Jump to content

How do you want to open this file klk.tmp?


Recommended Posts

Recently I installed a software, it has already installed few other softwares unauthorized way. Now as a loop it appears a pop up asking 'how do you want to open this file?'. The file location is 'file:///C:/Users/HP/AppData/Local/Temp/klk.tmp' . I ran antivirus scans and delete some malware files. But still problem exists. Please help.

Link to post
Share on other sites

Hi Nimeshika :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Link to post
Share on other sites

Thank you Aura. I just started the scan by Mulwarebytes still running. Meantime I read your instructions mentioned in this post. Installed FRST and searched for the 'klk.tmp' file. here is the result.

Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by HP (06-11-2017 16:53:05)
Running from C:\Users\HP\Desktop
Boot Mode: Normal

================== Search Files: "*klk.tmp*" =============

C:\Users\HP\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\klk.tmp.log
[2017-10-31 22:25][2017-10-31 22:25] 000000020 _____ () B3AC9D09E3A47D5FD00C37E075A70ECB [File not signed]


====== End of Search ======

I will forward the export summary as soon as possible :)

Link to post
Share on other sites

Hi Aura, here is the Export summary.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/6/17
Scan Time: 8:04 PM
Log File: 8a7f4e2e-c2ff-11e7-ad1d-705a0fb7fa8c.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3189
License: Trial

-System Information-
OS: Windows 10 (Build 10240.17146)
CPU: x64
File System: NTFS
User: HP-PC\HP

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 436627
Threats Detected: 28
Threats Quarantined: 28
Time Elapsed: 8 min, 26 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 6
PUP.Optional.InstallCore, HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\SOFTWARE\csastats, Quarantined, [2], [260986],1.0.3189
Adware.Norassie, HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\SOFTWARE\Norassie, Quarantined, [2886], [361347],1.0.3189
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CC36B899-AEC1-46A5-A88A-553490260E13}, Quarantined, [19], [451702],1.0.3189
PUP.Optional.Yelloader, HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\SOFTWARE\ssn, Quarantined, [1721], [251340],1.0.3189
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SYSTEM\SecurityService, Quarantined, [19], [451703],1.0.3189
Trojan.PasswordStealer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AstiCon, Quarantined, [53], [451804],1.0.3189

Registry Value: 1
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CC36B899-AEC1-46A5-A88A-553490260E13}|PATH, Quarantined, [19], [451702],1.0.3189

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 7
PUP.Optional.StartPage, C:\USERS\HP\APPDATA\ROAMING\BROWSERMODULE, Quarantined, [46], [335017],1.0.3189
PUP.Optional.SSN, C:\Users\HP\AppData\Roaming\ssn\Update, Quarantined, [1203], [431769],1.0.3189
PUP.Optional.SSN, C:\USERS\HP\APPDATA\ROAMING\SSN, Quarantined, [1203], [431769],1.0.3189
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon, Quarantined, [2200], [443384],1.0.3189
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\js, Quarantined, [2200], [443384],1.0.3189
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0, Quarantined, [2200], [443384],1.0.3189
PUP.Optional.BrowserModule, C:\USERS\HP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FNGMHNNPILHPLAEEDIFHCCCEOMCLGFBG, Quarantined, [2200], [443384],1.0.3189

File: 14
PUP.Optional.StartPage, C:\USERS\HP\APPDATA\ROAMING\BROWSERMODULE\COMPONENT.LOG, Quarantined, [46], [335017],1.0.3189
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\SYSTEM\SECURITYSERVICE, Quarantined, [19], [451704],1.0.3189
PUP.Optional.SSN, C:\USERS\HP\APPDATA\ROAMING\SSN\UPDATE\SETUP.PHP, Quarantined, [1203], [431769],1.0.3189
PUP.Optional.Tables.Generic, C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GHI36HI7.DEFAULT\EXTENSIONS\300414@extcorp.com.xpi, Quarantined, [9256], [450129],1.0.3189
PUP.Optional.BrowserModule, C:\USERS\HP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2200], [443384],1.0.3189
PUP.Optional.BrowserModule, C:\USERS\HP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [2200], [443384],1.0.3189
PUP.Optional.BrowserModule, C:\USERS\HP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FNGMHNNPILHPLAEEDIFHCCCEOMCLGFBG\78.0_0\MANIFEST.JSON, Quarantined, [2200], [443384],1.0.3189
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon\icon128.png, Quarantined, [2200], [443384],1.0.3189
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon\icon16.png, Quarantined, [2200], [443384],1.0.3189
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon\icon24.png, Quarantined, [2200], [443384],1.0.3189
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon\icon32.png, Quarantined, [2200], [443384],1.0.3189
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\js\background.js, Quarantined, [2200], [443384],1.0.3189
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\index.html, Quarantined, [2200], [443384],1.0.3189
PUP.Optional.BrowserModule, C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GHI36HI7.DEFAULT\CHROME\USERCONTENT.CSS, Quarantined, [2200], [389741],1.0.3189

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Sorry for the late reply.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by HP (administrator) on HP-PC (07-11-2017 07:25:12)
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP)
Platform: Windows 10 Education 10240.17146 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
() F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\erlsrv.exe
(Trace Software International) F:\Solidworks Crop\SolidWorks Electrical\server\EwServer.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Mentor Graphics Corporation) F:\Solidworks Crop\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mentor Graphics Corporation) F:\Solidworks Crop\SolidWorks Flow Simulation\binCFW\dispatcher.exe
() F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\erl.exe
() F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\epmd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() F:\emqttd-windows-1.1.3-20160819\emqttd\lib\os_mon-2.4\priv\bin\win32sysinfo.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Dassault Systèmes SolidWorks Corp.) F:\Solidworks Crop\SolidWorks\sldworks_fs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-06-19] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-07-18] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229080 2015-06-02] (Realtek Semiconductor Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-24] (Intel Corporation)
HKLM\...\Run: [TortoiseHgOverlayIconServer] => C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe [100304 2016-08-02] ()
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-31] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [425608 2014-10-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-09] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-02] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [10518728 2017-03-17] (FreeDownloadManager.org)
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\Run: [NetClick] => C:\Program Files (x86)\Alcine\Alcine\NetClick.exe
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\Run: [Win64svc] => klk.tmp
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {0a99933d-65dc-11e6-9bf7-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {0a999612-65dc-11e6-9bf7-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {0a999643-65dc-11e6-9bf7-30f772559e56} - "H:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {0f702d10-2597-11e6-9bd0-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {1d9ab83f-8de9-11e6-9c01-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {4620ed43-30b9-11e6-9bd1-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {4c87e0c5-937d-11e6-9c03-30f772559e56} - "G:\autorun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {4ca7eb51-4829-11e7-9c43-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {4ca7eb8a-4829-11e7-9c43-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {4e1d0adf-2e67-11e6-9bd0-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {57500d21-c338-11e6-9c12-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {5bbe1516-7981-11e7-9c48-30f772559e56} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {5bbe15e5-7981-11e7-9c48-30f772559e56} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {6313d172-b4fe-11e7-9c55-30f772559e56} - "H:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {692decc5-e60b-11e6-9c1e-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {7634e9f4-3086-11e7-9c35-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {7a84c40c-f36e-11e6-9c21-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {7e8a6f4e-d4d4-11e6-9c1b-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {7e8a6fc2-d4d4-11e6-9c1b-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {7e8a75a5-d4d4-11e6-9c1b-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {7e8a762f-d4d4-11e6-9c1b-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {7e8a7669-d4d4-11e6-9c1b-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {831a8e36-1a63-11e6-9bce-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {831a8eed-1a63-11e6-9bce-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {86524710-59a9-11e7-9c45-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {8fbf0c20-667c-11e6-9bf8-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {90e8879c-3ef2-11e7-9c39-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {b103cf38-1844-11e7-9c2c-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {be91193f-647f-11e6-9bf7-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {c448f96e-f1cf-11e6-9c1f-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {c448f9e1-f1cf-11e6-9c1f-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {c67131af-2385-11e7-9c2f-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {c6713206-2385-11e7-9c2f-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {c8b4b621-da6b-11e6-9c1c-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {c8b4c3c0-da6b-11e6-9c1c-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {cbb69c05-9a94-11e6-9c04-30f772559e56} - "G:\AutoRun.exe" 
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\MountPoints2: {fe1dffe8-687b-11e6-9bfa-30f772559e56} - "G:\AutoRun.exe" 
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk [2016-08-15]
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk [2016-08-15]
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1537731487-1420144315-2392882313-1002] => cache2.mrt.ac.lk:3128
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{a97d5d3b-ece3-4412-b53b-72ecf015fecd}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{e72978e5-3091-4d5f-8b7e-e7902fd441db}: [DhcpNameServer] 192.248.8.97

Internet Explorer:
==================
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-06] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-06] (Oracle Corporation)
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ghi36hi7.default
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ghi36hi7.default [2017-11-02]
FF user.js: detected! => C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ghi36hi7.default\user.js [2017-07-12]
FF Homepage: Mozilla\Firefox\Profiles\ghi36hi7.default -> hxxp://www.laptop.lk/
FF Extension: (Firefox Hotfix) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ghi36hi7.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-21]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2015-10-17] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-06] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-06-26] (DigitalPersona, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-08-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-08-18] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-11-07]
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2017-03-28]
CHR Extension: (Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-15]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-15]
CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-17]
CHR Extension: (Postman) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2017-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-15]
CHR Extension: (AdBlock) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-21]
CHR Extension: (MQTTBox) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaajoficamnjijhkeomgfljpicifbkaf [2017-05-10]
CHR Extension: (HP Client Security Manager) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-06-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-31] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-31] (AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [117976 2015-06-02] ()
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-03-21] (Microsoft Corporation)
S3 CoordinatorServiceHost; F:\solidworks crop\SolidWorks\swScheduler\DTSCoordinatorService.exe [76328 2014-06-12] (Dassault Systèmes SolidWorks Corp.)
S2 Dialog Mobile Broadband. RunOuc; C:\Program Files (x86)\Dialog Mobile Broadband\UpdateDog\ouc.exe [655712 2017-06-03] ()
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11071208 2015-07-07] (DisplayLink Corp.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-07-28] (DigitalPersona, Inc.)
R2 emqttd01d251220fbe3fb0; F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\erlsrv.exe [226304 2016-08-19] () [File not signed]
R2 ewserver; F:\solidworks crop\SolidWorks Electrical\server\EwServer.exe [193024 2014-06-11] (Trace Software International) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-02] (Hewlett-Packard Development Company, L.P.)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-24] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370072 2016-06-10] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-06-19] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 RemoteSolverDispatcher; F:\solidworks crop\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [235656 2014-06-11] (Mentor Graphics Corporation) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [298200 2015-07-22] (Realtek Semiconductor)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2016-08-15] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SolidWorks Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246872 2017-08-16] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362920 2016-09-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [321032 2017-10-31] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-10-31] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-10-31] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-10-31] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47008 2017-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147776 2017-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-10-31] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-10-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1029872 2017-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [587168 2017-10-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [201352 2017-10-31] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [363440 2017-10-31] (AVAST Software)
S3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-10-01] (Samsung Electronics Co., Ltd.)
S3 dmodusb; C:\Windows\System32\drivers\dmodusb.sys [32768 2008-12-17] (Windows (R) Codename Longhorn DDK provider)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-01] ()
S3 huawei_wwanecm; C:\Windows\System32\drivers\ew_juwwanecm.sys [238080 2017-06-03] (Huawei Technologies Co., Ltd.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-05-27] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193464 2017-11-06] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2017-11-06] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2017-11-06] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-06] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2017-11-06] (Malwarebytes)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896768 2016-06-10] (Realtek )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [598272 2015-05-21] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [772336 2016-06-10] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-05-28] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4629744 2016-06-10] (Realtek Semiconductor Corporation )
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [760832 2016-06-16] (Sunplus)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-10-03] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [165504 2016-10-09] (Samsung Electronics Co., Ltd.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [22528 2015-11-25] (Microsoft Corporation)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2016-12-20] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [254976 2013-10-14] (Jungo)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-24] (HP Inc.)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2013-10-14] (Xilinx, Inc.)
S3 xrusbser; C:\Windows\system32\DRIVERS\xrusbser.sys [55808 2014-12-11] (Exar Corporation)
S3 hwusb_cdcacm; \SystemRoot\system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_wwanecm; \SystemRoot\System32\drivers\ew_wwanecm.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-07 07:25 - 2017-11-07 07:27 - 000032281 _____ C:\Users\HP\Desktop\FRST.txt
2017-11-07 07:21 - 2017-11-07 07:22 - 000001078 _____ C:\Windows\system32dbgraw.bmp
2017-11-07 07:21 - 2017-11-07 07:21 - 000016148 _____ C:\Windows\system32\HP-PC_HP_HistoryPrediction.bin
2017-11-06 21:30 - 2017-11-06 21:32 - 000014506 ____H C:\Users\HP\Desktop\~WRL2844.tmp
2017-11-06 21:04 - 2017-11-06 21:04 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-11-06 19:06 - 2017-11-07 07:28 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-06 19:06 - 2017-11-06 19:06 - 000193464 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-11-06 19:05 - 2017-11-06 21:04 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-06 19:05 - 2017-11-06 19:05 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-06 19:05 - 2017-11-06 19:05 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-06 19:05 - 2017-11-06 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-06 19:05 - 2017-11-06 19:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-06 19:05 - 2017-11-06 19:05 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-06 19:05 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-06 19:02 - 2017-11-06 19:04 - 078346672 _____ (Malwarebytes ) C:\Users\HP\Desktop\mb3-setup-consumer-3.3.1.2183.exe
2017-11-06 18:00 - 2017-11-06 18:00 - 000002050 _____ C:\Users\HP\Desktop\fixlist (2).txt
2017-11-06 16:53 - 2017-11-06 17:07 - 000000413 _____ C:\Users\HP\Desktop\Search.txt
2017-11-06 16:51 - 2017-11-06 16:51 - 002403328 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2017-11-06 08:55 - 2017-11-06 08:55 - 000239205 _____ C:\Users\HP\Desktop\S8(_13)-Draft exam time table.pdf
2017-11-02 15:13 - 2017-11-07 07:25 - 000000000 ____D C:\FRST
2017-11-01 18:48 - 2017-11-01 18:53 - 000000000 ____D C:\GeneXproTools 50
2017-10-31 23:18 - 2017-11-01 18:47 - 000000000 ____D C:\Program Files (x86)\GeneXproTools 50
2017-10-31 23:04 - 2017-10-31 23:04 - 000000000 ___HD C:\$AV_ASW
2017-10-31 22:57 - 2017-10-31 22:57 - 000000000 ____D C:\Users\HP\AppData\Roaming\AVAST Software
2017-10-31 22:56 - 2017-10-31 22:56 - 000061304 _____ () C:\Windows\system32\Drivers\lpsport.sys
2017-10-31 22:56 - 2017-10-31 22:56 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-10-31 22:55 - 2017-10-31 22:56 - 001029872 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-10-31 22:55 - 2017-10-31 22:55 - 000003994 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-10-31 22:55 - 2017-10-31 22:54 - 000587168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-10-31 22:55 - 2017-10-31 22:54 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-10-31 22:55 - 2017-10-31 22:54 - 000363440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-10-31 22:55 - 2017-10-31 22:54 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-10-31 22:55 - 2017-10-31 22:54 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-10-31 22:55 - 2017-10-31 22:54 - 000201352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-10-31 22:55 - 2017-10-31 22:54 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-10-31 22:55 - 2017-10-31 22:54 - 000147776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-10-31 22:55 - 2017-10-31 22:54 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-10-31 22:55 - 2017-10-31 22:54 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-10-31 22:55 - 2017-10-31 22:54 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-10-31 22:55 - 2017-10-31 22:54 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-10-31 22:46 - 2017-10-31 22:46 - 000000000 ____D C:\Program Files\AVAST Software
2017-10-31 22:43 - 2017-10-31 22:49 - 000004126 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1509470030
2017-10-31 22:43 - 2017-10-31 22:43 - 000000000 ____D C:\Users\HP\AppData\Roaming\Opera Software
2017-10-31 22:43 - 2017-10-31 22:43 - 000000000 ____D C:\Users\HP\AppData\Local\Opera Software
2017-10-31 22:42 - 2017-11-01 18:21 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-31 22:25 - 2017-11-03 06:01 - 000000000 ____D C:\Users\HP\AppData\Roaming\fc986991e4c54c70e9796660d53ea9b4
2017-10-31 22:24 - 2017-11-06 21:01 - 000000000 ____D C:\Windows\System32\Tasks\System
2017-10-31 22:24 - 2017-10-31 22:24 - 000000000 ____D C:\Program Files (x86)\Ljoo
2017-10-31 22:24 - 2017-10-31 22:24 - 000000000 ____D C:\Program Files (x86)\AstiCon
2017-10-31 20:54 - 2017-11-01 18:53 - 000000000 ____D C:\Users\HP\AppData\Local\GeneXproTools 5.0
2017-10-31 20:32 - 2017-10-31 20:32 - 000000000 ____D C:\Users\HP\AppData\Local\{AF087A1B-40B0-4FB9-ABEE-77D62957CBD9}
2017-10-21 18:10 - 2017-10-21 18:10 - 000280864 _____ C:\Windows\Minidump\102117-21968-01.dmp
2017-10-20 00:20 - 2017-10-20 00:21 - 000584712 _____ C:\Windows\Minidump\102017-21828-01.dmp
2017-10-11 17:13 - 2017-10-11 17:13 - 000000000 ____D C:\Program Files\Synaptics
2017-10-11 17:12 - 2017-10-11 17:12 - 000000000 ____D C:\ProgramData\Synaptics
2017-10-11 16:38 - 2017-10-11 16:38 - 000000000 ____D C:\Users\HP\AppData\Roaming\Synaptics
2017-10-11 16:30 - 2017-10-11 16:30 - 000000000 ____D C:\Windows\LastGood.Tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-06 21:06 - 2017-03-28 18:38 - 000000000 ____D C:\Users\HP\AppData\Local\Free Download Manager
2017-11-06 21:05 - 2016-09-09 12:05 - 000000000 ____D C:\Users\HP\AppData\Roaming\TortoiseHg
2017-11-06 21:04 - 2015-10-17 21:22 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-11-06 21:04 - 2015-10-17 21:22 - 000000000 __SHD C:\Users\HP\IntelGraphicsProfiles
2017-11-06 21:03 - 2015-07-10 17:51 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-06 21:02 - 2015-07-10 14:35 - 000131072 ___SH C:\Windows\system32\config\BBI
2017-11-06 16:22 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\AppReadiness
2017-11-06 16:21 - 2017-08-06 07:08 - 000000000 ____D C:\Users\HP\Desktop\draft
2017-11-06 16:20 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\system32\NDF
2017-11-06 16:11 - 2015-10-17 22:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-06 10:48 - 2015-10-06 00:34 - 001050596 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-06 10:48 - 2015-07-10 16:32 - 000000000 ____D C:\Windows\INF
2017-11-06 10:41 - 2016-05-18 20:50 - 000004142 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9CA0E6B2-A686-4B10-AF31-369FBD2A2DF8}
2017-11-06 09:30 - 2015-10-17 20:14 - 000000000 ____D C:\Users\HP\AppData\Local\Packages
2017-11-05 17:05 - 2015-07-10 16:34 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-02 17:45 - 2017-08-07 14:51 - 000000000 ____D C:\KMPlayer
2017-11-02 17:39 - 2015-10-17 22:03 - 000000000 ____D C:\Program Files\WinRAR
2017-11-02 17:38 - 2015-10-17 20:13 - 000000000 ____D C:\Users\HP
2017-11-02 15:27 - 2016-05-15 17:40 - 000000000 ____D C:\Users\HP\AppData\LocalLow\Temp
2017-11-02 08:47 - 2015-10-17 22:03 - 000000000 ____D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-02 08:47 - 2015-10-17 22:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-01 21:51 - 2015-10-17 20:16 - 000000000 ___RD C:\Users\HP\OneDrive
2017-10-31 21:16 - 2016-10-22 06:19 - 000000000 ____D C:\Users\HP\AppData\Local\ElevatedDiagnostics
2017-10-21 18:10 - 2016-06-24 21:43 - 000000000 ____D C:\Windows\Minidump
2017-10-20 06:29 - 2015-07-10 16:34 - 000000000 ____D C:\Windows\LiveKernelReports
2017-10-20 00:45 - 2017-05-04 10:38 - 000000000 ____D C:\Users\HP\.matplotlib
2017-10-16 05:34 - 2016-06-17 05:58 - 000000000 ____D C:\Users\HP\Documents\MATLAB
2017-10-11 17:11 - 2015-10-17 20:52 - 000000000 ____D C:\SwSetup

==================== Files in the root of some directories =======

2016-09-28 13:33 - 2017-09-14 05:43 - 000000122 _____ () C:\Users\HP\AppData\Roaming\Camdata.ini
2016-09-28 13:33 - 2017-09-14 05:43 - 000000408 _____ () C:\Users\HP\AppData\Roaming\CamLayout.ini
2016-09-28 13:33 - 2017-09-14 05:43 - 000000408 _____ () C:\Users\HP\AppData\Roaming\CamShapes.ini
2016-09-28 13:33 - 2017-09-14 05:43 - 000004536 _____ () C:\Users\HP\AppData\Roaming\CamStudio.cfg
2016-09-28 13:30 - 2016-09-28 14:43 - 000000098 _____ () C:\Users\HP\AppData\Roaming\CamStudio.Producer.command
2016-09-28 13:30 - 2016-09-28 14:49 - 000000000 _____ () C:\Users\HP\AppData\Roaming\CamStudio.Producer.Data.ini
2016-09-28 13:30 - 2016-09-28 14:49 - 000001206 _____ () C:\Users\HP\AppData\Roaming\CamStudio.Producer.ini
2016-09-28 13:27 - 2017-09-13 22:30 - 000000096 _____ () C:\Users\HP\AppData\Roaming\version2.xml
2015-10-17 21:38 - 2017-11-07 07:23 - 049117111 _____ () C:\Users\HP\AppData\Local\BTServer.log
2016-11-22 19:46 - 2016-11-22 19:46 - 000000000 _____ () C:\Users\HP\AppData\Local\{3BB949B4-6262-4634-994B-E4A1110E481A}
2016-11-23 20:48 - 2016-11-23 20:48 - 000000000 _____ () C:\Users\HP\AppData\Local\{602E1D23-EB92-4A23-B0D6-2CA9EF4AFEC4}
2016-05-22 07:41 - 2016-05-22 07:41 - 000000000 _____ () C:\Users\HP\AppData\Local\{642F2E4A-EDA3-43A9-8905-85A513554AD0}
2016-11-25 06:28 - 2016-11-25 06:28 - 000000000 _____ () C:\Users\HP\AppData\Local\{663C9701-99D0-42A7-9704-11645669F6FE}

Files to move or delete:
====================
C:\Users\HP\.mongorc.js


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-03 19:59

==================== End of FRST.txt ============================

Link to post
Share on other sites

Sorry

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by HP (07-11-2017 07:28:40)
Running from C:\Users\HP\Desktop
Windows 10 Education 10240.17146 (X64) (2015-10-17 14:41:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1537731487-1420144315-2392882313-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1537731487-1420144315-2392882313-503 - Limited - Disabled)
Guest (S-1-5-21-1537731487-1420144315-2392882313-501 - Limited - Disabled)
HP (S-1-5-21-1537731487-1420144315-2392882313-1002 - Administrator - Enabled) => C:\Users\HP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (XAML) for Visual Studio (HKLM-x32\...\{0B5E43C7-965D-4AF4-A33E-5FA35B6660C8}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Bitvise SSH Client - FlowSshNet (x64) (HKLM\...\{3506D54C-E80F-41CE-B95A-91AE1C4DD486}) (Version: 5.38.0.0 - Bitvise Limited) Hidden
Bitvise SSH Client - FlowSshNet (x86) (HKLM-x32\...\{4B58203F-1E1E-494B-8265-B0030F9D641C}) (Version: 5.38.0.0 - Bitvise Limited) Hidden
Bitvise SSH Client 7.15 (remove only) (HKLM-x32\...\BvSshClient) (Version: 7.15 - Bitvise Limited)
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (HKLM\...\{F74753A3-C93C-34F5-A199-993CAF602B7D}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{05198C22-FFCE-374A-B190-9F18CC99DAEA}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{9347889B-C22A-3905-901F-C05D8F73C929}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Capture 9.2 Web Update 1 (HKLM-x32\...\Capture 9.2 Web Update 1) (Version:  - )
Capture 9.2 Web Update 2 (HKLM-x32\...\Capture 9.2 Web Update 2) (Version:  - )
Capture 9.2 Web Update 3 (HKLM-x32\...\Capture 9.2 Web Update 3) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CMake (HKLM\...\{1E0ACA60-46A7-48FE-AC05-96409B8FECE8}) (Version: 3.7.2 - Kitware)
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version:  - getcomposer.org)
Dialog Mobile Broadband (HKLM-x32\...\Dialog Mobile Broadband) (Version: 21.005.22.01.297 - Huawei Technologies Co.,Ltd)
DisplayLink Core Software (HKLM\...\{7BB949B9-EB47-47E4-814D-88F8CD301543}) (Version: 7.9.296.0 - DisplayLink Corp.)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version:  - FreeDownloadManager.ORG)
Git version 2.8.1 (HKLM\...\Git_is1) (Version: 2.8.1 - The Git Development Community)
GitHub (HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\5f7eb300e2ea4ebf) (Version: 3.3.4.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Heroku CLI (HKLM-x32\...\Heroku) (Version:  - )
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP AC Power Control (HKLM\...\{F819C151-FFEE-4F01-BE68-0D1F76574F44}) (Version: 1.0.6 - Hewlett-Packard)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.7.1864 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{445CC807-9384-47FA-A2B6-FFE970352B88}) (Version: 6.0.22.1 - Hewlett-Packard Company)
HP Port Replicator Software Installer (HKLM-x32\...\{6313BCDF-1109-4682-A19D-413189817787}) (Version: 1.3.46 - HP)
HP System Default Settings (HKLM-x32\...\{FFAC0DB6-995F-41E6-BEA8-AB7ACEA6B774}) (Version: 1.0.1 - HP)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP USB Port Replicator (HKLM\...\{98E2E48B-70CC-45D3-A12D-552E5EB719D4}) (Version: 7.9.339.0 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
HyperTerminal Private Edition v7.0 (HKLM-x32\...\HTPE3) (Version:  - )
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{08B90A20-95D3-4725-84B9-AF6553E06C4F}) (Version: 5.0.10.2850 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IntelliJ IDEA 2016.3.2 (HKLM-x32\...\IntelliJ IDEA 2016.3.2) (Version: 163.10154.41 - JetBrains s.r.o.)
ITK-SNAP (HKLM-x32\...\ITK-SNAP 3.6) (Version: 0.1.1 - Humanity)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
JavaScript Tooling (HKLM\...\{2044FC4C-4EA3-4113-BC1E-962DF568D201}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
JetBrains PhpStorm 2016.3.1 (HKLM-x32\...\PhpStorm 2016.3.1) (Version: 163.9735.1 - JetBrains s.r.o.)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.1.4 - PandoraTV)
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
MADHURA Dictionary (HKLM-x32\...\{D304902E-33A0-4622-A375-C805C7F13231}) (Version:  - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
MicroDicom DICOM viewer 2.0.0 (HKLM-x32\...\MicroDicom) (Version: 2.0.0 - MicroDicom)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{9e6e5a9b-6f0e-40ff-84fb-19cab458402e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
MongoDB 3.4.1 2008R2Plus SSL (64 bit) (HKLM\...\{73ABC2FA-8E94-49E7-8FE9-EA4349DD4557}) (Version: 3.4.1 - MongoDB)
Node.js (HKLM\...\{672B5547-D20B-4D19-9BFD-B93C32BC77DA}) (Version: 6.9.1 - Node.js Foundation)
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Orcad Family Release 9.2 Standalone (HKLM-x32\...\Orcad Family Release 9.2 Standalone) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PuTTY (HKLM-x32\...\{ED9EF59B-0799-428E-823D-6D2B7B4FE2E0}) (Version: 0.67.0.0 - Simon Tatham)
Python 3.5.2 (64-bit) (HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\{d46281ac-f66b-4246-8cfe-34f61512982f}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 (Anaconda3 4.2.0 64-bit) (HKLM\...\Python 3.5.2 (Anaconda3 4.2.0 64-bit)) (Version: 4.2.0 - Continuum Analytics, Inc.)
Python 3.5.2 Add to Path (64-bit) (HKLM\...\{2364A926-B4AC-4EA5-9838-BE88C2930E38}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (64-bit) (HKLM\...\{E151A5E4-D373-4388-82FB-0C9F5F6CFB76}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit) (HKLM\...\{5397E020-59CB-43BF-A0FE-32B26DE98187}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (64-bit) (HKLM\...\{911FCD3E-A42F-472C-983A-0518799BFE7D}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit) (HKLM\...\{24C31CC2-A8F2-417E-A61B-5E682D39893B}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (64-bit) (HKLM\...\{A74E3253-CB6C-4214-8964-FFCEB37DB5D8}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit) (HKLM\...\{976C50E6-00DF-40A6-9E59-70A4F3EF4E32}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit) (HKLM\...\{A4B31C78-C884-4B36-BDE4-FBAD3A2A1C7E}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit) (HKLM\...\{7BA8A393-A7EB-4529-8A63-D7A4502C0D24}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (64-bit) (HKLM\...\{E5642976-7F8E-41C1-A249-419B809CA2A8}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{0276F61C-30FC-46D4-BEFE-0EA959C4D691}) (Version: 3.5.2121.0 - Python Software Foundation)
Python Tools Redirection Template (HKLM-x32\...\{EE541DCE-3018-4A12-B0A3-7C55D62B3D01}) (Version: 1.1 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.40 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.97 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.50 - REALTEK Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
SharePoint Client Components (HKLM\...\{95150001-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
SolidWorks 2014 x64 Edition SP04 (HKLM\...\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}) (Version: 22.140.54 - SolidWorks) Hidden
SolidWorks 2014 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20140-40400-1100-100) (Version: 22.4.0.54 - SolidWorks Corporation)
SolidWorks Composer 2014 SP04 x64 Edition (HKLM\...\{EB45AA0F-96A7-4583-9E6F-6CA4DCFE67CE}) (Version: 22.40.54 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP04 (HKLM\...\{A0F1DEF1-C71B-4D60-9337-8BC4EF2F2E64}) (Version: 14.4.105 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Electrical 2014 SP04 x64 Edition (HKLM\...\{3F08399F-67CD-4950-AED0-64A9590FE626}) (Version: 22.40.54 - DS SolidWorks) Hidden
SolidWorks Explorer 2014 SP04 x64 Edition (HKLM\...\{0C10FAF1-35D5-416A-B7C1-4168ED9485FA}) (Version: 22.40.54 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2014 SP04 x64 Edition  (HKLM\...\{4DC5DE7E-E67D-4A2B-8E67-EB7B28045247}) (Version: 22.40.55 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2014 SP04 x64 Edition (HKLM\...\{104E8BAF-2E2A-4467-A5C0-92ED92F26547}) (Version: 22.40.54 - SolidWorks Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
TortoiseHg 3.9.0 (x64) (HKLM\...\{08206440-5C30-4E76-BD9D-CEAF3F8DECD2}) (Version: 3.9.0 - Steve Borho and others)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version:  - Microsoft)
UpdateAssistant (HKLM-x32\...\{139493B2-F1BC-4F05-A974-B49297C1EB04}) (Version: 1.1.0.0 - Microsoft Corporation) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{F5850B80-27F9-406E-91D3-1329F813BA63}) (Version: 4.5.130.0 - Validity Sensors, Inc.)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Exar Corporation (xrusbser) Ports  (11/18/2014 2.2.0.0) (HKLM\...\02010BBD0422AFC8BD27D0F5799FA7C5ED0461D1) (Version: 11/18/2014 2.2.0.0 - Exar Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Video Editor(Build 5.0.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
Workflow Manager Client 1.0 (HKLM\...\{199C6892-5DED-409B-88B2-3BE6421552B2}) (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{E1F79421-EC32-437F-8525-ABE902C85AC5}) (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
Xilinx Design Tools  ISE Design Suite System Edition 14.7 (E:\Xilinx\14.7\ISE_DS) (HKLM\...\Xilinx Design Tools ISE Design Suite System Edition 14.7) (Version:  - Xilinx, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1537731487-1420144315-2392882313-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1537731487-1420144315-2392882313-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1537731487-1420144315-2392882313-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-31] (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-31] (AVAST Software)
ContextMenuHandlers1: [TortoiseHgCMenu] -> {46605027-5B8C-4DCE-BFE0-051B7972D64C} => C:\Program Files\TortoiseHg\ThgShellx64.dll [2016-08-02] (TortoiseHg Project)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [TortoiseHgCMenu] -> {46605027-5B8C-4DCE-BFE0-051B7972D64C} => C:\Program Files\TortoiseHg\ThgShellx64.dll [2016-08-02] (TortoiseHg Project)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-31] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [TortoiseHgCMenu] -> {46605027-5B8C-4DCE-BFE0-051B7972D64C} => C:\Program Files\TortoiseHg\ThgShellx64.dll [2016-08-02] (TortoiseHg Project)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-10] (Intel Corporation)
ContextMenuHandlers5: [TortoiseHgCMenu] -> {46605027-5B8C-4DCE-BFE0-051B7972D64C} => C:\Program Files\TortoiseHg\ThgShellx64.dll [2016-08-02] (TortoiseHg Project)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-31] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [TortoiseHgCMenu] -> {46605027-5B8C-4DCE-BFE0-051B7972D64C} => C:\Program Files\TortoiseHg\ThgShellx64.dll [2016-08-02] (TortoiseHg Project)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {075F58BC-4BD0-4EF0-8B82-2226CD241A6A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1E45AA4B-F2A7-4BA9-8AD1-7D50703DF9E3} - System32\Tasks\{D3420168-C2F1-4407-B93C-6B3C88BEC09C} => C:\Windows\system32\pcalua.exe -a C:\Xilinx\14.7\ISE_DS/.xinstall/bin/nt64/xsetup.exe -c -uninstall
Task: {22C574F4-2796-4A26-A990-12835A4F3BC9} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {3779795A-8B5D-41F3-B192-645B500CADCB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-31] (AVAST Software)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
Task: {610E7A85-6DE5-436A-9463-AC41024D0893} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-17] (Google Inc.)
Task: {6837F902-1EF7-44B3-B892-0950FE1CE991} - System32\Tasks\Opera scheduled Autoupdate 1509470030 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe
Task: {6EDB2737-8B1F-46DE-9F9B-F085355F391F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {79CCD30B-E967-4303-A875-8AFC6A641688} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {802B9C18-9642-42FA-AFC5-E04262DB805C} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2017-03-17] (FreeDownloadManager.org)
Task: {84343A5D-A431-4254-B292-BDF203AC1408} - \DecHP -> No File <==== ATTENTION
Task: {C5172459-07BE-4AE0-8C29-2710F43C414D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-17] (Google Inc.)
Task: {E0615BA8-772D-433F-9E46-EF1EFA436D2A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\MQTTBox.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kaajoficamnjijhkeomgfljpicifbkaf
ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop

==================== Loaded Modules (Whitelisted) ==============

2015-10-05 22:04 - 2015-10-05 22:04 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2014-05-28 21:44 - 2014-05-28 21:44 - 000336056 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2017-03-28 18:38 - 2017-03-17 18:36 - 000029696 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll
2016-08-15 17:05 - 2005-03-12 01:07 - 000087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2017-11-06 19:05 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-06 19:05 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2014-06-19 05:48 - 2014-06-19 05:48 - 000209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-06-19 05:48 - 2014-06-19 05:48 - 000057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-06-19 05:48 - 2014-06-19 05:48 - 000057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-06-19 05:48 - 2014-06-19 05:48 - 000037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2016-09-21 10:08 - 2016-09-07 09:59 - 000404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2016-12-01 13:51 - 2016-08-19 20:41 - 000226304 _____ () F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\erlsrv.exe
2015-10-17 21:37 - 2015-06-02 22:55 - 000117976 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2016-12-01 13:51 - 2016-08-19 20:41 - 000120320 _____ () F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\erl.exe
2016-12-01 13:51 - 2016-08-19 20:41 - 000161280 _____ () F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\erlexec.dll
2016-12-01 13:51 - 2016-08-19 20:41 - 002955776 _____ () F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\beam.smp.dll
2016-12-01 13:51 - 2016-08-19 20:41 - 000045056 _____ () F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\epmd.exe
2016-11-06 18:30 - 2016-09-30 11:30 - 002495776 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 008898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-21 14:23 - 2016-06-10 12:23 - 000414120 _____ () C:\Windows\system32\igfxTray.exe
2015-10-05 22:06 - 2015-10-05 22:06 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-09-21 10:13 - 2016-09-07 09:43 - 006569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-21 10:08 - 2016-09-07 09:40 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-21 10:12 - 2016-09-07 09:40 - 001808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-05 22:06 - 2015-10-05 22:06 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-01 13:52 - 2016-08-19 20:42 - 000011264 _____ () f:\emqttd-windows-1.1.3-20160819\emqttd\lib\os_mon-2.4\priv\bin\win32sysinfo.exe
2016-08-02 10:49 - 2016-08-02 10:49 - 000100304 _____ () C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
2014-05-03 13:14 - 2014-05-03 13:14 - 000130048 _____ () C:\Program Files\TortoiseHg\lib\win32api.pyd
2014-05-03 13:12 - 2014-05-03 13:12 - 000137728 _____ () C:\Program Files\TortoiseHg\lib\pywintypes27.dll
2014-05-03 13:14 - 2014-05-03 13:14 - 000223744 _____ () C:\Program Files\TortoiseHg\lib\win32gui.pyd
2014-05-03 13:13 - 2014-05-03 13:13 - 000027648 _____ () C:\Program Files\TortoiseHg\lib\win32pipe.pyd
2014-05-03 13:13 - 2014-05-03 13:13 - 000023040 _____ () C:\Program Files\TortoiseHg\lib\win32event.pyd
2014-05-03 13:13 - 2014-05-03 13:13 - 000149504 _____ () C:\Program Files\TortoiseHg\lib\win32file.pyd
2014-05-03 13:13 - 2014-05-03 13:13 - 000136192 _____ () C:\Program Files\TortoiseHg\lib\win32security.pyd
2014-12-10 13:28 - 2014-12-10 13:28 - 000112128 _____ () C:\Program Files\TortoiseHg\lib\_ctypes.pyd
2014-05-03 13:13 - 2014-05-03 13:13 - 000045056 _____ () C:\Program Files\TortoiseHg\lib\win32process.pyd
2014-12-10 13:28 - 2014-12-10 13:28 - 000047616 _____ () C:\Program Files\TortoiseHg\lib\_socket.pyd
2014-12-10 13:28 - 2014-12-10 13:28 - 001745920 _____ () C:\Program Files\TortoiseHg\lib\_ssl.pyd
2016-08-02 10:41 - 2016-08-02 10:41 - 000010752 _____ () C:\Program Files\TortoiseHg\lib\mercurial.osutil.pyd
2014-12-10 13:28 - 2014-12-10 13:28 - 001152000 _____ () C:\Program Files\TortoiseHg\lib\_hashlib.pyd
2016-08-02 10:41 - 2016-08-02 10:41 - 000061440 _____ () C:\Program Files\TortoiseHg\lib\mercurial.parsers.pyd
2014-05-03 13:15 - 2014-05-03 13:15 - 000548864 _____ () C:\Program Files\TortoiseHg\lib\pythoncom27.dll
2014-05-03 13:17 - 2014-05-03 13:17 - 000522240 _____ () C:\Program Files\TortoiseHg\lib\win32com.shell.shell.pyd
2017-03-28 18:38 - 2017-02-05 12:24 - 002158592 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avformat-57.dll
2017-03-28 18:38 - 2017-02-05 12:24 - 000485376 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avutil-55.dll
2017-03-28 18:38 - 2017-02-05 12:24 - 012242432 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avcodec-57.dll
2017-03-28 18:38 - 2017-02-05 12:24 - 001825792 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\avfilter-6.dll
2017-03-28 18:38 - 2017-02-05 12:24 - 000662016 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swscale-4.dll
2017-03-28 18:38 - 2017-02-05 12:24 - 000138752 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\swresample-2.dll
2017-03-28 18:38 - 2017-03-17 18:36 - 000099328 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winunivappfeatures.dll
2017-03-28 18:38 - 2017-02-15 18:26 - 069756416 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libcef.dll
2017-03-28 18:38 - 2017-02-15 18:26 - 002323456 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libglesv2.dll
2017-03-28 18:38 - 2017-02-15 18:26 - 000094208 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\libegl.dll
2016-05-26 04:34 - 2016-05-26 04:34 - 000081920 _____ () E:\Anaconda3\Library\bin\zlib.dll
2014-06-12 07:30 - 2014-06-12 07:30 - 000276008 _____ () F:\Solidworks Crop\SolidWorks\sldBodyDiffu.dll
2017-10-31 22:54 - 2017-10-31 22:54 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-09-26 12:15 - 2017-09-21 12:59 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 12:15 - 2017-09-21 12:59 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-10-31 22:54 - 2017-10-31 22:54 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-31 22:54 - 2017-10-31 22:54 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-10-31 22:54 - 2017-10-31 22:54 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-31 22:54 - 2017-10-31 22:54 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-31 22:54 - 2017-10-31 22:54 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-31 22:54 - 2017-10-31 22:54 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-31 22:54 - 2017-10-31 22:56 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-09-05 21:59 - 2014-09-11 18:09 - 001498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-09-05 21:59 - 2014-05-19 17:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-06-24 13:37 - 2015-06-24 13:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 16:34 - 2016-07-26 09:24 - 000000851 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{97EF0CAF-32A8-43AA-9A91-FCF9CB7F2A91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C06703B6-264F-476E-ABBA-7BD96A0CC284}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E52F8E30-E407-48D1-967D-27454BAA9F9E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1CAB60CA-B39A-4E96-A115-CE67C37AD7FD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E6DEEC68-E176-4419-8B4A-B2942DB3C6F4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{3ECE93DA-1513-4AD5-A723-B0C7DBD936F7}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{9CA23345-7EC7-437A-9E46-1AD62F2642CD}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{D4B38232-0CC3-4D1B-8C05-9F981831125A}C:\xilinx\14.7\ise_ds\ise\bin\nt64\unwrapped\isimgui.exe] => (Allow) C:\xilinx\14.7\ise_ds\ise\bin\nt64\unwrapped\isimgui.exe
FirewallRules: [UDP Query User{0E6C95B5-F36A-4C16-BC45-C51066E2A4D4}C:\xilinx\14.7\ise_ds\ise\bin\nt64\unwrapped\isimgui.exe] => (Allow) C:\xilinx\14.7\ise_ds\ise\bin\nt64\unwrapped\isimgui.exe
FirewallRules: [TCP Query User{3A490223-A9FA-4093-895C-2A531449B765}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{9925148B-92DD-4FD6-8DB1-B28FB523F35A}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{F4890E7B-B8F1-4400-B91A-EBAC179CA2A4}] => (Allow) F:\Solidworks Crop\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{F4534D48-051B-47AA-91ED-46D56E5E04C5}] => (Allow) F:\Solidworks Crop\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{B57A803C-2D98-4692-A16F-087E456F7516}] => (Allow) F:\Solidworks Crop\SolidWorks\photoview\photoview360.exe
FirewallRules: [{EE279472-A092-4375-BBA0-044CE71561B1}] => (Allow) F:\Solidworks Crop\SolidWorks\photoview\photoview360.exe
FirewallRules: [{89CF907E-D88D-4CC8-A7F1-8CD069F3342C}] => (Allow) F:\Solidworks Crop\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{0BB737AC-0189-4E36-B5EA-6208C588CDF6}] => (Allow) F:\Solidworks Crop\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [TCP Query User{019C23EB-4689-40D1-A87C-1DF0C9F83B6E}C:\program files (x86)\jetbrains\phpstorm 9.0.2\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 9.0.2\bin\phpstorm.exe
FirewallRules: [UDP Query User{89881B90-8E14-4EF6-8ACF-B6773EB175C6}C:\program files (x86)\jetbrains\phpstorm 9.0.2\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 9.0.2\bin\phpstorm.exe
FirewallRules: [TCP Query User{2B33408D-6237-41E6-B66F-5EF26489B90F}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{1DF75E5F-FB21-4741-B944-EBF987BAF293}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{7ED664B1-C320-43C6-888A-CEA981947F9F}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [UDP Query User{A9DA11C2-8840-417F-A4C7-42C110F1CA1D}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [TCP Query User{F282F7F0-E0A3-4DEE-AA37-8F2DEB3A8BA5}C:\program files\java\jdk1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{43D5EB31-EDEA-4B77-A0AD-FB9A62B5AA43}C:\program files\java\jdk1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_101\bin\java.exe
FirewallRules: [TCP Query User{C689FC85-56AD-4E1D-BF8F-2F1FA469044E}F:\sonic visualiser\sonic visualiser.exe] => (Allow) F:\sonic visualiser\sonic visualiser.exe
FirewallRules: [UDP Query User{58F25F1B-3700-4485-B2CF-526644146AC8}F:\sonic visualiser\sonic visualiser.exe] => (Allow) F:\sonic visualiser\sonic visualiser.exe
FirewallRules: [TCP Query User{8F96480F-405F-495B-8DC5-A146816D7C71}E:\openfire\bin\openfired.exe] => (Allow) E:\openfire\bin\openfired.exe
FirewallRules: [UDP Query User{9D31A455-C5A1-46BE-9D98-BF929C435AD0}E:\openfire\bin\openfired.exe] => (Allow) E:\openfire\bin\openfired.exe
FirewallRules: [TCP Query User{743297BA-88BE-45D2-8D9D-E45194AA3C35}E:\xmpp_websocket_chatapp\openfire\bin\openfired.exe] => (Allow) E:\xmpp_websocket_chatapp\openfire\bin\openfired.exe
FirewallRules: [UDP Query User{825A9B25-A10E-475A-A5C2-275525020530}E:\xmpp_websocket_chatapp\openfire\bin\openfired.exe] => (Allow) E:\xmpp_websocket_chatapp\openfire\bin\openfired.exe
FirewallRules: [TCP Query User{8A2B8F44-8919-42AE-A49B-2292FAA8C035}C:\program files\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\java.exe
FirewallRules: [UDP Query User{E2C1EEC6-857C-45F2-9096-3358A4FDD62B}C:\program files\java\jre1.8.0_101\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\java.exe
FirewallRules: [TCP Query User{6F33811F-2EC4-4717-A6E1-0BD826FD2D8A}F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\epmd.exe] => (Allow) F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\epmd.exe
FirewallRules: [UDP Query User{4A005BE4-52C2-4C0A-BC70-0AB57FD2056D}F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\epmd.exe] => (Allow) F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\epmd.exe
FirewallRules: [TCP Query User{2CB11495-0993-4824-BFA6-98699D464A0F}F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\werl.exe] => (Allow) F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\werl.exe
FirewallRules: [UDP Query User{D67200E4-249A-4597-87B1-9C0661BCF700}F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\werl.exe] => (Allow) F:\emqttd-windows-1.1.3-20160819\emqttd\erts-7.3\bin\werl.exe
FirewallRules: [TCP Query User{C66040AE-EBCF-4831-B635-DD89A86633A1}F:\jetbrains\phpstorm 2016.3.1\bin\phpstorm64.exe] => (Allow) F:\jetbrains\phpstorm 2016.3.1\bin\phpstorm64.exe
FirewallRules: [UDP Query User{BB69E57F-2458-4741-B88D-5991F5A75CCF}F:\jetbrains\phpstorm 2016.3.1\bin\phpstorm64.exe] => (Allow) F:\jetbrains\phpstorm 2016.3.1\bin\phpstorm64.exe
FirewallRules: [TCP Query User{1C85FCC5-F90A-4537-B5E8-A85B4839028D}C:\users\hp\desktop\redis-2.4.5-win32-win64\64bit\redis-server.exe] => (Allow) C:\users\hp\desktop\redis-2.4.5-win32-win64\64bit\redis-server.exe
FirewallRules: [UDP Query User{FD01706D-B766-4E86-9E1E-1F2FCB655663}C:\users\hp\desktop\redis-2.4.5-win32-win64\64bit\redis-server.exe] => (Allow) C:\users\hp\desktop\redis-2.4.5-win32-win64\64bit\redis-server.exe
FirewallRules: [TCP Query User{D69E0EED-F0BB-4204-B44A-339E237BDFFD}F:\mongodb\bin\mongod.exe] => (Allow) F:\mongodb\bin\mongod.exe
FirewallRules: [UDP Query User{A6884157-F6D0-4E26-80F9-CA47CAE475C4}F:\mongodb\bin\mongod.exe] => (Allow) F:\mongodb\bin\mongod.exe
FirewallRules: [TCP Query User{547294D4-2BF7-41E2-8F06-E49197B8C8F7}F:\mongodb\bin\mongos.exe] => (Allow) F:\mongodb\bin\mongos.exe
FirewallRules: [UDP Query User{07471F75-7224-4108-B27F-988FDE214DE4}F:\mongodb\bin\mongos.exe] => (Allow) F:\mongodb\bin\mongos.exe
FirewallRules: [{3081CE89-69D6-46E0-9CF2-0FCC9525AC06}] => (Allow) LPort=350
FirewallRules: [{29813BC2-2BB3-4BC0-8D9D-3448388D7FD8}] => (Allow) E:\openfire\bin\openfired.exe
FirewallRules: [TCP Query User{F88D5EF0-D1DA-4F3F-9986-53A70193A76D}F:\solidworks crop\solidworks electrical\bin\solidworkselectrical.exe] => (Allow) F:\solidworks crop\solidworks electrical\bin\solidworkselectrical.exe
FirewallRules: [UDP Query User{D2DB6181-19F3-45C7-8B77-3C95E7CDD7F4}F:\solidworks crop\solidworks electrical\bin\solidworkselectrical.exe] => (Allow) F:\solidworks crop\solidworks electrical\bin\solidworkselectrical.exe
FirewallRules: [{33781C56-33EB-40D7-BB38-5F06B5903C4C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{F365944E-F6B5-4909-AF90-EA8AAA2E61A9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{14B2143D-8371-4F12-A052-F660A0DD7F35}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{825954FC-482C-4F74-8723-102DF5763CB4}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{43B3068C-68F3-4A64-9AE6-9F9CBD63279F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{1BA87497-1A3B-490A-9094-DB252DDC81EC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{3AB8A2D8-81B6-4D67-BDAE-B38EA9642128}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{9BE6B9D1-1204-48AD-9EB4-08A863D22760}] => (Allow) LPort=12292
FirewallRules: [{441ECF9E-3519-47BF-B2E8-23E7F16915F8}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{AD343EC4-7B3A-4C31-9116-69CCE55409D9}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [TCP Query User{DD7E4FDF-D768-4994-9CAB-934B14BFFC19}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Allow) C:\program files\freedownloadmanager.org\free download manager\fdm.exe
FirewallRules: [UDP Query User{A9020A5D-102F-4DCF-A121-13E8727565DC}C:\program files\freedownloadmanager.org\free download manager\fdm.exe] => (Allow) C:\program files\freedownloadmanager.org\free download manager\fdm.exe
FirewallRules: [{18B4F28A-B33C-49C5-964F-93B835B8A7E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F0A88A1E-8611-4696-B020-679BA5138993}] => (Allow) C:\Users\HP\AppData\Local\Programs\Opera\48.0.2685.32\opera.exe
FirewallRules: [{8678AC93-8807-41B6-A25A-E8A3E6CC8DB1}] => (Allow) C:\Users\HP\AppData\Local\Programs\Opera\48.0.2685.52\opera.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2017 06:30:43 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/07/2017 06:15:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/06/2017 05:52:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_invagent.dll, version: 10.0.10240.16384, time stamp: 0x559f39d6
Faulting module name: aeinv.dll, version: 10.0.10240.17146, time stamp: 0x57ede14a
Exception code: 0xc0000005
Fault offset: 0x000000000000b9b7
Faulting process id: 0x1df8
Faulting application start time: 0x01d356f9c7abac91
Faulting application path: C:\Windows\system32\rundll32.exe
Faulting module path: C:\Windows\system32\aeinv.dll
Report Id: 47f0b25e-9982-4a20-886c-2d23292b344a
Faulting package full name: 
Faulting package-relative application ID:

Error: (11/06/2017 05:51:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhostw.exe, version: 10.0.10240.16384, time stamp: 0x559f3982
Faulting module name: ntdll.dll, version: 10.0.10240.17113, time stamp: 0x57cf931a
Exception code: 0xc0000374
Fault offset: 0x00000000000eaa2c
Faulting process id: 0x1fc8
Faulting application start time: 0x01d356f9c6ee2437
Faulting application path: C:\Windows\system32\taskhostw.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: ca546521-77b3-4f8c-8ab4-cf2f57c3f4ee
Faulting package full name: 
Faulting package-relative application ID:

Error: (11/06/2017 10:39:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.10240.17113 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1280

Start Time: 01d356bcd27a10d1

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: 8e392ab8-c2b0-11e7-9c5e-30f772559e56

Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Error: (11/06/2017 10:38:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HP-PC)
Description: Package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

Error: (11/06/2017 10:37:21 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (11/06/2017 10:37:21 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "Outlook" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Error: (11/06/2017 10:37:20 AM) (Source: Perflib) (EventID: 1022) (User: )
Description: Windows cannot open the 64-bit extensible counter DLL Outlook in a 32-bit environment. Contact the file vendor to obtain a 32-bit version. Alternatively if you are running a 64-bit native environment, you can open the 64-bit extensible counter DLL by using the 64-bit version of Performance Monitor. To use this tool, open the Windows folder, open the System32 folder, and then start Perfmon.exe.

Error: (11/06/2017 09:30:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (11/07/2017 07:22:50 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 8 0x0 0x0

Error: (11/07/2017 07:22:40 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 4 0x0 0x0

Error: (11/07/2017 07:22:40 AM) (Source: RTWlanE) (EventID: 5002) (User: )
Description: Realtek RTL8723BE 802.11 b/g/n Wi-Fi Adapter : Has determined that the network adapter is not functioning properly.

Error: (11/07/2017 07:22:40 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 1 0xc 0x4

Error: (11/06/2017 09:04:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HWDeviceService64.exe service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/06/2017 09:04:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dialog Mobile Broadband. OUC service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (11/06/2017 09:04:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dialog Mobile Broadband. OUC service to connect.

Error: (11/06/2017 09:02:23 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The SolidWorks Electrical Collaborative Server service has reported an invalid current state 0.

Error: (11/06/2017 09:02:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WWAN AutoConfig service terminated with the following error: 
Overlapped I/O operation is in progress.

Error: (11/06/2017 09:02:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2017-10-31 23:13:49.591
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-27 18:04:39.292
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-21 19:38:07.479
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-21 14:44:24.698
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-21 08:26:40.764
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-11 17:57:46.912
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-03 19:36:57.471
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-10-01 08:02:46.720
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-20 18:21:06.297
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-06 18:52:02.714
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 80%
Total physical RAM: 3987.11 MB
Available physical RAM: 787.5 MB
Total Virtual: 5267.11 MB
Available Virtual: 1509.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:81.76 GB) (Free:16.41 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:104.27 GB) (Free:11.1 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:164.98 GB) (Free:8.56 GB) NTFS
Drive h: (HDNU) (Removable) (Total:14.9 GB) (Free:1.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 90C64365)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=81.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=260.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 098BDA57)
Partition 1: (Active) - (Size=14.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Alright, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

fixlist.txt

Link to post
Share on other sites

Wow, I think it has gone now. Thank you so much Aura helping me. :) It bothered me more than 4, 5 days. Here is the log content. Btw may I know how did you wrote the fixlist.txt file?

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by HP (07-11-2017 20:29:35) Run:2
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\Run: [NetClick] => C:\Program Files (x86)\Alcine\Alcine\NetClick.exe
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\...\Run: [Win64svc] => klk.tmp
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

ProxyServer: [S-1-5-21-1537731487-1420144315-2392882313-1002] => cache2.mrt.ac.lk:3128

BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File

Task: {1E45AA4B-F2A7-4BA9-8AD1-7D50703DF9E3} - System32\Tasks\{D3420168-C2F1-4407-B93C-6B3C88BEC09C} => C:\Windows\system32\pcalua.exe -a C:\Xilinx\14.7\ISE_DS/.xinstall/bin/nt64/xsetup.exe -c -uninstall
Task: {22C574F4-2796-4A26-A990-12835A4F3BC9} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {84343A5D-A431-4254-B292-BDF203AC1408} - \DecHP -> No File <==== ATTENTION

C:\Program Files (x86)\Alcine
C:\Users\HP\.mongorc.js
C:\Users\HP\AppData\Local\{AF087A1B-40B0-4FB9-ABEE-77D62957CBD9}
C:\Users\HP\AppData\Local\{3BB949B4-6262-4634-994B-E4A1110E481A}
C:\Users\HP\AppData\Local\{602E1D23-EB92-4A23-B0D6-2CA9EF4AFEC4}
C:\Users\HP\AppData\Local\{642F2E4A-EDA3-43A9-8905-85A513554AD0}
C:\Users\HP\AppData\Local\{663C9701-99D0-42A7-9704-11645669F6FE}
C:\Users\HP\AppData\Roaming\fc986991e4c54c70e9796660d53ea9b4

EmptyTemp:
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\Software\Microsoft\Windows\CurrentVersion\Run\\NetClick => value removed successfully
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Win64svc => value removed successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-1537731487-1420144315-2392882313-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key removed successfully
HKLM\Software\Classes\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E45AA4B-F2A7-4BA9-8AD1-7D50703DF9E3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E45AA4B-F2A7-4BA9-8AD1-7D50703DF9E3} => key removed successfully
C:\Windows\System32\Tasks\{D3420168-C2F1-4407-B93C-6B3C88BEC09C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D3420168-C2F1-4407-B93C-6B3C88BEC09C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22C574F4-2796-4A26-A990-12835A4F3BC9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22C574F4-2796-4A26-A990-12835A4F3BC9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84343A5D-A431-4254-B292-BDF203AC1408} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84343A5D-A431-4254-B292-BDF203AC1408} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DecHP => key removed successfully
"C:\Program Files (x86)\Alcine" => not found.
C:\Users\HP\.mongorc.js => moved successfully
C:\Users\HP\AppData\Local\{AF087A1B-40B0-4FB9-ABEE-77D62957CBD9} => moved successfully
C:\Users\HP\AppData\Local\{3BB949B4-6262-4634-994B-E4A1110E481A} => moved successfully
C:\Users\HP\AppData\Local\{602E1D23-EB92-4A23-B0D6-2CA9EF4AFEC4} => moved successfully
C:\Users\HP\AppData\Local\{642F2E4A-EDA3-43A9-8905-85A513554AD0} => moved successfully
C:\Users\HP\AppData\Local\{663C9701-99D0-42A7-9704-11645669F6FE} => moved successfully
C:\Users\HP\AppData\Roaming\fc986991e4c54c70e9796660d53ea9b4 => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 150734281 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1272 B
Edge => 0 B
Chrome => 284926227 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 3266 B
NetworkService => 0 B
HP => 53528400 B

RecycleBin => 0 B
EmptyTemp: => 466.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:30:17 ====

 

Link to post
Share on other sites

Glad to learn that the issue is gone :)

Quote

Btw may I know how did you wrote the fixlist.txt file?

This is done by taking entries from the FRST logs (FRST.txt and Addition.txt) and crafting a special fixlist with them.

http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Check the following options :
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Once all the options mentionned above are checked, click on Run
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply

Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eF2jhaz.pngUCheck, eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Anti-Virus

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-Malware, Anti-Exploit and Anti-Ransomware

Having a decent security setup (which also includes an Antivirus) is the most crucial step to protect a system. These programs are additional layers of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Fortunately, the new Malwarebytes 3 bundle all these layers in one, easy to use and efficient product. Malwarebytes 3 offers Malware, Web, Exploit and Ransomware protection modules that works together in order to keep your system protected and stop an infection at multiple level.

  • j1Bynr2.pngMalwarebytes - Comes with a free trial of the Premium version for 14 days, after which it reverts back to the Free version

Note: Please note that only the Premium version of Malwarebytes 3 offers real-time protection (Malware, Web, Exploit and Ransomware). The free version only allows you to scan your system for threats and remove them.

Firewall

Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.

  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages)
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. 

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :


gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.