Jump to content

Recommended Posts

My Chrome page(s) keep getting redirected (YouTube, Facebook, Yahoo,...). After purchasing Malwarebytes I noticed that there seems to be a file(maybe rootkit?, I'm not sure) that Malwarebytes keeps quarantining but whenever I launch Chrome, my pages get redirected to the Chrome App store. Before I bought the product it use to redirect me somewhere else(383lahksa or something like that) but now it's the Chrome App store. I'm not sure how to resolve this. I would appreciate any feedback and suggestions. I've added a screen grab of the redirected page. This doesn't happen on Microsoft Edge, only Chrome.Capture.thumb.PNG.df4100417cb9b5927828460c5ee1227b.PNG

Thank You

Link to post
Share on other sites

Hello rezalini and :welcome: Forum.

My screen name is Android 8888 and I'll be helping you with your malware issues. Please ask questions if anything is unclear.

NOTE: If you're using Peer 2 Peer software such as uTorrent or similar please completely disable it from running while being assisted here.

Please DO NOT run any tools unless asked to do so.
Please follow the instructions in the order listed.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt).
  • Please attach the two logs to your reply if possible. Otherwise you may copy/paste the content of the logs directly if you have to.

Thank you.

Android8888

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by Reza (25-02-2017 14:13:23)
Running from C:\Users\Reza\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-27 08:41:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3294675276-783259607-3426699991-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3294675276-783259607-3426699991-503 - Limited - Disabled)
Guest (S-1-5-21-3294675276-783259607-3426699991-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3294675276-783259607-3426699991-1002 - Limited - Enabled)
Reza (S-1-5-21-3294675276-783259607-3426699991-1000 - Administrator - Enabled) => C:\Users\Reza

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Suite (HKLM\...\{F6238EAB-3AD7-4B0E-B0AD-E533A93A5C32}) (Version: 9.0.0.0 - Ableton)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3501.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.3501.00 - CyberLink Corp.) Hidden
ACID Music Studio 9.0 (HKLM-x32\...\{FAD22280-8DD6-11E3-A36E-F04DA23A5C58}) (Version: 9.0.40 - Sony)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcadeMovie (HKLM-x32\...\InstallShield_{E670F1F2-A882-4EE5-90E1-EFBF46AB5A01}) (Version: 4.00.0000 - CyberLink Corp.)
ArcadeMovie (x32 Version: 4.00.0000 - CyberLink Corp.) Hidden
ArtRage 4 Demo (HKLM-x32\...\ArtRage 4 Demo 4.5.2.0) (Version: 4.5.2.0 - Ambient Design)
ArtRage 4 Demo (Version: 4.5.2.0 - Ambient Design) Hidden
AudioBox version 1.2 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.2 - PreSonus)
Avid Mbox 2 USB Drivers (x64) (HKLM\...\{F9242D4E-09E7-45C7-A53A-83375D0FAD42}) (Version: 9.0.2 - Avid Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.49.150 - OSToto Co., Ltd.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack)
Freemake Video Converter version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Max 6.1.8 (x64) (HKLM\...\{B3071CEA-6555-4660-BBC9-A3A28F00197A}) (Version: 136.1.8 - Cycling '74)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Moo0 Audio Converter 1.32 (HKLM-x32\...\Moo0 AudioTypeConverter) (Version:  - )
Moo0 Voice Recorder 1.43 (HKLM-x32\...\Moo0 VoiceRecorder) (Version:  - )
Moo0 YouTube Downloader 1.06 (HKLM-x32\...\Moo0 Utube-DL) (Version:  - )
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
PreSonus Studio One 2 (HKLM-x32\...\PreSonus Studio One 2) (Version: 2.5.2.22258 - PreSonus Audio Electronics)
R8 Driver (HKLM\...\{C68DB659-6046-41FD-B163-E7208C1718A4}) (Version: 2.2.0.8 - ZOOM)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Studio Devil BVC 1.1 (HKLM-x32\...\Studio Devil BVC - Acid Music Studio Edition_is1) (Version:  - StudioDevil)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)
Telegram Desktop version 1.0 (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0 - Telegram Messenger LLP)
TruePianos Amber Lite (ACID Music Studio) 1.5.0 (HKLM-x32\...\TruePianos Amber Lite (ACID Music Studio)_is1) (Version:  - 4Front Technologies)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viber (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\{7de2db6a-6f4b-4b45-82b9-57d5d7f1c952}) (Version: 5.4.0.1664 - Viber Media Inc.)
Viber (x32 Version: 5.4.0.1664 - Viber Media Inc.) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Reza\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03DF55EB-3619-4B37-B7BE-3820E691F8FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0DCF04DE-D69D-45C8-BD57-2D806BDD143C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1569EA35-B689-4777-85C9-5218161CD92B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core1d27b77a4243672 => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {15FCD86A-9B5E-4271-8311-1AD8BC28BEEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {16E25E59-475C-48FE-B049-5ECF1A0C1E14} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {1869619F-C32D-41ED-9922-DFED88E1DCAB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {18E80EE4-A648-430B-A4A4-CE0F9E597067} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {195B9241-56B8-47BF-AF57-522F80AC7EC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {19B44E58-C3E5-4213-8CC3-37B115C5FA1F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {1B860AE4-B749-4262-B13F-C8D3ADC39234} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Moo0\VideoToAudio 1.12\VideoToAudio.exe
Task: {1D9E9F21-73F1-4A9F-A1B3-A7D3A0BAA2C0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {1F343AE1-F994-4A01-A553-A429D94DF3D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {206F523C-7DE4-49DD-8F9F-E7A8B31A1A4B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {25A88B16-6D40-40B2-AB4F-C013393836E8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2AA441AF-1C39-44D3-B7FA-9A5A39C64976} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3D5B6403-E35F-4CF1-9F17-E34C0AD34763} - System32\Tasks\1015avUpdateInfo => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe [2015-10-11] ()
Task: {4104424B-3B41-4B4E-A5EB-A8C02C7B6733} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{58B3C879-B7DD-4F4D-9C5B-6641E0D5C976}.exe [2015-06-21] ()
Task: {424402F0-137B-40BC-A26B-67770BEAD723} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {46D7E8D5-2116-48F8-B25F-5FFE8B63F1DD} - \PassShow Update -> No File <==== ATTENTION
Task: {480DFD45-D0D0-494B-A55E-706225534F7D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {4C7C8F6E-D0A2-4C74-87BC-F9E8D4B33BF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {5D71C62C-F951-40AF-A8F4-102EE8D8F7D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA1d27b77a46e800e => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {5E49009D-BBE0-4A6C-A37E-05DD3E5884F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.)
Task: {62AB2B64-F460-46D0-BD39-69A5414D7884} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {699BE71C-44CC-4760-8317-1B208718B9E0} - System32\Tasks\{13284ABE-CCA2-438F-8AC9-A005719A3BCB} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Task: {6EA1D2C9-3830-494E-82D6-A7AD22A9F7C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {706164FA-1B7D-45A0-BF3B-6549035B76C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {70757ED2-6922-48D5-9FFF-5CA448387BBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.)
Task: {7467B9B3-1F9C-49EF-8F44-6ED0F5CB09E8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {7BEB9549-FDEF-4F27-8BB9-B1C49AF7EB15} - System32\Tasks\{B5B1A3A2-5A1C-46C3-A4B9-C6CC6A571974} => pcalua.exe -a C:\Users\Reza\Downloads\sp48051.exe -d C:\Users\Reza\Downloads
Task: {8981AD63-D56E-4485-8C6D-5822CCF498A4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {8CAB513F-BD45-4996-BF93-B2D788DECF3A} - System32\Tasks\{AE807DAD-E234-4EB5-AC9F-3EDE7A230F12} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar
Task: {9369AF83-2DD2-4F8E-A640-220B6289A2EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {975A74FE-A436-4189-8B2E-7C6A9DCCEA81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {999D62C5-ADC6-4AD5-9C30-0E18C452E800} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9DBE96E0-C863-4ADB-A9A0-929CD16CDAFB} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {9F440B3B-0ABF-4F7D-BD33-BFAD9D7B5BDD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A0AE359D-1DE7-4641-93C1-F4A9FB318E8A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A0E9FE00-CF13-49AF-A8ED-FB904B5E08A0} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AA00C774-1830-4188-83BD-19E393F2D566} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {B305C3E0-5245-4C39-A853-1A0623D77245} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B5ADC499-1E0D-4053-8B7F-2164F78552C0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B73D26A7-40FA-4A80-9714-BFB07E62B52D} - System32\Tasks\{B34FB2E0-B5B6-4D2C-A4D7-2D06C94C5B7B} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E670F1F2-A882-4EE5-90E1-EFBF46AB5A01}\Setup.exe" -c -runfromtemp -l0x0409
Task: {B77C219D-C393-4D2F-B3F7-171DD5602E6F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C148FFC7-C767-41D5-BD4A-9DB42752A336} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C8E863F2-B72E-4725-B66D-B6FA98CA8A67} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D3BC833F-C1B5-4719-96DB-923E49F91C25} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {D5F2CC07-A4D9-4E78-9B3A-71B6FDE756C0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-01-17] (Apple Inc.)
Task: {D94450E2-03B5-4C0D-9C9D-74068B33A50C} - System32\Tasks\{A3AAE776-EE26-4896-8B32-8839CB93443A} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {DCECC6D0-3473-4C5E-9557-16BDF02FDF38} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E19B804A-E4CF-476C-9C78-70B8CE34C098} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EE5A851C-14B1-442D-9C8C-089F40A34085} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F1F42CF6-8BD4-41EB-9F37-811707C08B5B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {F2FA259D-50B4-4107-A6B5-5A7523C6940F} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Reza\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {F31DEFDF-E414-47D7-AC13-A7A928F6B4B4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F67BC5BC-9B8A-4B61-ADDA-9ED0535E0D85} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{58B3C879-B7DD-4F4D-9C5B-6641E0D5C976}.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core.job => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA.job => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Cut the Rope.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=jfbadlndcminbkfojhlimnkgaackjmdo
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Happy Friday!.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=lagckjdgadpknikjoegcibbollkafpid
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Scratch for Holiday.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=ggfniphganolbedpcfmpjmnnfhgaoein
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\So Many Me - Demo.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=bgjkhidjaocnkjchjfpgbfdegeiljcdn
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Touch Drawing App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=knegnmjmhjjnmpfidlhnjcajmbmhdnbm
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Fu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=pofoighmmpljaikjiidkkfhldjndfdbk
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Meloetta - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-30 15:48 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-30 15:48 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-30 15:48 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-27 00:33 - 2016-09-27 00:33 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 16:51 - 2016-12-20 23:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 16:50 - 2016-12-20 22:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 16:50 - 2016-12-20 22:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 16:50 - 2016-12-20 22:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 16:50 - 2016-12-20 22:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 16:50 - 2016-12-20 22:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 16:50 - 2016-12-20 22:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 10:00 - 2017-02-22 10:02 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 10:00 - 2017-02-22 10:02 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 10:00 - 2017-02-22 10:02 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 21:04 - 2017-02-06 21:06 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-10-24 14:25 - 2015-10-09 15:56 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2017-01-10 16:50 - 2016-12-20 22:49 - 04046848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll
2017-02-17 00:45 - 2017-01-19 22:34 - 00181928 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2017-02-17 00:45 - 2017-01-19 22:34 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2017-02-17 00:46 - 2017-01-19 22:34 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2017-02-17 00:45 - 2017-01-19 22:34 - 00112296 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2017-02-17 00:46 - 2017-01-19 22:34 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-02-25 13:50 - 2017-02-25 13:50 - 00098816 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32api.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00110080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pywintypes27.dll
2017-02-25 13:50 - 2017-02-25 13:50 - 00364544 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pythoncom27.dll
2017-02-25 13:50 - 2017-02-25 13:50 - 00320512 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32com.shell.shell.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00914432 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_hashlib.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 01176576 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._core_.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00806400 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._gdi_.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00816128 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._windows_.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 01067008 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._controls_.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00733184 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._misc_.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00682496 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pysqlite2._sqlite.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00088064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_ctypes.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00686080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\unicodedata.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00119808 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32file.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00108544 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32security.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00007168 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\hashobjs_ext.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00017920 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\thumbnails_ext.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00088064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\usb_ext.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00012800 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\common.time34.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00018432 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32event.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00167936 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32gui.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00046080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_socket.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 01303552 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_ssl.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00128512 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_elementtree.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00127488 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pyexpat.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00038912 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32inet.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00036864 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_psutil_windows.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00524248 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\windows._lib_cacheinvalidation.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00011264 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32crypt.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00123392 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._wizard.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00077312 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._html2.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00027648 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_multiprocessing.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00020480 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_yappi.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00035840 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32process.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00078848 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._animate.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00024064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32pipe.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00010240 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\select.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00025600 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32pdh.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00017408 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32profile.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00022528 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [170]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350518\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350722\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Reza\Desktop\ENTER\GILLIANHARTART\seahorse.png
HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\Control Panel\Desktop\\Wallpaper -> C:\Users\Reza\Desktop\ENTER\GILLIANHARTART\seahorse.png
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AudioBox VSL => C:\Program Files\PreSonus\AudioBox\AudioBox.exe -startup
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\StartupApproved\Run: => "AudioBox VSL"
HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\...\StartupApproved\Run: => "AudioBox VSL"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7EFA68E4-5207-47C5-8F2B-1ED09FEB2229}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{7E21B876-BA4B-4A3C-A5D6-46D204F38017}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{E40E1F07-B915-4605-89F8-C0731211EC8A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{06DE4B17-98FA-47D8-9829-43EF27ACAA66}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{D15C6520-3FCD-48DC-B694-90E34BECEFAB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5B44694B-FCCC-401B-8AA1-76AB0B782820}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [UDP Query User{9747D755-5ECE-4533-9860-DCA8CD671F15}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{39AAE125-947D-48AE-8DBC-CD6D3065FD40}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{AE0DD836-7B33-48BF-B29B-C1C21D7E3AFD}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{91CBAB0B-B902-4630-809E-3DAE4146B961}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{E5153C5F-AA0F-41B1-9946-28674C067F38}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B814E440-75CA-41BE-BA24-8C6FA3790622}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{88A56846-3068-401C-B9C8-DE3DCAE5B3E5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{0B488E95-3363-4B0F-832C-CFA63936DBD7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CB4E149C-60A5-4769-9B66-D01644DFF126}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{51297A57-31D0-4E54-B2CA-20C1D5FF87E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{0DE1BFF3-F392-4835-AEFA-D4F1B4C3A44E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FBAB83AC-763C-427B-B60D-4E76EE4525B8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{316750C9-A053-4121-82F9-CA1AD801E3A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{60C793C1-94BA-4E8C-A783-40BDB3A71EF7}] => (Block) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [{DE58BC30-7D09-41EA-838C-366EADF8739D}] => (Block) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [UDP Query User{6CF3B5FD-3F3B-48B4-A0AA-D14592ACDE94}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [TCP Query User{C276646A-0992-4E48-A97D-6D836B0BDBD9}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [{5466733C-131F-4904-A15B-FC1772DCF6BD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{32C1309A-41CB-4B7B-9430-1E15678A3710}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [UDP Query User{02CCDD33-7EF1-4A2A-819D-1B56B32AB8B9}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [TCP Query User{F5445A46-312F-4C81-AD89-B26B80C2246A}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [UDP Query User{89578634-2123-41A5-8C2D-154DDFF72934}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{886F6B67-FBF9-4DC1-8FE3-86AE8D4BB2BC}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{9DC3B462-8F85-4181-82D8-E96CEA35A010}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{48D8D9E0-A709-411D-9BFF-CFAEEA8455FD}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{45C518A1-5AF5-40AF-8B18-7A9EDA12CC4F}] => (Allow) LPort=51001
FirewallRules: [{D9750CC1-49FB-49EC-938E-4E95D37E49C1}] => (Allow) LPort=37675
FirewallRules: [{060877D4-BDC4-499B-9E6A-FE38162D1CE0}] => (Allow) LPort=37674
FirewallRules: [{44BDB300-EF73-4CC8-A0CB-6F428D9CEBB7}] => (Allow) LPort=37674
FirewallRules: [{83A02CBD-1437-48CE-B520-54D181C37228}] => (Allow) LPort=443
FirewallRules: [{0F0080DF-5CCB-47DA-B3E2-929462C595D9}] => (Allow) LPort=443
FirewallRules: [{72E71537-A64B-4913-8379-0E3D0B25E531}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{965697C2-3AFC-4609-BF56-08F96B1EEEC4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{61EA5BA8-FFE8-4C54-82D5-8DD41A68818D}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{13A0A512-A8F7-4C5B-94CA-43F8BC92212B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{AD40F0BD-F40E-4606-8F45-8663B09AC87C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{6A6B01AA-5DAC-4821-8F4A-A1D302804496}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1D6D0113-BCF8-484C-8967-7AFC7A691B56}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{5D489336-C113-4D15-B3A8-0CAE4A4AE923}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{8440651C-DF0A-4C6E-8E37-96F8593DD308}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B16BD899-7EBF-490B-9436-A0F60B53C533}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{30124E73-E94B-4911-83FC-022D4E216A5E}] => (Allow) LPort=1900
FirewallRules: [{B13AA4C6-50D3-420B-9874-6E867BD24A1E}] => (Allow) LPort=2869
FirewallRules: [{70969C10-61F7-42B4-BDC8-917270BE7C33}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C463FBE6-69FC-4D61-B8C4-64BC228DACED}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4356AC76-7E6F-41A7-87D1-EA2A40FA059C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{FE1A037A-6EFC-44CA-B418-852D1CE1F17E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{077B0BFF-2E7B-44B4-A9DE-6C1C1D8D3C40}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{776EBE4C-FB49-4B48-B95F-F63F2B576B39}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{4808F9BE-687B-4014-AA64-578068F5B338}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{7D9EC392-0B9F-49C0-B553-9245401D32CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E25F77AC-A2D1-47C9-8F82-09EC253E1A4B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6CD1ADD-C5F1-4534-A0FD-B9CCAF3269A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9ABF9C80-E5E4-4B19-A322-4F53A52110FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0F7D4A0F-3259-4A48-B0AB-C364C79300A5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A0E262CF-904B-47B0-AF36-E72AF5504BC8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{91DB7801-5D28-4B60-BC75-615C3B700A89}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{B537BF97-705B-463F-957F-271BD68C4F09}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{BF5373B6-52F1-4D13-B59D-7E801A1A8EC5}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe

==================== Restore Points =========================

03-02-2017 09:27:24 Scheduled Checkpoint
12-02-2017 14:43:58 Scheduled Checkpoint
14-02-2017 10:56:50 Removed Visual Studio 2012 x86 Redistributables
21-02-2017 13:18:15 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2017 02:16:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x5617c71b
Faulting module name: KERNELBASE.dll, version: 10.0.14393.479, time stamp: 0x58256d37
Exception code: 0xe0434352
Fault offset: 0x000da832
Faulting process id: 0x96c
Faulting application start time: 0x01d28f364a5b206a
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: c88ad05f-3cff-41dd-90fd-1a095efc4d49
Faulting package full name:
Faulting package-relative application ID:

Error: (02/25/2017 02:16:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
   at System.Security.Principal.SecurityIdentifier..ctor(System.String)
   at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
   at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
   at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
   at FreemakeUtilsService.Statistics.Manager.SettingsSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (02/25/2017 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9859

Error: (02/25/2017 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9859

Error: (02/25/2017 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/25/2017 02:14:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8593

Error: (02/25/2017 02:14:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8593

Error: (02/25/2017 02:14:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/25/2017 02:14:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7312

Error: (02/25/2017 02:14:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7312


System errors:
=============
Error: (02/25/2017 02:16:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/25/2017 02:13:51 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a118\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-3294675276-783259607-3426699991-1000-02252017141350880-ntuser.dat

Error: (02/25/2017 02:01:23 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/25/2017 02:01:20 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/25/2017 02:01:17 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/25/2017 02:01:15 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/25/2017 02:01:12 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/25/2017 02:01:10 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/25/2017 02:01:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/25/2017 02:01:04 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================
  Date: 2017-02-25 14:02:04.528
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-25 14:02:04.516
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-20 17:08:56.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-20 17:08:56.562
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 21:22:41.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 21:22:41.326
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 18:55:58.903
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 18:55:58.899
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 15:24:23.580
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 15:24:23.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 70%
Total physical RAM: 3947.86 MB
Available physical RAM: 1179.55 MB
Total Virtual: 13163.86 MB
Available Virtual: 10013.62 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:125.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 281C6927)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by Reza (25-02-2017 14:25:27)
Running from C:\Users\Reza\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-27 08:41:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3294675276-783259607-3426699991-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3294675276-783259607-3426699991-503 - Limited - Disabled)
Guest (S-1-5-21-3294675276-783259607-3426699991-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3294675276-783259607-3426699991-1002 - Limited - Enabled)
Reza (S-1-5-21-3294675276-783259607-3426699991-1000 - Administrator - Enabled) => C:\Users\Reza
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ableton Live 9 Suite (HKLM\...\{F6238EAB-3AD7-4B0E-B0AD-E533A93A5C32}) (Version: 9.0.0.0 - Ableton)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3501.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.3501.00 - CyberLink Corp.) Hidden
ACID Music Studio 9.0 (HKLM-x32\...\{FAD22280-8DD6-11E3-A36E-F04DA23A5C58}) (Version: 9.0.40 - Sony)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcadeMovie (HKLM-x32\...\InstallShield_{E670F1F2-A882-4EE5-90E1-EFBF46AB5A01}) (Version: 4.00.0000 - CyberLink Corp.)
ArcadeMovie (x32 Version: 4.00.0000 - CyberLink Corp.) Hidden
ArtRage 4 Demo (HKLM-x32\...\ArtRage 4 Demo 4.5.2.0) (Version: 4.5.2.0 - Ambient Design)
ArtRage 4 Demo (Version: 4.5.2.0 - Ambient Design) Hidden
AudioBox version 1.2 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.2 - PreSonus)
Avid Mbox 2 USB Drivers (x64) (HKLM\...\{F9242D4E-09E7-45C7-A53A-83375D0FAD42}) (Version: 9.0.2 - Avid Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.49.150 - OSToto Co., Ltd.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack)
Freemake Video Converter version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Max 6.1.8 (x64) (HKLM\...\{B3071CEA-6555-4660-BBC9-A3A28F00197A}) (Version: 136.1.8 - Cycling '74)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Moo0 Audio Converter 1.32 (HKLM-x32\...\Moo0 AudioTypeConverter) (Version:  - )
Moo0 Voice Recorder 1.43 (HKLM-x32\...\Moo0 VoiceRecorder) (Version:  - )
Moo0 YouTube Downloader 1.06 (HKLM-x32\...\Moo0 Utube-DL) (Version:  - )
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
PreSonus Studio One 2 (HKLM-x32\...\PreSonus Studio One 2) (Version: 2.5.2.22258 - PreSonus Audio Electronics)
R8 Driver (HKLM\...\{C68DB659-6046-41FD-B163-E7208C1718A4}) (Version: 2.2.0.8 - ZOOM)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Studio Devil BVC 1.1 (HKLM-x32\...\Studio Devil BVC - Acid Music Studio Edition_is1) (Version:  - StudioDevil)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)
Telegram Desktop version 1.0 (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0 - Telegram Messenger LLP)
Telegram Desktop version 1.0 (HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0 - Telegram Messenger LLP)
TruePianos Amber Lite (ACID Music Studio) 1.5.0 (HKLM-x32\...\TruePianos Amber Lite (ACID Music Studio)_is1) (Version:  - 4Front Technologies)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viber (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\{7de2db6a-6f4b-4b45-82b9-57d5d7f1c952}) (Version: 5.4.0.1664 - Viber Media Inc.)
Viber (HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\...\{7de2db6a-6f4b-4b45-82b9-57d5d7f1c952}) (Version: 5.4.0.1664 - Viber Media Inc.)
Viber (x32 Version: 5.4.0.1664 - Viber Media Inc.) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Reza\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Reza\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03DF55EB-3619-4B37-B7BE-3820E691F8FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0DCF04DE-D69D-45C8-BD57-2D806BDD143C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1569EA35-B689-4777-85C9-5218161CD92B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core1d27b77a4243672 => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {15FCD86A-9B5E-4271-8311-1AD8BC28BEEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {16E25E59-475C-48FE-B049-5ECF1A0C1E14} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {1869619F-C32D-41ED-9922-DFED88E1DCAB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {18E80EE4-A648-430B-A4A4-CE0F9E597067} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {195B9241-56B8-47BF-AF57-522F80AC7EC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {19B44E58-C3E5-4213-8CC3-37B115C5FA1F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {1B860AE4-B749-4262-B13F-C8D3ADC39234} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Moo0\VideoToAudio 1.12\VideoToAudio.exe
Task: {1D9E9F21-73F1-4A9F-A1B3-A7D3A0BAA2C0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {1F343AE1-F994-4A01-A553-A429D94DF3D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {206F523C-7DE4-49DD-8F9F-E7A8B31A1A4B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {25A88B16-6D40-40B2-AB4F-C013393836E8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2AA441AF-1C39-44D3-B7FA-9A5A39C64976} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3D5B6403-E35F-4CF1-9F17-E34C0AD34763} - System32\Tasks\1015avUpdateInfo => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe [2015-10-11] ()
Task: {4104424B-3B41-4B4E-A5EB-A8C02C7B6733} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{58B3C879-B7DD-4F4D-9C5B-6641E0D5C976}.exe [2015-06-21] ()
Task: {424402F0-137B-40BC-A26B-67770BEAD723} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {46D7E8D5-2116-48F8-B25F-5FFE8B63F1DD} - \PassShow Update -> No File <==== ATTENTION
Task: {480DFD45-D0D0-494B-A55E-706225534F7D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {4C7C8F6E-D0A2-4C74-87BC-F9E8D4B33BF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {5D71C62C-F951-40AF-A8F4-102EE8D8F7D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA1d27b77a46e800e => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {5E49009D-BBE0-4A6C-A37E-05DD3E5884F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.)
Task: {62AB2B64-F460-46D0-BD39-69A5414D7884} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {699BE71C-44CC-4760-8317-1B208718B9E0} - System32\Tasks\{13284ABE-CCA2-438F-8AC9-A005719A3BCB} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Task: {6EA1D2C9-3830-494E-82D6-A7AD22A9F7C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {706164FA-1B7D-45A0-BF3B-6549035B76C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {70757ED2-6922-48D5-9FFF-5CA448387BBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.)
Task: {7467B9B3-1F9C-49EF-8F44-6ED0F5CB09E8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {7BEB9549-FDEF-4F27-8BB9-B1C49AF7EB15} - System32\Tasks\{B5B1A3A2-5A1C-46C3-A4B9-C6CC6A571974} => pcalua.exe -a C:\Users\Reza\Downloads\sp48051.exe -d C:\Users\Reza\Downloads
Task: {8981AD63-D56E-4485-8C6D-5822CCF498A4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {8CAB513F-BD45-4996-BF93-B2D788DECF3A} - System32\Tasks\{AE807DAD-E234-4EB5-AC9F-3EDE7A230F12} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar
Task: {9369AF83-2DD2-4F8E-A640-220B6289A2EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {975A74FE-A436-4189-8B2E-7C6A9DCCEA81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {999D62C5-ADC6-4AD5-9C30-0E18C452E800} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9DBE96E0-C863-4ADB-A9A0-929CD16CDAFB} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {9F440B3B-0ABF-4F7D-BD33-BFAD9D7B5BDD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A0AE359D-1DE7-4641-93C1-F4A9FB318E8A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A0E9FE00-CF13-49AF-A8ED-FB904B5E08A0} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AA00C774-1830-4188-83BD-19E393F2D566} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {B305C3E0-5245-4C39-A853-1A0623D77245} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B5ADC499-1E0D-4053-8B7F-2164F78552C0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B73D26A7-40FA-4A80-9714-BFB07E62B52D} - System32\Tasks\{B34FB2E0-B5B6-4D2C-A4D7-2D06C94C5B7B} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E670F1F2-A882-4EE5-90E1-EFBF46AB5A01}\Setup.exe" -c -runfromtemp -l0x0409
Task: {B77C219D-C393-4D2F-B3F7-171DD5602E6F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C148FFC7-C767-41D5-BD4A-9DB42752A336} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C8E863F2-B72E-4725-B66D-B6FA98CA8A67} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D3BC833F-C1B5-4719-96DB-923E49F91C25} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {D5F2CC07-A4D9-4E78-9B3A-71B6FDE756C0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-01-17] (Apple Inc.)
Task: {D94450E2-03B5-4C0D-9C9D-74068B33A50C} - System32\Tasks\{A3AAE776-EE26-4896-8B32-8839CB93443A} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {DCECC6D0-3473-4C5E-9557-16BDF02FDF38} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E19B804A-E4CF-476C-9C78-70B8CE34C098} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EE5A851C-14B1-442D-9C8C-089F40A34085} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F1F42CF6-8BD4-41EB-9F37-811707C08B5B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {F2FA259D-50B4-4107-A6B5-5A7523C6940F} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Reza\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {F31DEFDF-E414-47D7-AC13-A7A928F6B4B4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F67BC5BC-9B8A-4B61-ADDA-9ED0535E0D85} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{58B3C879-B7DD-4F4D-9C5B-6641E0D5C976}.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core.job => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA.job => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Cut the Rope.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=jfbadlndcminbkfojhlimnkgaackjmdo
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Happy Friday!.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=lagckjdgadpknikjoegcibbollkafpid
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Scratch for Holiday.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=ggfniphganolbedpcfmpjmnnfhgaoein
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\So Many Me - Demo.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=bgjkhidjaocnkjchjfpgbfdegeiljcdn
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Touch Drawing App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=knegnmjmhjjnmpfidlhnjcajmbmhdnbm
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Fu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=pofoighmmpljaikjiidkkfhldjndfdbk
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Meloetta - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
==================== Loaded Modules (Whitelisted) ==============
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-30 15:48 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-30 15:48 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-30 15:48 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-27 00:33 - 2016-09-27 00:33 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 16:51 - 2016-12-20 23:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 16:50 - 2016-12-20 22:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 16:50 - 2016-12-20 22:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 16:50 - 2016-12-20 22:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 16:50 - 2016-12-20 22:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 16:50 - 2016-12-20 22:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 16:50 - 2016-12-20 22:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 10:00 - 2017-02-22 10:02 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 10:00 - 2017-02-22 10:02 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 10:00 - 2017-02-22 10:02 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 21:04 - 2017-02-06 21:06 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-10-24 14:25 - 2015-10-09 15:56 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2017-01-10 16:50 - 2016-12-20 22:49 - 04046848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll
2017-02-17 00:45 - 2017-01-19 22:34 - 00181928 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2017-02-17 00:45 - 2017-01-19 22:34 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2017-02-17 00:46 - 2017-01-19 22:34 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2017-02-17 00:45 - 2017-01-19 22:34 - 00112296 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2017-02-17 00:46 - 2017-01-19 22:34 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-02-25 13:50 - 2017-02-25 13:50 - 00098816 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32api.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00110080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pywintypes27.dll
2017-02-25 13:50 - 2017-02-25 13:50 - 00364544 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pythoncom27.dll
2017-02-25 13:50 - 2017-02-25 13:50 - 00320512 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32com.shell.shell.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00914432 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_hashlib.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 01176576 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._core_.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00806400 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._gdi_.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00816128 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._windows_.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 01067008 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._controls_.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00733184 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._misc_.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00682496 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pysqlite2._sqlite.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00088064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_ctypes.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00686080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\unicodedata.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00119808 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32file.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00108544 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32security.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00007168 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\hashobjs_ext.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00017920 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\thumbnails_ext.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00088064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\usb_ext.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00012800 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\common.time34.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00018432 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32event.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00167936 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32gui.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00046080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_socket.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 01303552 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_ssl.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00128512 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_elementtree.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00127488 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\pyexpat.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00038912 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32inet.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00036864 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_psutil_windows.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00524248 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\windows._lib_cacheinvalidation.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00011264 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32crypt.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00123392 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._wizard.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00077312 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._html2.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00027648 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_multiprocessing.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00020480 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\_yappi.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00035840 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32process.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00078848 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\wx._animate.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00024064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32pipe.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00010240 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\select.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00025600 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32pdh.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00017408 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32profile.pyd
2017-02-25 13:50 - 2017-02-25 13:50 - 00022528 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI100682\win32ts.pyd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [170]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350518\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350722\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Reza\Desktop\ENTER\GILLIANHARTART\seahorse.png
HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\Control Panel\Desktop\\Wallpaper -> C:\Users\Reza\Desktop\ENTER\GILLIANHARTART\seahorse.png
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AudioBox VSL => C:\Program Files\PreSonus\AudioBox\AudioBox.exe -startup
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\StartupApproved\Run: => "AudioBox VSL"
HKU\S-1-5-21-3294675276-783259607-3426699991-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02252017141350880\...\StartupApproved\Run: => "AudioBox VSL"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7EFA68E4-5207-47C5-8F2B-1ED09FEB2229}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{7E21B876-BA4B-4A3C-A5D6-46D204F38017}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{E40E1F07-B915-4605-89F8-C0731211EC8A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{06DE4B17-98FA-47D8-9829-43EF27ACAA66}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{D15C6520-3FCD-48DC-B694-90E34BECEFAB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5B44694B-FCCC-401B-8AA1-76AB0B782820}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [UDP Query User{9747D755-5ECE-4533-9860-DCA8CD671F15}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{39AAE125-947D-48AE-8DBC-CD6D3065FD40}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{AE0DD836-7B33-48BF-B29B-C1C21D7E3AFD}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{91CBAB0B-B902-4630-809E-3DAE4146B961}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{E5153C5F-AA0F-41B1-9946-28674C067F38}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B814E440-75CA-41BE-BA24-8C6FA3790622}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{88A56846-3068-401C-B9C8-DE3DCAE5B3E5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{0B488E95-3363-4B0F-832C-CFA63936DBD7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CB4E149C-60A5-4769-9B66-D01644DFF126}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{51297A57-31D0-4E54-B2CA-20C1D5FF87E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{0DE1BFF3-F392-4835-AEFA-D4F1B4C3A44E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FBAB83AC-763C-427B-B60D-4E76EE4525B8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{316750C9-A053-4121-82F9-CA1AD801E3A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{60C793C1-94BA-4E8C-A783-40BDB3A71EF7}] => (Block) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [{DE58BC30-7D09-41EA-838C-366EADF8739D}] => (Block) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [UDP Query User{6CF3B5FD-3F3B-48B4-A0AA-D14592ACDE94}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [TCP Query User{C276646A-0992-4E48-A97D-6D836B0BDBD9}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [{5466733C-131F-4904-A15B-FC1772DCF6BD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{32C1309A-41CB-4B7B-9430-1E15678A3710}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [UDP Query User{02CCDD33-7EF1-4A2A-819D-1B56B32AB8B9}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [TCP Query User{F5445A46-312F-4C81-AD89-B26B80C2246A}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [UDP Query User{89578634-2123-41A5-8C2D-154DDFF72934}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{886F6B67-FBF9-4DC1-8FE3-86AE8D4BB2BC}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{9DC3B462-8F85-4181-82D8-E96CEA35A010}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{48D8D9E0-A709-411D-9BFF-CFAEEA8455FD}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{45C518A1-5AF5-40AF-8B18-7A9EDA12CC4F}] => (Allow) LPort=51001
FirewallRules: [{D9750CC1-49FB-49EC-938E-4E95D37E49C1}] => (Allow) LPort=37675
FirewallRules: [{060877D4-BDC4-499B-9E6A-FE38162D1CE0}] => (Allow) LPort=37674
FirewallRules: [{44BDB300-EF73-4CC8-A0CB-6F428D9CEBB7}] => (Allow) LPort=37674
FirewallRules: [{83A02CBD-1437-48CE-B520-54D181C37228}] => (Allow) LPort=443
FirewallRules: [{0F0080DF-5CCB-47DA-B3E2-929462C595D9}] => (Allow) LPort=443
FirewallRules: [{72E71537-A64B-4913-8379-0E3D0B25E531}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{965697C2-3AFC-4609-BF56-08F96B1EEEC4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{61EA5BA8-FFE8-4C54-82D5-8DD41A68818D}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{13A0A512-A8F7-4C5B-94CA-43F8BC92212B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{AD40F0BD-F40E-4606-8F45-8663B09AC87C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{6A6B01AA-5DAC-4821-8F4A-A1D302804496}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1D6D0113-BCF8-484C-8967-7AFC7A691B56}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{5D489336-C113-4D15-B3A8-0CAE4A4AE923}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{8440651C-DF0A-4C6E-8E37-96F8593DD308}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B16BD899-7EBF-490B-9436-A0F60B53C533}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{30124E73-E94B-4911-83FC-022D4E216A5E}] => (Allow) LPort=1900
FirewallRules: [{B13AA4C6-50D3-420B-9874-6E867BD24A1E}] => (Allow) LPort=2869
FirewallRules: [{70969C10-61F7-42B4-BDC8-917270BE7C33}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C463FBE6-69FC-4D61-B8C4-64BC228DACED}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4356AC76-7E6F-41A7-87D1-EA2A40FA059C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{FE1A037A-6EFC-44CA-B418-852D1CE1F17E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{077B0BFF-2E7B-44B4-A9DE-6C1C1D8D3C40}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{776EBE4C-FB49-4B48-B95F-F63F2B576B39}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{4808F9BE-687B-4014-AA64-578068F5B338}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{7D9EC392-0B9F-49C0-B553-9245401D32CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E25F77AC-A2D1-47C9-8F82-09EC253E1A4B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6CD1ADD-C5F1-4534-A0FD-B9CCAF3269A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9ABF9C80-E5E4-4B19-A322-4F53A52110FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0F7D4A0F-3259-4A48-B0AB-C364C79300A5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A0E262CF-904B-47B0-AF36-E72AF5504BC8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{91DB7801-5D28-4B60-BC75-615C3B700A89}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{B537BF97-705B-463F-957F-271BD68C4F09}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{BF5373B6-52F1-4D13-B59D-7E801A1A8EC5}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
==================== Restore Points =========================
03-02-2017 09:27:24 Scheduled Checkpoint
12-02-2017 14:43:58 Scheduled Checkpoint
14-02-2017 10:56:50 Removed Visual Studio 2012 x86 Redistributables
21-02-2017 13:18:15 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (02/25/2017 02:16:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x5617c71b
Faulting module name: KERNELBASE.dll, version: 10.0.14393.479, time stamp: 0x58256d37
Exception code: 0xe0434352
Fault offset: 0x000da832
Faulting process id: 0x96c
Faulting application start time: 0x01d28f364a5b206a
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: c88ad05f-3cff-41dd-90fd-1a095efc4d49
Faulting package full name:
Faulting package-relative application ID:
Error: (02/25/2017 02:16:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
   at System.Security.Principal.SecurityIdentifier..ctor(System.String)
   at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
   at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
   at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
   at FreemakeUtilsService.Statistics.Manager.SettingsSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (02/25/2017 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9859
Error: (02/25/2017 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9859
Error: (02/25/2017 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/25/2017 02:14:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8593
Error: (02/25/2017 02:14:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8593
Error: (02/25/2017 02:14:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/25/2017 02:14:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7312
Error: (02/25/2017 02:14:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7312

System errors:
=============
Error: (02/25/2017 02:16:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).
Error: (02/25/2017 02:13:51 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a118\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-3294675276-783259607-3426699991-1000-02252017141350880-ntuser.dat
Error: (02/25/2017 02:01:23 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/25/2017 02:01:20 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/25/2017 02:01:17 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/25/2017 02:01:15 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/25/2017 02:01:12 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/25/2017 02:01:10 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/25/2017 02:01:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/25/2017 02:01:04 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

CodeIntegrity:
===================================
  Date: 2017-02-25 14:02:04.528
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-02-25 14:02:04.516
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-02-20 17:08:56.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-02-20 17:08:56.562
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-02-19 21:22:41.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-02-19 21:22:41.326
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-02-19 18:55:58.903
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-02-19 18:55:58.899
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-02-19 15:24:23.580
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-02-19 15:24:23.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 80%
Total physical RAM: 3947.86 MB
Available physical RAM: 774.68 MB
Total Virtual: 13163.86 MB
Available Virtual: 9725.41 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:125.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 281C6927)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by Reza (administrator) on ACERRM (26-02-2017 13:50:00)
Running from C:\Users\Reza\Downloads
Loaded Profiles: Reza (Available Profiles: Reza)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Red Cell Innovation Inc.) C:\Program Files\WindowsApps\F8782640.SoundPanel_81.4.0.15_neutral__w2cjas5qe94m2\RedCell.App.Media.SoundPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-27] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [71680 2015-10-09] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7591424 2012-05-24] ()
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [Flvto YouTube Downloader] => "C:\Users\Reza\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.Redesign.exe" /minimize
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\Run: [Google Update] => C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2017-01-30] (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{d36828dc-cb12-44b2-a1ec-3bb517782dc4}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid=%7B8540FAAA-3170-403B-BDB1-B8CF3242468A%7D&mid=7fb02da0e2c947cdadf9326578a59a8a-16f97391bdb3fd8b1dda9ef65c20f39780e8ace4&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2015-03-04%2019:06:43&v=4.1.5.143&pid=wtu&sg=&sap=hp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=20121129181019354&tb_oid=29-11-2012
&tb_mrud=29-11-2012

SearchScopes: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8540FAAA-3170-403B-BDB1-B8CF3242468A}&mid=7fb02da0e2c947cdadf9326578a59a8a-16f97391bdb3fd8b1dda9ef65c20f39780e8ace4&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2015-03-04 19:06:43&v=4.1.5.143&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

Edge: 
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-01-22]

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll [2014-11-26] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll [2014-11-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-3294675276-783259607-3426699991-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-3294675276-783259607-3426699991-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-30] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default [2017-02-26]
CHR Extension: (Duolingo on the Web) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-05-23]
CHR Extension: (Google Drive) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (Facebook Messenger button) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\beolecgbalbkgmkhlghjbpaboagipmla [2017-01-15]
CHR Extension: (Audiotool) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2015-08-05]
CHR Extension: (YouTube) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-03]
CHR Extension: (Telegram) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2016-06-27]
CHR Extension: (Google Search) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Clipchamp - convert, compress, record video) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\delkpojpfkkfgmknffmblbhmlamkjioi [2016-12-04]
CHR Extension: (Text To Speech with Google Drive) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogdgjickfenmhihlgiedkadbbabiagm [2016-06-27]
CHR Extension: (Google Docs Offline) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-11]
CHR Extension: (Planetarium) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2015-08-09]
CHR Extension: (Save to Facebook) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-02-23]
CHR Extension: (Google Voice (by Google)) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-05-23]
CHR Extension: (Google Hangouts) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-21]
CHR Extension: (Little Alchemy) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-08]
CHR Extension: (Webcam Toy) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-12-27]
CHR Extension: (Google Maps) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-23]
CHR Extension: (Chrome Media Router) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-25]
CHR Profile: C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-10-23]
CHR Extension: (Google Slides) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-23]
CHR Extension: (Google Docs) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-23]
CHR Extension: (Google Drive) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-23]
CHR Extension: (Google Search) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-23]
CHR Extension: (Google Sheets) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-23]
CHR Extension: (Google Docs Offline) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-23]
CHR Extension: (Skype Click to Call) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-23]
CHR Extension: (Gmail) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-23]
CHR Profile: C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-03]
CHR Extension: (Google Slides) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-12]
CHR Extension: (Bejeweled) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2016-02-12]
CHR Extension: (Theme Creator) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\akpelnjfckgfiplcikojhomllgombffc [2016-02-12]
CHR Extension: (pikachu theme) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\amdbigfofckhdmnfjapophoghiallgop [2016-02-12]
CHR Extension: (Google Docs) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-12]
CHR Extension: (Google Drive) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-13]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2016-02-12]
CHR Extension: (Fotor Photo Editor) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2016-02-12]
CHR Extension: (So Many Me - Demo) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bgjkhidjaocnkjchjfpgbfdegeiljcdn [2016-02-12]
CHR Extension: (YouTube) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-12]
CHR Extension: (Classic Games) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2016-02-12]
CHR Extension: (Bouncy Mouse) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cgdllcbmneiklcmbeclfegccdjholomb [2016-02-12]
CHR Extension: (Virtual Piano) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cohgcponedmbhgbbdinajeoapmoaifdj [2016-02-12]
CHR Extension: (Google Search) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-12]
CHR Extension: (VUDU Movies) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\daomabnenlgkenegngdblacoobnncgib [2016-02-12]
CHR Extension: (One-click Nyan) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ddcgjoogiiojdbepiggmlpcjfopnmikd [2016-02-12]
CHR Extension: (Clipchamp - convert, compress, record video) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\delkpojpfkkfgmknffmblbhmlamkjioi [2016-03-04]
CHR Extension: (Find your way to Oz) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2016-02-12]
CHR Extension: (Give Up) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\diippoclinjdbklinhchgedilfncehbi [2016-02-12]
CHR Extension: (OMGpop) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\djainknkigahmnoncinbopomacdjbmle [2016-02-12]
CHR Extension: (Word Search) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2016-02-12]
CHR Extension: (VoxelWright) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efbjmcfhipbdlpkmniipgfdknaddpibn [2016-02-12]
CHR Extension: (Pandora) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fbangkleohkafngihneedemihgfeikcl [2016-02-12]
CHR Extension: (Google Sheets) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-12]
CHR Extension: (Causality Games) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2016-02-12]
CHR Extension: (Stupeflix Video Maker) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fkdmcfnoimoilncpjchamnenebopocem [2016-02-12]
CHR Extension: (Burp and Fart Piano) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gchjpdindcbdfbnhpmaflnbhjggjifeh [2016-02-12]
CHR Extension: (World tv) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gdejljjjgegbbgoopclmcaabkjlbcmdm [2016-03-23]
CHR Extension: (Scratch for Holiday) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ggfniphganolbedpcfmpjmnnfhgaoein [2016-02-12]
CHR Extension: (Google Docs Offline) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Cut the Rope) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2016-02-12]
CHR Extension: (FabCam) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hejilffmihldhlfocnabcgndjjpgadfl [2016-02-12]
CHR Extension: (Flixster) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2016-02-12]
CHR Extension: (Pathuku - Connect the lines) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hkiilmogcdkeefnbemdagpmcediekadb [2016-02-12]
CHR Extension: (Downloads Button) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icjnlenabmgdlpoooddamihhachcfgcg [2016-02-12]
CHR Extension: (Color Piano!) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh [2016-02-12]
CHR Extension: (Cut the Rope) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2016-02-12]
CHR Extension: (Pixect) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jgdeoagndhabdnoenpdcagbkkmjeibmh [2016-02-12]
CHR Extension: (Google Voice (by Google)) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2016-02-12]
CHR Extension: (Sketch Swap) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kkhinjhigjeegmjhffibeelpmokhljop [2016-02-12]
CHR Extension: (Pokemon Card Maker) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\klanmedmjgiebagececoekdajmcgmikl [2016-02-12]
CHR Extension: (Touch Drawing App) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\knegnmjmhjjnmpfidlhnjcajmbmhdnbm [2016-02-12]
CHR Extension: (CanvasDraw) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\knfimpamngmggpbamfoomdpebdoleghe [2016-02-12]
CHR Extension: (Little Alchemy) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-12]
CHR Extension: (Google Play) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-02-12]
CHR Extension: (Happy Friday!) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lagckjdgadpknikjoegcibbollkafpid [2016-02-12]
CHR Extension: (Build with Chrome) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2016-02-12]
CHR Extension: (Raindrop.io - Smart Bookmarks) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ldgfbffkinooeloadekpmfoklnobpien [2016-05-08]
CHR Extension: (Webcam Toy) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-02-12]
CHR Extension: (Comic Webcam) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lfffhmndpldceogndeognocbpmlgdemi [2016-02-12]
CHR Extension: (Skype) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-07]
CHR Extension: (Chime) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lkdfkbkkfdhhfnhgbphecddnpfnoedke [2016-02-12]
CHR Extension: (Sketchpad) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2016-02-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-12]
CHR Extension: (Pixelatr) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lnldimmdabnoicjagjmbmedmmcpohkce [2016-02-12]
CHR Extension: (Clickable Links) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mgamelhnfokapndfdodnmfiningckjia [2016-02-12]
CHR Extension: (Spelunky HTML5) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof [2016-02-12]
CHR Extension: (Screencastify (Screen Video Recorder)) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2016-05-10]
CHR Extension: (Q) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mpmgdjodojphjkmdlchbipmeenkpljkj [2016-02-12]
CHR Extension: (deviantART muro) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\namljbfbglehfnlonjmebceimaalofei [2016-02-12]
CHR Extension: (Google Hangouts) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-02-12]
CHR Extension: (SculptGL) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nekbajpiaklffelkfhkjgfbggpehnpcp [2016-02-12]
CHR Extension: (PHP Console) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nfhmhhlpfleoednkpnnnkolmclajemef [2016-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Foto Rulez) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\odahhdimpaeigjcdbgcnhemlkejclmmk [2016-02-12]
CHR Extension: (Picky Wallpapers) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\odklcfojpedohplkimfdpcamkjnhanaj [2016-02-12]
CHR Extension: (My Chrome Theme) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-02-12]
CHR Extension: (OokiCookie) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohjmnhgnkikbajikhhbplekfmljhdhjm [2016-02-12]
CHR Extension: (SEO Global For Google Search™) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ojgmigafbpedhdilmemphfklkbghlphi [2016-02-12]
CHR Extension: (Pink My Facebook) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\okcdpfndmnjdijikpehblfeancekjcgo [2016-02-15]
CHR Extension: (Psykopaint) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2016-02-12]
CHR Extension: (Bloxorz Block Puzzle) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\phiaicokjaoaobiobphcfkmbeiejdang [2016-02-12]
CHR Extension: (Gmail) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-12]
CHR Extension: (Super Sync Sports) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pnlmjnkflmmhllfnhanahmmnodfcpabf [2016-02-12]
CHR Extension: (Type Fu) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pofoighmmpljaikjiidkkfhldjndfdbk [2016-03-05]
CHR Profile: C:\Users\Reza\AppData\Local\Google\Chrome\User Data\System Profile [2016-02-23]
CHR HKU\S-1-5-21-3294675276-783259607-3426699991-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Reza\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-20]
CHR HKU\S-1-5-21-3294675276-783259607-3426699991-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-10-09] (Freemake) [File not signed]
R2 LDrvSvc; C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll [181928 2017-01-19] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 wlcrasvc; C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
S3 debutfilter; C:\WINDOWS\System32\DRIVERS\debutfilterx64.sys [33488 2013-10-26] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-01-30] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-25] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-25] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-25] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-25] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 paeusbaudio; C:\WINDOWS\System32\drivers\paeusbaudio_x64.sys [252280 2012-05-24] ()
S3 paeusbaudiodsp; C:\WINDOWS\System32\drivers\paeusbaudiodsp_x64.sys [71544 2012-05-24] ()
S3 paeusbaudioks; C:\WINDOWS\system32\DRIVERS\paeusbaudioks_x64.sys [53112 2012-05-24] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-05] (Synaptics Incorporated)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [16152 2014-06-26] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 ZOOM_R8MTR; C:\WINDOWS\system32\Drivers\zmr8usbaudio.sys [120960 2016-11-23] (ZOOM Corporation.)
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 13:14 - 2017-02-26 13:14 - 00000000 ___HD C:\OneDriveTemp
2017-02-25 14:13 - 2017-02-25 14:29 - 00058217 _____ C:\Users\Reza\Downloads\Addition.txt
2017-02-25 14:10 - 2017-02-26 13:52 - 00034986 _____ C:\Users\Reza\Downloads\FRST.txt
2017-02-25 14:03 - 2017-02-26 13:50 - 00000000 ____D C:\FRST
2017-02-25 14:01 - 2017-02-25 14:02 - 02423296 _____ (Farbar) C:\Users\Reza\Downloads\FRST64.exe
2017-02-17 00:52 - 2017-02-17 00:52 - 00000000 ____D C:\Users\Public\Thunder Network
2017-02-17 00:52 - 2017-02-17 00:52 - 00000000 ____D C:\ProgramData\Thunder Network
2017-02-17 00:46 - 2017-02-17 01:05 - 00000000 ____D C:\ProgramData\DriverTalent
2017-02-17 00:46 - 2017-02-17 00:46 - 00000000 ____D C:\Users\Reza\AppData\Roaming\DriverTalent
2017-02-17 00:46 - 2017-02-17 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Talent
2017-02-17 00:46 - 2017-02-17 00:46 - 00000000 ____D C:\OSTotoFolder
2017-02-17 00:45 - 2017-02-17 00:45 - 00000000 ____D C:\Program Files (x86)\OSTotoSoft
2017-02-04 10:59 - 2017-02-04 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-01-30 20:08 - 2017-01-30 20:08 - 00003704 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA1d27b77a46e800e
2017-01-30 20:08 - 2017-01-30 20:08 - 00003436 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core1d27b77a4243672
2017-01-30 19:26 - 2017-01-30 19:26 - 00001049 _____ C:\Users\Reza\AppData\Roaming\downloads.json
2017-01-30 19:24 - 2017-01-30 19:26 - 00000000 ____D C:\Users\Reza\AppData\Roaming\FlvtoConverter
2017-01-30 19:24 - 2017-01-30 19:24 - 00002333 _____ C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto YouTube Downloader.lnk
2017-01-30 19:24 - 2017-01-30 19:24 - 00001627 _____ C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Flvto YouTube Downloader.lnk
2017-01-30 19:24 - 2017-01-30 19:24 - 00000000 ____D C:\Users\Reza\Documents\YouTubeDownloads
2017-01-30 19:24 - 2017-01-30 19:24 - 00000000 ____D C:\Users\Reza\AppData\Local\FlvtoYoutubeDownloader
2017-01-30 19:24 - 2017-01-30 19:24 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-30 19:21 - 2017-02-07 21:13 - 00000000 ____D C:\Users\Reza\AppData\Local\Flvto YouTube Downloader
2017-01-30 15:49 - 2017-02-25 20:05 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-30 15:49 - 2017-02-25 14:48 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-30 15:49 - 2017-02-25 14:48 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-30 15:49 - 2017-01-30 15:49 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-30 15:48 - 2017-02-25 14:48 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-30 15:48 - 2017-01-30 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-30 15:48 - 2017-01-30 15:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-30 15:48 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-27 16:35 - 2017-01-27 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-27 16:34 - 2017-01-27 16:35 - 00000000 ____D C:\Program Files\iTunes
2017-01-27 16:34 - 2017-01-27 16:34 - 00000000 ____D C:\Program Files\iPod
2017-01-27 16:29 - 2017-01-27 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 13:34 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-26 13:33 - 2016-09-26 23:48 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-26 13:28 - 2014-06-30 18:48 - 00000000 ____D C:\Users\Reza\AppData\Local\Packages
2017-02-26 13:26 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-26 13:15 - 2013-06-07 10:06 - 00000000 ___RD C:\Users\Reza\Google Drive
2017-02-26 13:14 - 2016-05-11 12:29 - 00000000 ___RD C:\Users\Reza\iCloudDrive
2017-02-26 13:14 - 2015-08-05 19:52 - 00000000 ___RD C:\Users\Reza\OneDrive
2017-02-26 13:12 - 2016-09-26 23:56 - 00000000 ____D C:\Users\Reza
2017-02-25 14:48 - 2016-09-27 00:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-25 14:47 - 2016-07-15 22:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-22 15:45 - 2013-08-13 21:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-22 15:39 - 2012-09-19 21:06 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-21 14:56 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-17 00:24 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-14 10:54 - 2015-04-03 22:30 - 00000000 ____D C:\Users\Reza\AppData\Local\Unity
2017-02-14 10:54 - 2012-11-27 00:39 - 00002987 _____ C:\WINDOWS\wininit.ini
2017-02-14 10:52 - 2014-05-06 19:01 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-02-14 08:04 - 2016-07-24 18:45 - 00000000 ____D C:\Users\Reza\AppData\Roaming\5kplayer
2017-02-11 01:41 - 2014-08-31 01:46 - 00000000 ____D C:\Users\Reza\Desktop\ENTER
2017-02-09 00:38 - 2012-09-18 22:58 - 00000000 ____D C:\Users\Reza\AppData\Local\ElevatedDiagnostics
2017-02-07 21:13 - 2014-06-10 00:50 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA.job
2017-02-07 21:13 - 2014-06-10 00:50 - 00000852 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core.job
2017-02-06 11:48 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 11:48 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-04 10:59 - 2012-11-27 00:19 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-03 12:03 - 2015-05-23 10:24 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-30 15:48 - 2015-02-04 14:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-30 15:48 - 2015-02-04 14:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-27 16:34 - 2015-12-20 03:11 - 00000000 ____D C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2015-01-14 16:04 - 2015-01-14 16:04 - 32371688 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-01-30 19:26 - 2017-01-30 19:26 - 0001049 _____ () C:\Users\Reza\AppData\Roaming\downloads.json
2012-10-22 17:47 - 2012-11-17 13:44 - 0001759 _____ () C:\Users\Reza\AppData\Roaming\SAS7_000.DAT
2013-10-22 23:56 - 2013-10-26 01:19 - 0001181 _____ () C:\Users\Reza\AppData\Roaming\trace_FilterInstaller.1.txt
2013-10-22 23:56 - 2013-10-22 23:57 - 0001181 _____ () C:\Users\Reza\AppData\Roaming\trace_FilterInstaller.2.txt
2013-10-22 23:56 - 2014-05-27 16:17 - 0001003 _____ () C:\Users\Reza\AppData\Roaming\trace_FilterInstaller.txt
2013-10-22 23:56 - 2014-05-27 16:17 - 0000000 _____ () C:\Users\Reza\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-11-25 11:25 - 2014-12-27 08:47 - 0009728 _____ () C:\Users\Reza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-02 11:45 - 2013-10-02 11:45 - 0006113 _____ () C:\Users\Reza\AppData\Local\recently-used.xbel
2014-07-10 20:44 - 2014-07-10 20:44 - 0007606 _____ () C:\Users\Reza\AppData\Local\Resmon.ResmonCfg
2012-01-17 07:48 - 2012-10-09 18:24 - 0012894 _____ () C:\ProgramData\ArcadeDeluxe5.log
2016-09-26 23:51 - 2016-09-26 23:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-11-27 00:36 - 2012-11-27 00:37 - 0000032 _____ () C:\ProgramData\PS.log
2012-09-18 15:35 - 2012-09-18 15:35 - 0000032 _____ () C:\ProgramData\Temp.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-18 01:04

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by Reza (26-02-2017 13:53:16)
Running from C:\Users\Reza\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-27 08:41:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3294675276-783259607-3426699991-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3294675276-783259607-3426699991-503 - Limited - Disabled)
Guest (S-1-5-21-3294675276-783259607-3426699991-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3294675276-783259607-3426699991-1002 - Limited - Enabled)
Reza (S-1-5-21-3294675276-783259607-3426699991-1000 - Administrator - Enabled) => C:\Users\Reza

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Suite (HKLM\...\{F6238EAB-3AD7-4B0E-B0AD-E533A93A5C32}) (Version: 9.0.0.0 - Ableton)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3501.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.3501.00 - CyberLink Corp.) Hidden
ACID Music Studio 9.0 (HKLM-x32\...\{FAD22280-8DD6-11E3-A36E-F04DA23A5C58}) (Version: 9.0.40 - Sony)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcadeMovie (HKLM-x32\...\InstallShield_{E670F1F2-A882-4EE5-90E1-EFBF46AB5A01}) (Version: 4.00.0000 - CyberLink Corp.)
ArcadeMovie (x32 Version: 4.00.0000 - CyberLink Corp.) Hidden
ArtRage 4 Demo (HKLM-x32\...\ArtRage 4 Demo 4.5.2.0) (Version: 4.5.2.0 - Ambient Design)
ArtRage 4 Demo (Version: 4.5.2.0 - Ambient Design) Hidden
AudioBox version 1.2 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.2 - PreSonus)
Avid Mbox 2 USB Drivers (x64) (HKLM\...\{F9242D4E-09E7-45C7-A53A-83375D0FAD42}) (Version: 9.0.2 - Avid Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.49.150 - OSToto Co., Ltd.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack)
Freemake Video Converter version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Max 6.1.8 (x64) (HKLM\...\{B3071CEA-6555-4660-BBC9-A3A28F00197A}) (Version: 136.1.8 - Cycling '74)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Moo0 Audio Converter 1.32 (HKLM-x32\...\Moo0 AudioTypeConverter) (Version:  - )
Moo0 Voice Recorder 1.43 (HKLM-x32\...\Moo0 VoiceRecorder) (Version:  - )
Moo0 YouTube Downloader 1.06 (HKLM-x32\...\Moo0 Utube-DL) (Version:  - )
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
PreSonus Studio One 2 (HKLM-x32\...\PreSonus Studio One 2) (Version: 2.5.2.22258 - PreSonus Audio Electronics)
R8 Driver (HKLM\...\{C68DB659-6046-41FD-B163-E7208C1718A4}) (Version: 2.2.0.8 - ZOOM)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Studio Devil BVC 1.1 (HKLM-x32\...\Studio Devil BVC - Acid Music Studio Edition_is1) (Version:  - StudioDevil)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)
Telegram Desktop version 1.0 (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0 - Telegram Messenger LLP)
TruePianos Amber Lite (ACID Music Studio) 1.5.0 (HKLM-x32\...\TruePianos Amber Lite (ACID Music Studio)_is1) (Version:  - 4Front Technologies)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viber (HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\{7de2db6a-6f4b-4b45-82b9-57d5d7f1c952}) (Version: 5.4.0.1664 - Viber Media Inc.)
Viber (x32 Version: 5.4.0.1664 - Viber Media Inc.) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Reza\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03DF55EB-3619-4B37-B7BE-3820E691F8FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0DCF04DE-D69D-45C8-BD57-2D806BDD143C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {1569EA35-B689-4777-85C9-5218161CD92B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core1d27b77a4243672 => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {15FCD86A-9B5E-4271-8311-1AD8BC28BEEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {16E25E59-475C-48FE-B049-5ECF1A0C1E14} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {1869619F-C32D-41ED-9922-DFED88E1DCAB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {18E80EE4-A648-430B-A4A4-CE0F9E597067} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe 
Task: {195B9241-56B8-47BF-AF57-522F80AC7EC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {19B44E58-C3E5-4213-8CC3-37B115C5FA1F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {1B860AE4-B749-4262-B13F-C8D3ADC39234} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Moo0\VideoToAudio 1.12\VideoToAudio.exe 
Task: {1D9E9F21-73F1-4A9F-A1B3-A7D3A0BAA2C0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {1F343AE1-F994-4A01-A553-A429D94DF3D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {206F523C-7DE4-49DD-8F9F-E7A8B31A1A4B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {25A88B16-6D40-40B2-AB4F-C013393836E8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2AA441AF-1C39-44D3-B7FA-9A5A39C64976} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3D5B6403-E35F-4CF1-9F17-E34C0AD34763} - System32\Tasks\1015avUpdateInfo => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe [2015-10-11] ()
Task: {4104424B-3B41-4B4E-A5EB-A8C02C7B6733} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{58B3C879-B7DD-4F4D-9C5B-6641E0D5C976}.exe [2015-06-21] ()
Task: {424402F0-137B-40BC-A26B-67770BEAD723} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {46D7E8D5-2116-48F8-B25F-5FFE8B63F1DD} - \PassShow Update -> No File <==== ATTENTION
Task: {480DFD45-D0D0-494B-A55E-706225534F7D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {4C7C8F6E-D0A2-4C74-87BC-F9E8D4B33BF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {5D71C62C-F951-40AF-A8F4-102EE8D8F7D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA1d27b77a46e800e => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {5E49009D-BBE0-4A6C-A37E-05DD3E5884F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.)
Task: {62AB2B64-F460-46D0-BD39-69A5414D7884} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {699BE71C-44CC-4760-8317-1B208718B9E0} - System32\Tasks\{13284ABE-CCA2-438F-8AC9-A005719A3BCB} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Task: {6EA1D2C9-3830-494E-82D6-A7AD22A9F7C9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {706164FA-1B7D-45A0-BF3B-6549035B76C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {70757ED2-6922-48D5-9FFF-5CA448387BBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.)
Task: {7467B9B3-1F9C-49EF-8F44-6ED0F5CB09E8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {7BEB9549-FDEF-4F27-8BB9-B1C49AF7EB15} - System32\Tasks\{B5B1A3A2-5A1C-46C3-A4B9-C6CC6A571974} => pcalua.exe -a C:\Users\Reza\Downloads\sp48051.exe -d C:\Users\Reza\Downloads
Task: {8981AD63-D56E-4485-8C6D-5822CCF498A4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {8CAB513F-BD45-4996-BF93-B2D788DECF3A} - System32\Tasks\{AE807DAD-E234-4EB5-AC9F-3EDE7A230F12} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar
Task: {9369AF83-2DD2-4F8E-A640-220B6289A2EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {975A74FE-A436-4189-8B2E-7C6A9DCCEA81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {999D62C5-ADC6-4AD5-9C30-0E18C452E800} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {9DBE96E0-C863-4ADB-A9A0-929CD16CDAFB} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {9F440B3B-0ABF-4F7D-BD33-BFAD9D7B5BDD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {A0AE359D-1DE7-4641-93C1-F4A9FB318E8A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A0E9FE00-CF13-49AF-A8ED-FB904B5E08A0} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {AA00C774-1830-4188-83BD-19E393F2D566} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {B305C3E0-5245-4C39-A853-1A0623D77245} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B5ADC499-1E0D-4053-8B7F-2164F78552C0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B73D26A7-40FA-4A80-9714-BFB07E62B52D} - System32\Tasks\{B34FB2E0-B5B6-4D2C-A4D7-2D06C94C5B7B} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E670F1F2-A882-4EE5-90E1-EFBF46AB5A01}\Setup.exe" -c -runfromtemp -l0x0409
Task: {B77C219D-C393-4D2F-B3F7-171DD5602E6F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {C148FFC7-C767-41D5-BD4A-9DB42752A336} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C8E863F2-B72E-4725-B66D-B6FA98CA8A67} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D3BC833F-C1B5-4719-96DB-923E49F91C25} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {D5F2CC07-A4D9-4E78-9B3A-71B6FDE756C0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-01-17] (Apple Inc.)
Task: {D94450E2-03B5-4C0D-9C9D-74068B33A50C} - System32\Tasks\{A3AAE776-EE26-4896-8B32-8839CB93443A} => C:\Program Files (x86)\iTunes\iTunes.exe 
Task: {DCECC6D0-3473-4C5E-9557-16BDF02FDF38} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E19B804A-E4CF-476C-9C78-70B8CE34C098} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {EE5A851C-14B1-442D-9C8C-089F40A34085} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {F1F42CF6-8BD4-41EB-9F37-811707C08B5B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {F2FA259D-50B4-4107-A6B5-5A7523C6940F} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Reza\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {F31DEFDF-E414-47D7-AC13-A7A928F6B4B4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F67BC5BC-9B8A-4B61-ADDA-9ED0535E0D85} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{58B3C879-B7DD-4F4D-9C5B-6641E0D5C976}.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000Core.job => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3294675276-783259607-3426699991-1000UA.job => C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Cut the Rope.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=jfbadlndcminbkfojhlimnkgaackjmdo
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Happy Friday!.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=lagckjdgadpknikjoegcibbollkafpid
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Scratch for Holiday.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=ggfniphganolbedpcfmpjmnnfhgaoein
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\So Many Me - Demo.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=bgjkhidjaocnkjchjfpgbfdegeiljcdn
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Spelunky HTML5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=mhagnkphcmpkmabhocgimoncfaihkpof
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=clhhggbfdinjmjhajaheehoeibfljjno
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Touch Drawing App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=knegnmjmhjjnmpfidlhnjcajmbmhdnbm
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Type Fu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 2" --app-id=pofoighmmpljaikjiidkkfhldjndfdbk
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Reza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Meloetta - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-30 15:48 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-30 15:48 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-30 15:48 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-30 17:12 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-27 00:33 - 2016-09-27 00:33 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 16:51 - 2016-12-20 23:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 16:50 - 2016-12-20 22:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 16:50 - 2016-12-20 22:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 16:50 - 2016-12-20 22:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 16:50 - 2016-12-20 22:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 16:50 - 2016-12-20 22:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 16:50 - 2016-12-20 22:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 10:00 - 2017-02-22 10:02 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 10:00 - 2017-02-22 10:02 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 10:00 - 2017-02-22 10:02 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 21:04 - 2017-02-06 21:06 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-10-24 14:25 - 2015-10-09 15:56 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2017-02-01 20:12 - 2017-02-01 01:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-01 20:12 - 2017-02-01 01:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-17 00:45 - 2017-01-19 22:34 - 00181928 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2017-02-17 00:45 - 2017-01-19 22:34 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2017-02-17 00:46 - 2017-01-19 22:34 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2017-02-17 00:45 - 2017-01-19 22:34 - 00112296 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2017-02-17 00:46 - 2017-01-19 22:34 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-02-26 13:13 - 2017-02-26 13:13 - 00098816 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32api.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00110080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\pywintypes27.dll
2017-02-26 13:13 - 2017-02-26 13:13 - 00364544 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\pythoncom27.dll
2017-02-26 13:13 - 2017-02-26 13:13 - 00320512 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32com.shell.shell.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00914432 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_hashlib.pyd
2017-02-26 13:14 - 2017-02-26 13:14 - 01176576 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._core_.pyd
2017-02-26 13:14 - 2017-02-26 13:14 - 00806400 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._gdi_.pyd
2017-02-26 13:14 - 2017-02-26 13:14 - 00816128 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._windows_.pyd
2017-02-26 13:14 - 2017-02-26 13:14 - 01067008 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._controls_.pyd
2017-02-26 13:14 - 2017-02-26 13:14 - 00733184 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._misc_.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00682496 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\pysqlite2._sqlite.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00088064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_ctypes.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00686080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\unicodedata.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00119808 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32file.pyd
2017-02-26 13:14 - 2017-02-26 13:14 - 00108544 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32security.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00007168 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\hashobjs_ext.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00017920 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\thumbnails_ext.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00088064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\usb_ext.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00012800 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\common.time34.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00018432 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32event.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00167936 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32gui.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00046080 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_socket.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 01303552 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_ssl.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00128512 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_elementtree.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00127488 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\pyexpat.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00038912 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32inet.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00036864 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_psutil_windows.pyd
2017-02-26 13:14 - 2017-02-26 13:14 - 00524248 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\windows._lib_cacheinvalidation.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00011264 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32crypt.pyd
2017-02-26 13:14 - 2017-02-26 13:14 - 00123392 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._wizard.pyd
2017-02-26 13:14 - 2017-02-26 13:14 - 00077312 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._html2.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00027648 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_multiprocessing.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00020480 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\_yappi.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00035840 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32process.pyd
2017-02-26 13:14 - 2017-02-26 13:14 - 00078848 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\wx._animate.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00024064 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32pipe.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00010240 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\select.pyd
2017-02-26 13:13 - 2017-02-26 13:13 - 00025600 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32pdh.pyd
2017-02-26 13:13 - 2017-02-26 13:14 - 00017408 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32profile.pyd
2017-02-26 13:14 - 2017-02-26 13:14 - 00022528 ____R () C:\Users\Reza\AppData\Local\Temp\_MEI99362\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [170]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Reza\Desktop\ENTER\GILLIANHARTART\seahorse.png
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AudioBox VSL => C:\Program Files\PreSonus\AudioBox\AudioBox.exe -startup
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Reza\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\...\StartupApproved\Run: => "AudioBox VSL"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7EFA68E4-5207-47C5-8F2B-1ED09FEB2229}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{7E21B876-BA4B-4A3C-A5D6-46D204F38017}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{E40E1F07-B915-4605-89F8-C0731211EC8A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{06DE4B17-98FA-47D8-9829-43EF27ACAA66}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{D15C6520-3FCD-48DC-B694-90E34BECEFAB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5B44694B-FCCC-401B-8AA1-76AB0B782820}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [UDP Query User{9747D755-5ECE-4533-9860-DCA8CD671F15}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{39AAE125-947D-48AE-8DBC-CD6D3065FD40}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{AE0DD836-7B33-48BF-B29B-C1C21D7E3AFD}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{91CBAB0B-B902-4630-809E-3DAE4146B961}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{E5153C5F-AA0F-41B1-9946-28674C067F38}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B814E440-75CA-41BE-BA24-8C6FA3790622}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{88A56846-3068-401C-B9C8-DE3DCAE5B3E5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{0B488E95-3363-4B0F-832C-CFA63936DBD7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CB4E149C-60A5-4769-9B66-D01644DFF126}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{51297A57-31D0-4E54-B2CA-20C1D5FF87E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{0DE1BFF3-F392-4835-AEFA-D4F1B4C3A44E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FBAB83AC-763C-427B-B60D-4E76EE4525B8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{316750C9-A053-4121-82F9-CA1AD801E3A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{60C793C1-94BA-4E8C-A783-40BDB3A71EF7}] => (Block) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [{DE58BC30-7D09-41EA-838C-366EADF8739D}] => (Block) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [UDP Query User{6CF3B5FD-3F3B-48B4-A0AA-D14592ACDE94}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [TCP Query User{C276646A-0992-4E48-A97D-6D836B0BDBD9}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [{5466733C-131F-4904-A15B-FC1772DCF6BD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{32C1309A-41CB-4B7B-9430-1E15678A3710}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [UDP Query User{02CCDD33-7EF1-4A2A-819D-1B56B32AB8B9}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [TCP Query User{F5445A46-312F-4C81-AD89-B26B80C2246A}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [UDP Query User{89578634-2123-41A5-8C2D-154DDFF72934}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{886F6B67-FBF9-4DC1-8FE3-86AE8D4BB2BC}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{9DC3B462-8F85-4181-82D8-E96CEA35A010}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{48D8D9E0-A709-411D-9BFF-CFAEEA8455FD}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{45C518A1-5AF5-40AF-8B18-7A9EDA12CC4F}] => (Allow) LPort=51001
FirewallRules: [{D9750CC1-49FB-49EC-938E-4E95D37E49C1}] => (Allow) LPort=37675
FirewallRules: [{060877D4-BDC4-499B-9E6A-FE38162D1CE0}] => (Allow) LPort=37674
FirewallRules: [{44BDB300-EF73-4CC8-A0CB-6F428D9CEBB7}] => (Allow) LPort=37674
FirewallRules: [{83A02CBD-1437-48CE-B520-54D181C37228}] => (Allow) LPort=443
FirewallRules: [{0F0080DF-5CCB-47DA-B3E2-929462C595D9}] => (Allow) LPort=443
FirewallRules: [{72E71537-A64B-4913-8379-0E3D0B25E531}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{965697C2-3AFC-4609-BF56-08F96B1EEEC4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{61EA5BA8-FFE8-4C54-82D5-8DD41A68818D}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{13A0A512-A8F7-4C5B-94CA-43F8BC92212B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{AD40F0BD-F40E-4606-8F45-8663B09AC87C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{6A6B01AA-5DAC-4821-8F4A-A1D302804496}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1D6D0113-BCF8-484C-8967-7AFC7A691B56}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{5D489336-C113-4D15-B3A8-0CAE4A4AE923}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{8440651C-DF0A-4C6E-8E37-96F8593DD308}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B16BD899-7EBF-490B-9436-A0F60B53C533}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{30124E73-E94B-4911-83FC-022D4E216A5E}] => (Allow) LPort=1900
FirewallRules: [{B13AA4C6-50D3-420B-9874-6E867BD24A1E}] => (Allow) LPort=2869
FirewallRules: [{70969C10-61F7-42B4-BDC8-917270BE7C33}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C463FBE6-69FC-4D61-B8C4-64BC228DACED}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4356AC76-7E6F-41A7-87D1-EA2A40FA059C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{FE1A037A-6EFC-44CA-B418-852D1CE1F17E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{077B0BFF-2E7B-44B4-A9DE-6C1C1D8D3C40}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{776EBE4C-FB49-4B48-B95F-F63F2B576B39}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{4808F9BE-687B-4014-AA64-578068F5B338}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{7D9EC392-0B9F-49C0-B553-9245401D32CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E25F77AC-A2D1-47C9-8F82-09EC253E1A4B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6CD1ADD-C5F1-4534-A0FD-B9CCAF3269A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9ABF9C80-E5E4-4B19-A322-4F53A52110FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0F7D4A0F-3259-4A48-B0AB-C364C79300A5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A0E262CF-904B-47B0-AF36-E72AF5504BC8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{91DB7801-5D28-4B60-BC75-615C3B700A89}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{B537BF97-705B-463F-957F-271BD68C4F09}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{BF5373B6-52F1-4D13-B59D-7E801A1A8EC5}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe

==================== Restore Points =========================

03-02-2017 09:27:24 Scheduled Checkpoint
12-02-2017 14:43:58 Scheduled Checkpoint
14-02-2017 10:56:50 Removed Visual Studio 2012 x86 Redistributables
21-02-2017 13:18:15 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2017 01:39:41 PM) (Source: MsiInstaller) (EventID: 11706) (User: ACERRM)
Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder.  The Windows Installer cannot continue.

Error: (02/26/2017 01:12:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46787094

Error: (02/26/2017 01:12:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46787094

Error: (02/26/2017 01:12:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/26/2017 12:12:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3625

Error: (02/26/2017 12:12:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3625

Error: (02/26/2017 12:12:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/26/2017 12:12:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2312

Error: (02/26/2017 12:12:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2312

Error: (02/26/2017 12:12:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/26/2017 01:49:10 PM) (Source: DCOM) (EventID: 10016) (User: ACERRM)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user AcerRM\Reza SID (S-1-5-21-3294675276-783259607-3426699991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2017 01:38:01 PM) (Source: DCOM) (EventID: 10016) (User: ACERRM)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user AcerRM\Reza SID (S-1-5-21-3294675276-783259607-3426699991-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2017 01:30:04 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/26/2017 01:30:01 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/26/2017 01:29:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/26/2017 01:29:56 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/26/2017 01:29:54 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/26/2017 01:29:51 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/26/2017 01:29:48 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/26/2017 01:29:46 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================
  Date: 2017-02-25 14:02:04.528
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-25 14:02:04.516
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-20 17:08:56.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-20 17:08:56.562
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 21:22:41.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 21:22:41.326
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 18:55:58.903
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 18:55:58.899
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 15:24:23.580
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 15:24:23.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 58%
Total physical RAM: 3947.86 MB
Available physical RAM: 1652.05 MB
Total Virtual: 13163.86 MB
Available Virtual: 3590.72 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:125.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 281C6927)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hi rezalini.

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); NOTE: Please DO NOT open or make any changes in the attached file.
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

 

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator;
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits: Aura
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;


  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator;
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
    Credits: Aura
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

 

To summarize please post:
The content of fixlog.txt produced by FRST.
The content of JRT log.
The content of AdwCleaner log.

At this point how is the computer running? Are you still having page redirects in Google Chrome browser?

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017
Ran by Reza (27-02-2017 11:46:12) Run:1
Running from C:\Users\Reza\Downloads
Loaded Profiles: Reza (Available Profiles: Reza)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
CreateRestorePoint:
EmptyTemp:

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid=%7B8540FAAA-3170-403B-BDB1-B8CF3242468A%7D&mid=7fb02da0e2c947cdadf9326578a59a8a-16f97391bdb3fd8b1dda9ef65c20f39780e8ace4&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2015-03-04%2019:06:43&v=4.1.5.143&pid=wtu&sg=&sap=hp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=20121129181019354&tb_oid=29-11-2012&tb_mrud=29-11-2012
SearchScopes: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={8540FAAA-3170-403B-BDB1-B8CF3242468A}&mid=7fb02da0e2c947cdadf9326578a59a8a-16f97391bdb3fd8b1dda9ef65c20f39780e8ace4&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2015-03-04 19:06:43&v=4.1.5.143&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKU\S-1-5-21-3294675276-783259607-3426699991-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [16152 2014-06-26] ()
U3 aspnet_state; no ImagePath
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Reza\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {195B9241-56B8-47BF-AF57-522F80AC7EC1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1F343AE1-F994-4A01-A553-A429D94DF3D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {25A88B16-6D40-40B2-AB4F-C013393836E8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2AA441AF-1C39-44D3-B7FA-9A5A39C64976} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3D5B6403-E35F-4CF1-9F17-E34C0AD34763} - System32\Tasks\1015avUpdateInfo => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe [2015-10-11] ()
Task: {46D7E8D5-2116-48F8-B25F-5FFE8B63F1DD} - \PassShow Update -> No File <==== ATTENTION
Task: {706164FA-1B7D-45A0-BF3B-6549035B76C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9369AF83-2DD2-4F8E-A640-220B6289A2EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A0AE359D-1DE7-4641-93C1-F4A9FB318E8A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B305C3E0-5245-4C39-A853-1A0623D77245} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C148FFC7-C767-41D5-BD4A-9DB42752A336} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C8E863F2-B72E-4725-B66D-B6FA98CA8A67} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DCECC6D0-3473-4C5E-9557-16BDF02FDF38} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F31DEFDF-E414-47D7-AC13-A7A928F6B4B4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [170]
FirewallRules: [{7EFA68E4-5207-47C5-8F2B-1ED09FEB2229}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{7E21B876-BA4B-4A3C-A5D6-46D204F38017}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{E40E1F07-B915-4605-89F8-C0731211EC8A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{06DE4B17-98FA-47D8-9829-43EF27ACAA66}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{D15C6520-3FCD-48DC-B694-90E34BECEFAB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5B44694B-FCCC-401B-8AA1-76AB0B782820}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{B814E440-75CA-41BE-BA24-8C6FA3790622}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{88A56846-3068-401C-B9C8-DE3DCAE5B3E5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{0B488E95-3363-4B0F-832C-CFA63936DBD7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{CB4E149C-60A5-4769-9B66-D01644DFF126}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{51297A57-31D0-4E54-B2CA-20C1D5FF87E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{0DE1BFF3-F392-4835-AEFA-D4F1B4C3A44E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FBAB83AC-763C-427B-B60D-4E76EE4525B8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{316750C9-A053-4121-82F9-CA1AD801E3A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{FE1A037A-6EFC-44CA-B418-852D1CE1F17E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{077B0BFF-2E7B-44B4-A9DE-6C1C1D8D3C40}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{776EBE4C-FB49-4B48-B95F-F63F2B576B39}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{4808F9BE-687B-4014-AA64-578068F5B338}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

CMD: ipconfig /flushdns

End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => key removed successfully
HKCR\Wow6432Node\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => key not found. 
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0 => key removed successfully
C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
HKLM\System\CurrentControlSet\Services\SWDUMon => key removed successfully
SWDUMon => service removed successfully
HKLM\System\CurrentControlSet\Services\aspnet_state => key removed successfully
aspnet_state => service removed successfully
HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key removed successfully
HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key removed successfully
HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key removed successfully
HKU\S-1-5-21-3294675276-783259607-3426699991-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{195B9241-56B8-47BF-AF57-522F80AC7EC1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{195B9241-56B8-47BF-AF57-522F80AC7EC1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F343AE1-F994-4A01-A553-A429D94DF3D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F343AE1-F994-4A01-A553-A429D94DF3D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25A88B16-6D40-40B2-AB4F-C013393836E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25A88B16-6D40-40B2-AB4F-C013393836E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AA441AF-1C39-44D3-B7FA-9A5A39C64976} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AA441AF-1C39-44D3-B7FA-9A5A39C64976} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D5B6403-E35F-4CF1-9F17-E34C0AD34763} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D5B6403-E35F-4CF1-9F17-E34C0AD34763} => key removed successfully
C:\WINDOWS\System32\Tasks\1015avUpdateInfo => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1015avUpdateInfo => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46D7E8D5-2116-48F8-B25F-5FFE8B63F1DD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46D7E8D5-2116-48F8-B25F-5FFE8B63F1DD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PassShow Update => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{706164FA-1B7D-45A0-BF3B-6549035B76C4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{706164FA-1B7D-45A0-BF3B-6549035B76C4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9369AF83-2DD2-4F8E-A640-220B6289A2EA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9369AF83-2DD2-4F8E-A640-220B6289A2EA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0AE359D-1DE7-4641-93C1-F4A9FB318E8A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0AE359D-1DE7-4641-93C1-F4A9FB318E8A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B305C3E0-5245-4C39-A853-1A0623D77245} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B305C3E0-5245-4C39-A853-1A0623D77245} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C148FFC7-C767-41D5-BD4A-9DB42752A336} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C148FFC7-C767-41D5-BD4A-9DB42752A336} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8E863F2-B72E-4725-B66D-B6FA98CA8A67} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8E863F2-B72E-4725-B66D-B6FA98CA8A67} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCECC6D0-3473-4C5E-9557-16BDF02FDF38} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCECC6D0-3473-4C5E-9557-16BDF02FDF38} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F31DEFDF-E414-47D7-AC13-A7A928F6B4B4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F31DEFDF-E414-47D7-AC13-A7A928F6B4B4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
C:\ProgramData\Temp => ":0FF263E8" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7EFA68E4-5207-47C5-8F2B-1ED09FEB2229} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E21B876-BA4B-4A3C-A5D6-46D204F38017} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E40E1F07-B915-4605-89F8-C0731211EC8A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06DE4B17-98FA-47D8-9829-43EF27ACAA66} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D15C6520-3FCD-48DC-B694-90E34BECEFAB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B44694B-FCCC-401B-8AA1-76AB0B782820} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B814E440-75CA-41BE-BA24-8C6FA3790622} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88A56846-3068-401C-B9C8-DE3DCAE5B3E5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B488E95-3363-4B0F-832C-CFA63936DBD7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB4E149C-60A5-4769-9B66-D01644DFF126} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51297A57-31D0-4E54-B2CA-20C1D5FF87E9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0DE1BFF3-F392-4835-AEFA-D4F1B4C3A44E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FBAB83AC-763C-427B-B60D-4E76EE4525B8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{316750C9-A053-4121-82F9-CA1AD801E3A2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE1A037A-6EFC-44CA-B418-852D1CE1F17E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{077B0BFF-2E7B-44B4-A9DE-6C1C1D8D3C40} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{776EBE4C-FB49-4B48-B95F-F63F2B576B39} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4808F9BE-687B-4014-AA64-578068F5B338} => value removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 225733886 B
Java, Flash, Steam htmlcache => 8639 B
Windows/system/drivers => 180389398 B
Edge => 250246889 B
Chrome => 1489482076 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6152 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 108844 B
NetworkService => 46749606 B
Reza => 483716040 B

RecycleBin => 0 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:59:54 ====

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by Reza (Administrator) on Mon 02/27/2017 at 12:48:09.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 0 


Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/27/2017 at 12:53:50.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

# AdwCleaner v6.043 - Logfile created 27/02/2017 at 12:38:25
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-27.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Reza - ACERRM
# Running from : C:\Users\Reza\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Avg_Update_0116avz
[-] Folder deleted: C:\ProgramData\Avg_Update_0116tb
[-] Folder deleted: C:\ProgramData\Avg_Update_0215tb
[-] Folder deleted: C:\ProgramData\Avg_Update_0615tb
[-] Folder deleted: C:\Users\Reza\AppData\Roaming\NCdownloader
[-] Folder deleted: C:\ProgramData\Performance Optimizer
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Performance Optimizer
[-] Folder deleted: C:\Program Files (x86)\Common Files\freemake shared


***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\GlobalUpdate
[-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\ImInstaller
[-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\OutfoxTV
[-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-3294675276-783259607-3426699991-1000\Software\AppDataLow\Software\Smart Suggestor
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\GlobalUpdate
[#] Key deleted on reboot: HKCU\Software\ImInstaller
[#] Key deleted on reboot: HKCU\Software\OutfoxTV
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Smart Suggestor
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SOFTWARE\firstsearch
[-] Key deleted: HKLM\SOFTWARE\GlobalUpdate
[-] Key deleted: HKLM\SOFTWARE\OutfoxTV
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\SP Global
[-] Key deleted: HKLM\SOFTWARE\SProtector
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\GlobalUpdate
[#] Key deleted on reboot: [x64] HKCU\Software\ImInstaller
[#] Key deleted on reboot: [x64] HKCU\Software\OutfoxTV
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Smart Suggestor
[-] Key deleted: [x64] HKLM\SOFTWARE\AVG Secure Search
[-] Key deleted: [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE


***** [ Web browsers ] *****

[-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: speedial.com
[-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: conduit.search
[-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: debut-video-capture.en.softonic.com
[-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2] [startup_urls] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=hdr_s_15_33_orgnl&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyE0FtB0D0DyEyB0CtCtDtAtN0D0Tzu0StCtAtBtAtN1L2XzutAtFtCtBtFyDtFyCtN1L1Czu1M1Q1CtDzytN1L1G1B1V1N2Y1L1Qzu2StCtA0B0E0F0DyEzytGyDyByC0CtGtB0EyCtAtGyCtByE0AtGzyyE0CtCtC0AtA0DtAtC0C0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCzyyCtAyE0FtBtGzzzzyDyBtGyE0BtAyCtGzytD0C0AtG0B0CtBtCtAyByC0CyD0E0A0C2QtN0A0LzuyE%26cr%3D1662870051%26a%3Dhdr_s_15_33_orgnl%26os%3DWindows%2B7%2BHome%2BPremium&uref=chmm
[-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: ajkgkhepjponelmnplpciplmhagpknbg
[-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: gafhhbahpojnjfhpepjjfjojbphnogmn
[-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: gjkpcnacdgdlpfejlgflolpaigoicibh
[-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: lekgiimbfodefdaoofhlckefjbgpeilo
[-] [C:\Users\Reza\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: ocifcogajbgikalbpphmoedjlcfjkhgh


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [11761 Bytes] - [27/02/2017 12:38:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [11010 Bytes] - [27/02/2017 12:24:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11909 Bytes] ##########
 

 

 

 

 

Link to post
Share on other sites

Hello rezalini.

You did everything well. :)

Please follow the instructions in the link below to delete your Google Chrome brower history.
https://support.google.com/chrome/answer/95589?co=GENIE.Platform%3DDesktop&hl=en

Please follow the instructions in the link below to reset your Google Chrome brower settings to default.
https://support.google.com/chromebook/answer/3296214?hl=en

How is it now? Are you still having page redirects in Chrome?

Edited by Android8888
Link to post
Share on other sites

  • 2 weeks later...

Hello rezalini.

1 hour ago, rezalini said:

All is Well. Everything works now! Thank you!

I'm glad to hear that your computer is working well.

However that doesn't mean that your computer is completely clean and free of malware. I'd like you to run a scan to search for leftovers that can remain in the system.

Please follow the instructions below and perform a scan in your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
  • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
  • Close all your programs and browsers.
  • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
  • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.

  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

Please post the entire content of the ESET log (if it produced one). Also let me know if nothing is found.

 

Link to post
Share on other sites

Here we go...

 

C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe    a variant of Win32/OpenCandy.A potentially unsafe application    cleaned by deleting
C:\Users\Reza\AppData\Roaming\IDM2\Setup.exe    Win32/Idmsq.A potentially unwanted application    cleaned by deleting
 

Should i delete them?

Link to post
Share on other sites

Hello.

9 hours ago, rezalini said:

Should i delete them?

Yes, delete them both (if not already done by ESET itself).

 

Outdated programs are security vulnerabilities in the system that are constantly exploited by threats, putting the computer at risk.

Please read the instructions below and update the following programs:

Google Chrome browser:
How to Update Google Chrome


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 8 Update 121.

You can manually check your present version and update as recommended.
https://www.java.com...d/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmic...java-0-day-fix/

If present remove the old version(s) of Java using the Programs and Features applet which can be found through right-click on Start -> Control Panel -> Programs and Features, if you are not developping Java programs.


If the updates went well, you can remove the tools we used in the malware removal process.

  • Please download DelFix and save it to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator;
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Close it. I don't need to see the log file.

 

Are there any further issues with your computer?

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.