2017-02-18 21:48 - 2013-06-01 22:39 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2017-02-18 21:47 - 2016-03-10 20:06 - 00000000 ____D C:\Users\Mr C\Desktop\real-free-keylogger-274-1
2017-02-18 08:24 - 2016-08-31 01:18 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-17 21:57 - 2009-07-14 07:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-17 21:57 - 2009-07-14 07:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-17 21:47 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-17 20:27 - 2012-02-25 17:42 - 00000000 ____D C:\Windows\System32\Tasks\Games
2017-02-17 19:23 - 2011-05-31 13:13 - 00000000 ____D C:\Users\Hp
2017-02-17 19:20 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2017-02-17 19:10 - 2011-05-31 14:39 - 00000000 ____D C:\Users\Hp\AppData\LocalLow\Temp
2017-02-17 19:08 - 2009-07-14 06:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-17 19:08 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-02-17 10:17 - 2011-06-04 11:38 - 00000000 ____D C:\Users\Hp\AppData\Local\Adobe
2017-02-16 16:54 - 2016-06-13 06:38 - 00000000 ____D C:\Users\Guest
2017-02-16 16:54 - 2014-12-01 08:18 - 00000000 ____D C:\Users\TEMP
2017-02-16 16:53 - 2011-05-31 14:38 - 00000000 ____D C:\Users\Hp\AppData\Roaming\uTorrent
2017-02-16 16:40 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-02-16 16:40 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-02-16 16:40 - 2011-10-02 12:43 - 00000000 ____D C:\Users\Mr C
2017-02-16 11:03 - 2012-05-14 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-15 14:33 - 2012-02-19 00:46 - 00000000 ____D C:\Users\Hp\AppData\Roaming\vlc
2017-02-15 14:30 - 2009-07-14 08:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-15 08:31 - 2013-06-01 23:01 - 00000000 ____D C:\Program Files\COMODO
2017-02-15 06:45 - 2015-10-08 00:35 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000UA.job
2017-02-15 06:45 - 2015-10-08 00:35 - 00000854 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000Core.job
2017-02-15 06:44 - 2011-05-31 14:01 - 00000000 ____D C:\ProgramData\MFAData
2017-02-15 06:41 - 2016-02-27 15:15 - 00000000 ____D C:\ProgramData\Avg
2017-02-14 20:25 - 2015-10-10 02:02 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-14 17:03 - 2016-10-26 13:59 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Free Desktop Clock 3
2017-02-14 17:03 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
2017-02-14 17:02 - 2011-06-21 08:18 - 00000000 ____D C:\ProgramData\Real
2017-02-02 01:24 - 2016-03-16 01:24 - 00000000 ____D C:\Users\Hp\AppData\Roaming\Hotspot Shield
2017-02-01 01:28 - 2012-05-13 02:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-28 22:14 - 2016-08-31 01:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-21 23:40 - 2016-10-30 11:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2016-11-20 22:32 - 2016-11-28 09:41 - 0000132 _____ () C:\Users\Hp\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-03-18 23:46 - 2016-08-10 14:38 - 0000205 _____ () C:\Users\Hp\AppData\Roaming\burnaware.ini
2012-12-17 14:14 - 2013-05-25 19:21 - 0001155 _____ () C:\Users\Hp\AppData\Roaming\evmanage.prf
2012-12-16 09:30 - 2012-12-19 19:24 - 0003934 _____ () C:\Users\Hp\AppData\Roaming\evpro32.prf
2016-10-10 16:11 - 2016-10-10 16:11 - 0001456 _____ () C:\Users\Hp\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-02-15 05:42 - 2017-02-15 05:42 - 1455218 _____ () C:\Users\Hp\AppData\Local\ars.cache
2017-02-15 05:44 - 2017-02-15 05:44 - 0899425 _____ () C:\Users\Hp\AppData\Local\census.cache
2013-10-12 22:57 - 2013-10-12 22:57 - 0003584 _____ () C:\Users\Hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-14 16:40 - 2017-02-14 16:40 - 0000036 _____ () C:\Users\Hp\AppData\Local\housecall.guid.cache
2011-10-25 00:24 - 2016-08-10 23:00 - 0007579 _____ () C:\Users\Hp\AppData\Local\Resmon.ResmonCfg
2017-02-14 16:56 - 2017-02-15 04:59 - 0000010 _____ () C:\Users\Hp\AppData\Local\sponge.last.runtime.cache
2012-03-15 23:01 - 2012-03-15 23:01 - 0000000 _____ () C:\ProgramData\._ntmpdbx_

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-27 00:17

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017 01
Ran by Hp (18-02-2017 22:37:08)
Running from C:\Users\Hp\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-05-31 10:12:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2588610484-973985184-251928395-500 - Administrator - Disabled)
Guest (S-1-5-21-2588610484-973985184-251928395-501 - Limited - Disabled) => C:\Users\Guest
Hp (S-1-5-21-2588610484-973985184-251928395-1000 - Administrator - Enabled) => C:\Users\Hp
Mr C (S-1-5-21-2588610484-973985184-251928395-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
7-Zip 16.02 (HKLM-x32\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Aiseesoft Total Video Converter Platinum 6.3.28 (HKLM-x32\...\{3661F243-518C-4d05-8BDF-7B10CC22689F}_is1) (Version: 6.3.28 - Aiseesoft Studio)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.206.1717.117 - Alps Electric)
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AOMEI Partition Assistant Standard Edition 5.2 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - Aomei Technology Co., Ltd.)
Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
AVG 2016 (HKLM\...\{ACC5B116-C09D-429E-9ACF-768FA52DC072}) (Version: 16.0.4545 - AVG Technologies)
Avidemux 2.5 (HKLM-x32\...\Avidemux 2.5) (Version: 2.5.4.6714 - )
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.4 - GPL Public release.)
AxCrypt 2.1.1398.0 (HKLM\...\{D164A256-AD4D-411C-B3FA-77AFA593A326}) (Version: 2.1.1398.0 - AxCrypt AB)
Bigasoft Total Video Converter 5.0.10.5862 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C6750}_is1) (Version:  - Bigasoft Corporation)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
BurnAware Free 6.0 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMODO Internet Security Premium (HKLM\...\{F1EC4151-805B-4097-B9BB-7D71A417AAF1}) (Version: 6.1.14723.2813 - COMODO Security Solutions Inc.)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diff Doc (HKLM-x32\...\Diff Doc_is1) (Version:  - Softinterface, Inc.)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
Driver Booster 3.4 (HKLM-x32\...\Driver Booster_is1) (Version: 3.4 - IObit)
DriverEasy 4.9.5 (HKLM\...\DriverEasy_is1) (Version: 4.9.5.0 - Easeware)
Dropbox (HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
Duplicate Cleaner 2.1b (HKLM-x32\...\Duplicate Cleaner) (Version: 2.1b - DigitalVolcano)
ExamDiff 1.9 (Build 1.9.0.2) (HKLM-x32\...\ExamDiff_is1) (Version: 1.9.0.2 - PrestoSoft LLC)
ExamView Assessment Suite (HKLM-x32\...\ExamView Pro) (Version:  - )
Free Desktop Clock 3.0 (HKLM\...\Free Desktop Clock_is1) (Version:  - Drive Software Company)
Free Video Joiner (HKLM-x32\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version:  - FreeVideoJoiner.com)
FreeKeyl0gger (HKLM-x32\...\FreeKeyl0gger) (Version:  - IwantSoft ,Inc.)
GeekBuddy (HKLM-x32\...\{16EA7646-0EC3-4CF8-8484-432D07E267BA}) (Version: 4.25.167 - Comodo Security Solutions Inc)
Golden Al-Wafi Translator (C:\Program Files (x86)\Golden Al-Wafi Translator\) (HKLM-x32\...\ST6UNST #2) (Version:  - )
Golden Al-Wafi Translator (HKLM-x32\...\ST6UNST #1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hao123.com (HKLM-x32\...\Hao123.com) (Version:  - ) <==== ATTENTION
Hao123-Client (HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\hao123desk-sa) (Version: 1.0.0.1106 - Baidu Online Network Technology (Beijing) Co., Ltd.) <==== ATTENTION
Hijri Calendar 1.4 (HKLM-x32\...\Hijri Calendar_is1) (Version: 1.4 - DivineIslam)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.26.37 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
InstallLoginWithSmartCard Application (HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\...\4160695148.eservices.moi.gov.sa) (Version:  - eservices.moi.gov.sa)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
KeyBlaze Typing Tutor (HKLM-x32\...\KeyBlaze) (Version: 2.14 - NCH Software)
K-Lite Codec Pack 10.0.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Lenovo Smart Assistant 1.03 (HKLM-x32\...\VibeRomFlash) (Version: 1.03.0.0 - Lenovo)
Machete Lite 3.7 (HKLM-x32\...\{91D8E9BA-6BDB-4559-89CD-633EBED4C385}) (Version: 3.7.22 - MacheteSoft)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Messenger Plus! Community Smartbar (HKLM-x32\...\{56E7FDE0-5957-4626-9C47-5CD23A3C75AD}) (Version: 1.6.1.788 - Messenger Plus!) <==== ATTENTION
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Document Recrypt Tool (HKLM-x32\...\{90150000-2007-0409-0000-0000000FF1CE}) (Version: 15.0.4433.1502 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Genie (HKLM-x32\...\{CB5B32BF-550C-4663-BBB0-20E29EB200B5}) (Version: 1.003.010 - COMPANY)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Firefox 49.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x64 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
Mozilla Thunderbird 45.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.5.0 (x86 en-US)) (Version: 45.5.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NaturalReader 14 (HKLM-x32\...\{9BB1F2B5-0A9D-402B-9613-DC5BCF878C22}) (Version: 1.00.0000 - Naturalsoft)
NbuExplorer version 3.0 (HKLM-x32\...\{6C58B3E8-0822-490B-BC94-40CC02A6B37F}_is1) (Version: 3.0 - Petr Vilem)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version:  - Softperfect)
Next Video Converter version 4.0.3 (HKLM-x32\...\{752EC6FD-1CEB-409B-AEF5-A297943102EA}_is1) (Version: 4.0.3 - NextVideoSoft Inc.)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Nokia Software Updater (HKLM-x32\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.3.89.0 - Nokia)
Nokia Suite (x32 Version: 3.3.89.0 - Nokia) Hidden
Opera Stable 38.0.2220.41 (HKLM-x32\...\Opera 38.0.2220.41) (Version: 38.0.2220.41 - Opera Software)
Opera Stable 38.0.2220.41 (HKLM-x32\...\Opera 38.0.2220.411) (Version: 38.0.2220.41 - Opera Software)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PC Search 24 (HKLM-x32\...\{AB7228BB-209B-4243-8C24-1E755C644549}) (Version: 1.24.0000 - USDA-ARS-Nutrient Data Lab)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.201.0 - Tracker Software Products Ltd)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.4.17 - Prolific Technology INC)
Quick Startup 2.9.0.823 (HKLM-x32\...\Quick Startup_is1) (Version:  - Glarysoft.com)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0145 - )
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Revo Uninstaller Pro 2.2.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.2.3 - VS Revo Group, Ltd.)
SafeZone Stable 3.55.2393.527 (x32 Version: 3.55.2393.527 - Avast Software) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 5.14 (64-bit) (HKLM\...\Sandboxie) (Version: 5.14 - Sandboxie Holdings, LLC)
ScreenRecorder (HKLM\...\{55A9972B-EA29-43C3-94B6-7A178D6F2E11}) (Version: 4.0.0 - Burak Uysaler)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1148 - SUPERAntiSpyware.com)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
TEncoder Video Converter version 3.6.0 64bit (HKLM-x32\...\{7B1F9D22-568D-4109-B128-040BF8A932FC}_is1) (Version: 3.6.0 64bit - ozok)
TimeLeft (HKLM-x32\...\TIMELEFT3_is1) (Version: 3.62 - NesterSoft Inc.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Verbose Text to Speech (HKLM-x32\...\Verbose) (Version: 2.01 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 4.8.8.0 - BiniSoft.org)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Encoder 9 Series x64 Edition (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinGuard Pro 7.7.9 (HKLM-x32\...\WinGuard Pro_is1) (Version:  - )
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Word Password Recovery Standard  (HKLM-x32\...\Word Password Recovery Standard) (Version:  - SmartKey, Inc.)
Zimbra Desktop (64-bit) (HKLM\...\{9D3B5C7A-BB5B-4B92-8CF7-AE28F9E4C24A}) (Version: 7.2.8.12102 - Zimbra)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2588610484-973985184-251928395-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E3AEDB6-3F31-4F72-8A09-772AF7F7F4B3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-14] (AVAST Software)
Task: {268543AD-AD20-4471-8C99-E72567D90648} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-14] (AVAST Software)
Task: {2A233CCD-14F6-447F-8CC6-511B126B2A23} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000Core => C:\Users\Hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-08] (Dropbox, Inc.)
Task: {302BA404-49CA-4975-A9FE-8AE67DCFF515} - System32\Tasks\Opera scheduled Autoupdate 1472800215 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-30] (Opera Software)
Task: {387C0FD6-F918-4901-B2CC-7B2EFD2B4846} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {3E5331C1-0D62-4EF2-93B0-BA0E964505F6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000UA => C:\Users\Hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-08] (Dropbox, Inc.)
Task: {43185D05-029E-4140-97C9-37A38C1F3254} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2588610484-973985184-251928395-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {464645A2-CF13-4A93-9941-2CB5EA891858} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe 
Task: {4689ADF2-1067-4528-B68D-D2C09CEB9AA2} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cfpconfg.exe 
Task: {4C4CA173-F99A-4527-A267-55767BA46C1F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-04] (Adobe Systems Incorporated)
Task: {689C7773-4B87-4CA0-8415-F447492A266B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe 
Task: {711FC1A5-3E52-466F-AF3E-7D2715133AE1} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cis.exe 
Task: {75B9B3DD-ED68-4BC7-8E1D-0770DF628432} - System32\Tasks\SafeZone scheduled Autoupdate 1487130947 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-03] (Avast Software)
Task: {76E752E5-61F4-4D1D-B0CF-99D7AB150A9D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe 
Task: {798CB577-5E44-4FD6-A30C-67692A172A06} - System32\Tasks\GoogleUpdateTaskMachineCore1d2340992d2ad2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)
Task: {86A498DF-D86E-4FBC-87D1-DA0FAF246ACA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2588610484-973985184-251928395-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {911973FE-BB9D-4018-B471-E6DCF3F3DF0C} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cfpconfg.exe 
Task: {9169B514-DA0B-4536-A62A-91D89662A43D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {959034D6-A1FA-426C-93A6-018FCAF5FE92} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cfpconfg.exe 
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => %windir%\system32\srtasks.exe 
Task: {996F3875-8B44-4ABA-BF3D-8D67C8327528} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe 
Task: {A0B83486-D6B0-4375-8B1F-A8A0540F7FF9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2588610484-973985184-251928395-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe 
Task: {A763D1AF-6982-46EC-BAA8-C60BB08CBC57} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2588610484-973985184-251928395-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {A8C1BDC5-539F-445D-A1BC-F1B2266FC6DB} - System32\Tasks\Opera scheduled Autoupdate 1472595558 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-30] (Opera Software)
Task: {AF74B3A8-F495-458F-A591-D45231B28C9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)
Task: {BBCA27E9-4A97-4EDB-B85F-F910B5360D71} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe 
Task: {C7170B82-46E4-4EFF-89CF-D948EF679DF1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {C8847EA6-13C6-4DC9-960B-70684F79FFF6} - System32\Tasks\{499D67E9-84AD-4FD4-82C9-CE36A0412CD5} => pcalua.exe -a C:\Users\Hp\Downloads\Programs\sp47359.exe -d C:\Users\Hp\AppData\Roaming\IDM
Task: {C8F7623E-6C6D-40D7-A956-F559771FC433} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)
Task: {D1A2D437-3508-4E21-B526-1E5C8D77A75F} - System32\Tasks\GoogleUpdateTaskMachineUA1d23409990f5b2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-07] (Google Inc.)
Task: {D7241891-808C-4E01-8C00-79B5069C1175} - System32\Tasks\AdobeAAMUpdater-1.0-Hp-PC-Hp => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {E22F693A-1C86-4398-A1E4-70449AD45891} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cfpconfg.exe 
Task: {F383F3A4-7151-4AF9-99CA-64802B89C31D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-13] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000Core.job => C:\Users\Hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2588610484-973985184-251928395-1000UA.job => C:\Users\Hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 ____R () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 ____R () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-05-31 14:43 - 2009-06-02 01:15 - 00051200 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-07-15 07:44 - 2010-07-15 07:44 - 00020032 ____R () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-12-18 17:13 - 2012-12-06 13:09 - 00136704 _____ () C:\Windows\System32\zlhp1600.dll
2013-12-18 16:41 - 2012-12-06 13:52 - 00136704 _____ () C:\Windows\System32\zlhp2600.dll
2013-12-18 16:34 - 2012-09-18 15:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2012-03-03 12:05 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-12-18 16:35 - 2012-09-18 15:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2013-12-18 17:43 - 2012-12-04 20:33 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL
2016-10-26 13:59 - 2013-04-24 19:20 - 02007040 _____ () C:\Program Files\Free Desktop Clock\timeserv.exe
2017-02-15 09:48 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-15 09:48 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-11-21 03:16 - 2016-11-17 15:37 - 00831488 _____ () C:\Program Files\NetWorx\sqlite.dll
2017-02-14 20:23 - 2017-02-14 20:23 - 00162600 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-02-14 20:23 - 2017-02-14 20:23 - 00792656 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2016-10-05 04:18 - 2016-10-05 04:18 - 00200192 _____ () C:\Program Files\Zimbra\Zimbra Desktop\win64\zdesktop.exe
2016-11-23 14:08 - 2016-11-23 14:08 - 00528896 _____ () C:\Users\Hp\AppData\Local\Zimbra\Zimbra Desktop\data\tmp\java\sqlite-3.7.51-sqlitejdbc.dll
2017-02-14 20:23 - 2017-02-14 20:23 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-14 20:23 - 2017-02-14 20:23 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-14 20:23 - 2017-02-14 20:23 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-14 20:23 - 2017-02-14 20:23 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2016-09-02 10:10 - 2016-06-30 15:31 - 67945512 _____ () C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-09-02 10:10 - 2016-06-30 15:31 - 02203176 _____ () C:\Program Files (x86)\Opera\38.0.2220.41_0\libglesv2.dll
2016-09-02 10:10 - 2016-06-30 15:31 - 00087080 _____ () C:\Program Files (x86)\Opera\38.0.2220.41_0\libegl.dll
2011-06-14 09:11 - 2011-06-14 09:11 - 00856064 _____ () C:\Program Files\Zimbra\Zimbra Desktop\win64\prism\xulrunner\js3250.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2588610484-973985184-251928395-1000\...\123simsen.com -> www.123simsen.com

There are 7749 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-13 03:02 - 2016-11-13 01:41 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2588610484-973985184-251928395-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2588610484-973985184-251928395-1002.bak\Control Panel\Desktop\\Wallpaper -> C:\Users\Mr C\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2588610484-973985184-251928395-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AvgAMPS => 3
MSCONFIG\Services: AVGIDSAgent => 2
MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: avgwd => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: EASEUS Agent => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MsgPlusService => 2
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: Realtek87B => 2
MSCONFIG\Services: ScrybeUpdater => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk => C:\Windows\pss\Scrybe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TimeLeft.lnk => C:\Windows\pss\TimeLeft.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ADSNWK => C:\Windows\System32\adsnwk.exe
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: COMODO Internet Security => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MessengerPlusForSkypeService => "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
MSCONFIG\startupreg: MobileMonitor => C:\Program Files (x86)\Mobile Genie\MobileMonitor.exe start
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: NSU_agent => "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{13BD5CD5-3FF1-4CAD-96CB-0297646304D2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{3CF6DEF4-791E-4964-891B-DE087B71D232}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{90A2BCF6-6724-4FED-96F8-2F26988E12B7}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{EE81AFD7-DCD5-4016-9DC8-F04FEE88E37A}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{A8C5B3E3-FBDD-45FC-9D5D-58A01E526A9C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5415F7A7-2F06-4344-92EE-E43019E9E08A}C:\call of duty- modern warfare 3\iw5mp_server.exe] => (Allow) C:\call of duty- modern warfare 3\iw5mp_server.exe
FirewallRules: [UDP Query User{94F3C177-1E1D-461C-9054-09305C957146}C:\call of duty- modern warfare 3\iw5mp_server.exe] => (Allow) C:\call of duty- modern warfare 3\iw5mp_server.exe
FirewallRules: [{F9B2219A-1CA1-4F98-832B-4803BE8A1FD6}] => (Allow) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
FirewallRules: [{18F4AF78-7A57-44CC-BF67-1D13C1B11E6C}] => (Allow) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
FirewallRules: [{BBBB6032-CF01-4DA6-B6E6-2B07E35B3E21}] => (Allow) LPort=1542
FirewallRules: [{26506410-3A4A-42C8-9105-129E5A05EC8E}] => (Allow) LPort=1542
FirewallRules: [{845B6461-6596-480E-AE52-5E049AF322D9}] => (Allow) LPort=53
FirewallRules: [{352EA28F-2EB7-4357-A5A2-E393EE437646}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{D9834F20-E324-4B17-8282-195CCB98EC8E}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{7A8E07EF-7AC1-4EAF-B615-3D978EBA5E35}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{51B20902-E5B9-4D99-AE5C-A1A1CF70E67F}] => (Allow) C:\Users\Hp\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{68E4F057-923D-4773-97F8-701C806651E5}] => (Allow) C:\Users\Hp\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{59E6CA36-D60F-480F-9BC7-4FF2CF22C71C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3F05B128-BADA-47E7-BF71-C5B9822BA406}] => (Allow) LPort=2869
FirewallRules: [{77113237-B569-45BB-B6D0-97813C10CE49}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2E224BE6-322F-467D-8CF1-87C48493A1A4}C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{64F43151-6602-4584-98DF-2E8041CB21C2}C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{86B3C0E4-A92A-4A93-89C2-A1D2FDE2546D}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{D7ADEA8A-B261-4B3B-902C-EB0F1F106E1C}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{964B3E8A-7CE7-4A43-B1DF-7594F1491D16}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{5D47C276-C631-4E22-AF6F-AF1B393B67A6}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{20CCD95B-E163-4CDF-A40F-7E5FBCE2643A}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{B1D634BD-60B8-4A69-8BFE-AEF4A2ADF40A}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{B91B4B37-BB45-4966-8972-2ABA4DEE49A1}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{4F6D7798-D969-4CE9-8523-0654863E84B1}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{AE2EAB57-2D4E-404A-8935-5909909C8CD8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{5C2FDFCA-34BF-4F3D-B920-A0720E5ABE28}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{D51EBF60-335D-40BA-B3B6-397AAA075824}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2B965201-3776-4E34-9848-20F175D0D7E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9CC7741-B4B0-44FF-8685-F8D5BCF42989}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{D2767BF1-B880-4AA1-A761-6AEC6E8ACC90}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{732962E8-436F-4E37-BA94-1B83DE3576BA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{D9F555F1-FB0F-4F28-9D71-2F36F06B2B68}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{E383D4A5-6EEF-472E-B822-F66D4E72E2B1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{0EE76FAD-1B11-437B-A68D-29693CF8B001}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{C099B6E3-F0F6-4C36-8ED0-1B584874FC83}] => (Allow) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{273058EA-C20A-4998-9C46-CE5320B75CCB}] => (Block) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{268300EB-97D5-4B6F-9D1D-E9305867E7B2}] => (Allow) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BFF8B330-4C8E-4143-8793-9EB54F24BF47}] => (Allow) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ADB372A5-093D-4840-AF97-264C06B3F448}] => (Allow) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9199EB47-87B1-48BC-9580-B598D1C5AF1F}] => (Block) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{584ED426-6F1B-491D-B49D-BDB471238743}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E105CA4C-33D3-42BD-BD6A-23447BB4CAF2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5BB2A2E7-BB3B-4EEA-85EB-3A5EABDAA382}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hp\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{D229DDBE-76C4-437A-938E-2B2588A7D464}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hp\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{7B40DE0C-3FC9-4B7F-B966-53E2D16DE6B9}] => (Block) C:\Program Files (x86)\Naturalsoft\NR14\NR14.exe
FirewallRules: [TCP Query User{B7F4A7BB-CE6C-4ECC-97EE-4833B2E4C0A9}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hp\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{E2D97C28-17D0-45C9-9587-7BBF06DA9530}C:\users\hp\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hp\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{8C529B00-41E9-4AC2-8BBE-8476DEB40CB3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{70B4F6C3-810D-4EA8-B5B1-AC8994C8184A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AF2AEA21-EEBC-4490-BFD0-F5599F3F23A6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B7D3DF56-8E12-4323-BF79-70653311CC00}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E4C741AE-4693-4BF0-92AA-CF551565D701}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{D560BE67-E42C-4436-A862-C1E3BA94562A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3F5752B1-A079-40C3-80F3-3B1E5B86E967}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1E32C9AC-835F-470C-9517-6780968C6A85}] => (Allow) LPort=1900
FirewallRules: [{38B0A773-750F-42C1-BBFD-8963BE8CB116}] => (Allow) LPort=2869
FirewallRules: [{4CC677AF-6506-41F1-AE08-B6938753B766}] => (Allow) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{80133B6E-1BB0-4198-BEEB-841117478E3D}] => (Allow) C:\Users\Work\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0FB14003-13FB-49FD-AE42-045FF07F5788}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{729C374D-06CD-4EFF-935E-519E5DC60A84}] => (Allow) C:\Program Files (x86)\Opera\38.0.2220.41_0\opera.exe
FirewallRules: [{0FB955DB-A560-47B0-9ECB-80C62D8B5A7A}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{DC1527C4-2615-4F86-9128-E00FEB8C61EF}] => (Allow) C:\Program Files (x86)\Connectify\Connectify.exe
FirewallRules: [{CA71AB33-3F5E-4575-BA7B-E1A1A3EA59BB}] => (Allow) %ProgramFiles% (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{39101FA8-6210-47F7-883C-72672298FA62}] => (Allow) %ProgramFiles% (x86)\Mozilla Thunderbird\thunderbird.exe
FirewallRules: [{452275DC-F617-4229-90B9-C3E552B8A282}] => (Allow) %ProgramFiles%\Microsoft Office\Office14\MSOHTMED.EXE
FirewallRules: [{3259D78A-B393-4E30-8D5E-DF35FFF0FE42}] => (Allow) %ProgramFiles%\Windows Defender\MSASCui.exe
FirewallRules: [{E79EC077-9287-4648-A115-CB878B06A7F3}] => (Allow) C:\Users\Hp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{792A6AE4-6349-4B25-B560-D38CEF6B35E1}] => (Allow) C:\Users\Hp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{1BFFA0BF-A574-4CDB-8465-1FDE9C2E7C2A}C:\program files (x86)\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\java.exe
FirewallRules: [UDP Query User{6B723B53-C848-4716-BC01-2F91E1F1BAC3}C:\program files (x86)\java\jre1.8.0_73\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\java.exe
FirewallRules: [{A11B2A95-6A34-4B64-A95F-CB03FF3231AF}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\java.exe
FirewallRules: [{FBD24921-5117-49C8-91CF-ACC87A9AEDE2}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\java.exe
FirewallRules: [{C2D7B993-9961-478B-9726-D67991DBDBB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-02-2017 08:21:08 Windows Update

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: MediaTek DA USB VCOM Port (COM11)
Description: MediaTek DA USB VCOM Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: MediaTek Inc.
Service: usbser
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VPN Client Adapter - me
Description: VPN Client Adapter - me
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther Corporation
Service: Neo_me
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Anchorfree HSS VPN Adapter
Description: Anchorfree HSS VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Anchorfree HSS VPN Adapter
Service: taphss6
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: MediaTek PreLoader USB VCOM (Android) (COM13)
Description: MediaTek PreLoader USB VCOM (Android)
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: MediaTek Inc.
Service: wdm_usb
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: EASEUS Disk Enumerator
Description: EASEUS Disk Enumerator
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: EUDISK
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2017 09:46:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/18/2017 09:36:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/18/2017 04:28:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/18/2017 10:49:06 AM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 714866688 (0x000000002a9c0000) (database page 21815 (0x5537)) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [e2e7e2e7f917e11c:0d92f26d32e0555c:a62e59d13b826417:9ecf61300fce5938] and the actual checksum was [e2e2e2e2f912a919:0d92f26d32e0555c:a62b59d43b822c17:9ecf61300fce5938].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (02/18/2017 08:23:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/18/2017 08:21:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2588610484-973985184-251928395-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {f44bc666-778f-4b86-a0ce-d7b123888db7}

Error: (02/17/2017 07:52:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2588610484-973985184-251928395-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {159fa4ea-12f0-4a8c-a3e8-7f0695cfd9d2}

Error: (02/17/2017 07:07:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2588610484-973985184-251928395-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {07ea2a08-7bf0-47b0-a391-5c5177e4904a}

Error: (02/17/2017 07:07:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bb836cca-3291-4013-8b86-6386578f5427}

Error: (02/17/2017 07:07:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2588610484-973985184-251928395-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {07ea2a08-7bf0-47b0-a391-5c5177e4904a}


System errors:
=============
Error: (02/18/2017 08:27:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: December, 2016 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 7 and Windows Server 2008 R2 for x64 (KB3205402).

Error: (02/17/2017 09:50:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (02/17/2017 09:50:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (02/17/2017 09:46:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (02/17/2017 09:41:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.

Error: (02/17/2017 09:41:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/17/2017 09:41:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/17/2017 09:41:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WD Drive Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/17/2017 09:41:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Atomic Alarm Clock Time service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/17/2017 09:41:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 94%
Total physical RAM: 3893.86 MB
Available physical RAM: 217.32 MB
Total Virtual: 8313.9 MB
Available Virtual: 994.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:264.66 GB) (Free:166.54 GB) NTFS
Drive e: () (Removable) (Total:1.84 GB) (Free:0.41 GB) FAT
Drive h: (Share) (Fixed) (Total:1 GB) (Free:0.21 GB) NTFS
Drive o: (My drive) (Fixed) (Total:200 GB) (Free:9.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5B722412)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=264.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=200 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

1 hour ago, Aura said:

That looks good. Now, do you see the following programs listed in the Control Panel? If you do, uninstall them. If not, let me know.

 

  • Hao123.com
  • Hao123-Client
  • Messenger Plus! Community Smartbar

 

Nope. Don't see them in the control panel

Link to post
Share on other sites

Alright, follow the instructions below.

EndqYRa.pngRegistry - Export Uninstall Keys

  • On Windows Vista, 7 & 10, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Run as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the following commands, one after the other. You'll know when you're ready to input the next command when a new line with a blinking cursor will appear under the precedent one:
    Note: You can copy and paste these commands instead of typing them. To copy a command inside the command prompt, move your mouse over the blinking cursor, right-click and select Paste. You must have copied the command prior to that (via Ctrl + C or left-click and Copy).
    reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s > "%userprofile%\Desktop\hklm_uninstall64.txt"
    reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall /s > "%userprofile%\Desktop\hklm_uninstall32.txt"
    reg query HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s > "%userprofile%\Desktop\hkcu_uninstall.txt"
    
  • Once you're done running the commands, two files will have appeared on your desktop:
    • hklm_uninstall32.txt
    • hklm_uninstall64.txt
    • hkcu_uninstall.txt
  • Create a new folder on your Desktop and move the 3 files inside it. Once done, archive (.zip) the folder (right-click on it, select Send to... and select Compressed archive (.zip));
  • Attach the .zip archive in your next post;

Link to post
Share on other sites

Found them

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-sa
    DisplayIcon    REG_SZ    "C:\Users\Hp\AppData\Roaming\baidu\hao123-sa\hao123.1.0.0.1106.exe"
    DisplayName    REG_SZ    Hao123-Client
    DisplayVersion    REG_SZ    1.0.0.1106
    HelpLink    REG_SZ   http://www.hao123.com/desk.html
    Publisher    REG_SZ    Baidu Online Network Technology (Beijing) Co., Ltd.
    UninstallString    REG_SZ    "C:\Users\Hp\AppData\Roaming\baidu\hao123-sa\hao123.1.0.0.1106.exe" -uninstall

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Hao123.com
    DisplayName    REG_SZ    Hao123.com
    UninstallString    REG_SZ    C:\Program Files (x86)\Hao123.com\UninstallMinibar.exe
    NoModify    REG_DWORD    0x1
    NoRepair    REG_DWORD    0x1
    DisplayIcon    REG_SZ    C:\Program Files (x86)\Hao123.com\UninstallMinibar.exe,0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56E7FDE0-5957-4626-9C47-5CD23A3C75AD}
    AuthorizedCDFPrefix    REG_SZ    
    Comments    REG_SZ    
    Contact    REG_SZ    
    DisplayVersion    REG_SZ    1.6.1.788
    HelpLink    REG_EXPAND_SZ   http://www.msgplus.net
    HelpTelephone    REG_SZ    
    InstallDate    REG_SZ    20130209
    InstallLocation    REG_SZ    
    InstallSource    REG_SZ    C:\Users\Hp\AppData\Local\Temp\plsk_8bf3.tmp\
    ModifyPath    REG_EXPAND_SZ    MsiExec.exe /X{56E7FDE0-5957-4626-9C47-5CD23A3C75AD}
    NoModify    REG_DWORD    0x1
    NoRepair    REG_DWORD    0x1
    Publisher    REG_SZ    Messenger Plus!
    Readme    REG_SZ    
    Size    REG_SZ    
    EstimatedSize    REG_DWORD    0x5170
    UninstallString    REG_EXPAND_SZ    MsiExec.exe /X{56E7FDE0-5957-4626-9C47-5CD23A3C75AD}
    URLInfoAbout    REG_SZ   http://pages.msgplus.net/toolbar/faq.html
    URLUpdateInfo    REG_SZ    
    VersionMajor    REG_DWORD    0x1
    VersionMinor    REG_DWORD    0x6
    WindowsInstaller    REG_DWORD    0x1
    Version    REG_DWORD    0x1060001
    Language    REG_DWORD    0x409
    DisplayName    REG_SZ    Messenger Plus! Community Smartbar

Link to post
Share on other sites

Good :) Now, you see these "UninstallString" commands? Press on Windows + X to open the Run command, then copy/paste each of them (one at the time) and press on Enter. This should uninstall each program one by one. Here are the 3 commands:

"C:\Users\Hp\AppData\Roaming\baidu\hao123-sa\hao123.1.0.0.1106.exe" -uninstall
C:\Program Files (x86)\Hao123.com\UninstallMinibar.exe
MsiExec.exe /X{56E7FDE0-5957-4626-9C47-5CD23A3C75AD}

 

Link to post
Share on other sites

It's possible that these files have been removed. Can you try the two others and let me know if you get the same error message? If you do, I'll put together a FRST fix that will remove the Uninstall keys for these programs, and also remove their folders if they're still there.

Link to post
Share on other sites

Alright here goes.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

fixlist.txt

Link to post
Share on other sites

Sorry for the delay

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-02-2017
Ran by Hp (22-02-2017 22:43:17) Run:4
Running from C:\Users\Hp\Desktop\New folder (3)
Loaded Profiles: Hp (Available Profiles: Hp & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:

REG: REG DELETE "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-sa" /f
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Hao123.com" /f
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56E7FDE0-5957-4626-9C47-5CD23A3C75AD}" /f

C:\Program Files (x86)\Hao123.com
C:\Users\Hp\AppData\Roaming\baidu

*****************

Processes closed successfully.

========= REG DELETE "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-sa" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Hao123.com" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56E7FDE0-5957-4626-9C47-5CD23A3C75AD}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

"C:\Program Files (x86)\Hao123.com" => not found.
"C:\Users\Hp\AppData\Roaming\baidu" => not found.


The system needed a reboot.

==== End of Fixlog 22:43:20 ====

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.