dllhost.exe COM Surrogate /Processid:{49A33422-EFF8-4925-805

Collapse
X
Collapse
 
  • Page of 2
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • rspulma
    PCHF Member
    • Feb 2017
    • 7
    #1

    dllhost.exe COM Surrogate /Processid:{49A33422-EFF8-4925-805

    I just noticed that every time when I start my PC there are 4 (sometimes more) processes called dllhost.exe with a description COM Surrogate. But after 1-2 hours of working on my computer I can see about 20 dllhost.exe processes with the same call as I described below.
    Process hacker shows me that all of them have a command line like:
    C:\Windows\system32\DllHost.exe /Processid:{49A33422-EFF8-4925-805C-A476750C24DE}
    So I don’t know what to do. Sometimes it appears more processes like that and all of them have the same call
    C:\Windows\system32\DllHost.exe /Processid:{49A33422-EFF8-4925-805C-A476750C24DE}

    I checked registry trying to locate the meaning of
    {49A33422-EFF8-4925-805C-A476750C24DE}
    and I found a few strokes
    one in HCR\AppID{49A33422-EFF8-4925-805C-A476750C24DE}
    inside there is only one key DllSurrogate
    There is one branch in HCR\CLSID{49A33422-EFF8-4925-805C-A476750C24DE}
    With key AppID with data:
    {49A33422-EFF8-4925-805C-A476750C24DE}
    and also there one branch
    HKEY_CLASSES_ROOT\CLSID{49A33422-EFF8-4925-805C-A476750C24DE}\InProcServer32
    with key
    (Default) with data:
    c:\Windows\System32\iMobileDisk.dll

    So I guess the meaning of 49A33422-EFF8-4925-805C-A476750C24DE is
    c:\Windows\System32\iMobileDisk.dll

    I checked through the virus total and it is not a virus but could you tell me what this dll doing and why there are many dllhost.exe processes called with the same command line
    C:\Windows\system32\DllHost.exe /Processid:{49A33422-EFF8-4925-805C-A476750C24DE}
    Thank you in advance for any help and explanation.
    Tags: None
    • jmarket
      PCHF Owner
      • Jan 2015
      • 7636
      #2
      Hello and welcome to PCHF Let’s you started shall we?

      Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

      If you are unsure if your operating system is 32 or 64 Bit please go HERE.

      Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"

      Forums - PC Help Forum
      https://pchelpforum.net/attachments/icon2-jpg.794
      PCHF Forums


      If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
      Frst will open with two dialogue boxes, accept the disclaimer.

      Forums - PC Help Forum
      https://pchelpforum.net/attachments/frst-disclaimer-jpg.795
      PCHF Forums

      Accept the default whitelist options,
      If the additions.txt options box is not checked please select it.
      Then select “Scan”

      Forums - PC Help Forum
      https://pchelpforum.net/attachments/frst-jpg.796
      PCHF Forums


      Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

      Forums - PC Help Forum
      https://pchelpforum.net/attachments/2016-08-12_152002-jpg.797
      PCHF Forums


      Please Copy and Paste the contents of these logs in your next post for review by our Security Team

        Comment

        • Malnutrition
          PCHF Moderator
          • Jul 2016
          • 7041
          #3
          @rspulma Posting these here, since you sent them to me via PM.

          [SPOILER=“Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017”]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
          Ran by Explorer (administrator) on RICA (03-02-2017 16:19:55)
          Running from C:\Users\Explorer\Downloads\Programs
          Loaded Profiles: Explorer (Available Profiles: Explorer & named)
          Platform: Windows 8.1 Enterprise (Update) (X64) Language: English (United States)
          Internet Explorer Version 11 (Default browser: Chrome)
          Boot Mode: Normal
          Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

          ==================== Processes (Whitelisted) =================

          (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

          (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
          (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
          (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
          (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
          (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
          (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
          (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
          (American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe
          (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
          (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
          (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
          (CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
          () C:\Program Files (x86)\Droid4X\Droid4XService.exe
          () C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
          (High-Logic B.V.) C:\Program Files (x86)\High-Logic FontService\fontservice.exe
          (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
          (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
          () C:\Program Files (x86)\NetTime\NetTimeService.exe
          (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
          (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
          (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
          (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
          (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
          (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
          (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
          () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
          (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
          (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
          (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
          (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.ex e
          (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64. exe
          (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
          (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
          (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
          (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
          (Microsoft Corporation) C:\Windows\System32\rundll32.exe
          (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
          (Mindjet) C:\Program Files\Mindjet\MindManager 16\MmReminderService.exe
          (ACD Systems) D:\Program Files\ACD Systems\ACDSee Pro\10.0\acdIDInTouch2.exe
          (Intel Corporation) C:\Windows\System32\hkcmd.exe
          (Intel Corporation) C:\Windows\System32\igfxpers.exe
          (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
          () C:\Program Files\Rainlendar2\Rainlendar2.exe
          (Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
          (Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
          (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
          (Epic Privacy Browser) C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
          (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
          () D:\Program Files\ACD Systems\ACDSee Pro\10.0\ACDSeeCommanderPro10.exe
          (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
          (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
          () C:\Program Files (x86)\WebMoney Agent\wmagent.exe
          (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
          (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
          (Dropbox, Inc.) C:\Users\Explorer\AppData\Roaming\Dropbox\bin\Drop box.exe
          (iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
          (NCH Software) C:\Program Files (x86)\NCH Software\Talk\talk.exe
          (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
          (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
          (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
          () C:\Program Files (x86)\NetTime\NetTime.exe
          (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
          (High-Logic B.V.) D:\Program Files (x86)\High-Logic MainType\FmsProxy.exe
          (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
          (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
          (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
          (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idman.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
          (Telegram Messenger LLP) C:\Users\Explorer\AppData\Roaming\Telegram Desktop\Telegram.exe
          (eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
          (CJSC “Computing Forces”) C:\Program Files (x86)\WebMoney\WebMoney.exe
          (Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\WINWORD.EXE
          (JAM Software) D:\Program Files\JAM Software\UltraSearch\UltraSearch.exe
          (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRW.exe
          (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe
          (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
          (Microsoft Corporation) C:\Windows\System32\prevhost.exe
          (Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\EXCEL.EXE
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Microsoft Corporation) C:\Windows\System32\calc.exe
          (Ashampoo GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\ashsnap.exe
          (Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
          (Adobe Systems) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe
          (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkSupport\dynamiclink\C S6\dynamiclinkmanager.exe
          (Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamicli nkmediaserver\1.0\dynamiclinkmediaserver.exe
          (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamicli nkmediaserver\1.0\32\Adobe QT32 Server.exe
          () C:\Program Files\Gramblr\gramblr.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
          (Artext) D:\Multitran\network\multitran.exe
          (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDF.exe
          (Foxit Corporation) C:\Users\Explorer\AppData\Roaming\Foxit Software\Addon\Foxit PhantomPDF\FoxitPhantomPDFUpdater.exe
          (Microsoft Corporation) C:\Windows\splwow64.exe
          (eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Microsoft Corporation) C:\Windows\System32\dllhost.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          (Microsoft Corporation) C:\Windows\System32\dllhost.exe
          (Microsoft Corporation) C:\Windows\System32\dllhost.exe
          (Microsoft Corporation) C:\Windows\System32\dllhost.exe
          (Microsoft Corporation) C:\Windows\System32\dllhost.exe
          (Microsoft Corporation) C:\Windows\System32\dllhost.exe
          (Farbar) C:\Users\Explorer\Downloads\Programs\FRST64_2.exe

          ==================== Registry (Whitelisted) ====================

          (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

          HKLM...\Run: [BTMTrayAgent] => rundll32.exe “C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll”,TrayApp
          HKLM...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2012-03-01] (Dell Inc.)
          HKLM...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1084328 2015-04-13] (The Eraser Project)
          HKLM...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [508128 2016-01-07] (Adobe Systems Incorporated)
          HKLM...\Run: [MMReminderService] => C:\Program Files\Mindjet\MindManager 16\MMReminderService.exe [124616 2016-02-09] (Mindjet)
          HKLM...\Run: [Corel Update Helper] => D:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\pua.exe [2012104 2015-11-27] (Corel Corporation)
          HKLM...\Run: [ACPW10EN] => D:\Program Files\ACD Systems\ACDSee Pro\10.0\acdIDInTouch2.exe [2152392 2016-09-08] (ACD Systems)
          HKLM...\Run: [!Tweak8SystemService] => net Start Tweak8SystemService
          HKLM-x32...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
          HKLM-x32...\Run: [wmagent.exe] => C:\Program Files (x86)\WebMoney Agent\wmagent.exe [210400 2009-10-19] ()
          HKLM-x32...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
          HKLM-x32...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [811792 2014-01-20] (BlueStack Systems, Inc.)
          HKLM-x32...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
          HKLM-x32...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
          HKLM-x32...\Run: [Talk] => C:\Program Files (x86)\NCH Software\Talk\talk.exe [1401016 2017-01-02] (NCH Software)
          HKLM-x32...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-11-25] (VMware, Inc.)
          HKLM-x32...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
          HKLM-x32...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
          HKLM-x32...\Run: [HDD Regenerator] => C:\Program Files (x86)\HDD Regenerator\Shell.exe [90336 2013-05-08] ()
          HKLM-x32...\Run: [NetTime] => C:\Program Files (x86)\NetTime\NetTime.exe [772096 2012-05-12] ()
          HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
          HKLM-x32...\Run: [FmsProxy] => D:\Program Files (x86)\High-Logic MainType\FmsProxy.exe [1720320 2016-07-04] (High-Logic B.V.)
          HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .txt.js <====== ATTENTION
          HKLM Group Policy restriction on software: .avi.jse <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%**.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .mp3.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%*.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .xlsx.js <====== ATTENTION
          HKLM Group Policy restriction on software: .bmp.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .mp3.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .wma.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .xlsx.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .docx.js <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.js <====== ATTENTION
          HKLM Group Policy restriction on software: .jpg.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .wmv.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%**.js <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.jse <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%**.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .rar.js <====== ATTENTION
          HKLM Group Policy restriction on software: .rar.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .txt.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .doc.jse <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.js <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.com <====== ATTENTION
          HKLM Group Policy restriction on software: .avi.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .mp4.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .jpg.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .pub.com <====== ATTENTION
          HKLM Group Policy restriction on software: .mp3.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .wma.pif <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%*.js <====== ATTENTION
          HKLM Group Policy restriction on software: .pptx.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .pub.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .pdf.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .mp3.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .xls.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .png.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .pptx.js <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.js <====== ATTENTION
          HKLM Group Policy restriction on software: .ppt.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .png.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .docx.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .doc.exe <====== ATTENTION
          HKLM Group Policy restriction on software: C:\Users*.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .xlsx.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .gif.com <====== ATTENTION
          HKLM Group Policy restriction on software: .pdf.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%*.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .wmv.com <====== ATTENTION
          HKLM Group Policy restriction on software: .doc.pif <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%*.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .rtf.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .wav.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .png.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .wma.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .mp3.js <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .7z.com <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .pdf.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%**.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .docx.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .pub.jse <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%*.com <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%*.js <====== ATTENTION
          HKLM Group Policy restriction on software: .gif.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .jpg.jse <====== ATTENTION
          HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .xls.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData*.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .jpeg.pif <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%*.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .pub.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .rtf.js <====== ATTENTION
          HKLM Group Policy restriction on software: .ppt.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .mp4.jse <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%*.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .jpg.com <====== ATTENTION
          HKLM Group Policy restriction on software: .docx.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .avi.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .rtf.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .wma.com <====== ATTENTION
          HKLM Group Policy restriction on software: .jpeg.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .wma.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .zip.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .avi.js <====== ATTENTION
          HKLM Group Policy restriction on software: C:\Users*.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .avi.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: %allusersprofile%*.com <====== ATTENTION
          HKLM Group Policy restriction on software: .bmp.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .ppt.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .mp3.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .xls.com <====== ATTENTION
          HKLM Group Policy restriction on software: .txt.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .pdf.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData*.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData*.js <====== ATTENTION
          HKLM Group Policy restriction on software: %programfiles(x86)%*\svchost.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .rtf.com <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%**.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .rar.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .zip.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .mp4.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .jpeg.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %allusersprofile%*.scr <====== ATTENTION
          HKLM Group Policy restriction on software: C:\Users*.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .pub.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .jpeg.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .pub.js <====== ATTENTION
          HKLM Group Policy restriction on software: .rtf.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .wmv.jse <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .avi.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .png.com <====== ATTENTION
          HKLM Group Policy restriction on software: .wav.js <====== ATTENTION
          HKLM Group Policy restriction on software: .gif.js <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .jpg.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.exe <====== ATTENTION
          HKLM Group Policy restriction on software: C:\Users*.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .jpeg.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .zip.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%*.com <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .pptx.exe <====== ATTENTION
          HKLM Group Policy restriction on software: C:\Users*.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .jpeg.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%*.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.js <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .divx.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .divx.com <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .rar.scr <====== ATTENTION
          HKLM Group Policy restriction on software: ** <====== ATTENTION
          HKLM Group Policy restriction on software: .wma.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .bmp.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .doc.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%*.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .pdf.jse <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .wav.com <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData*.pif <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%*.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%*.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .pdf.com <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .txt.com <====== ATTENTION
          HKLM Group Policy restriction on software: .rtf.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .wmv.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .rtf.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .xls.js <====== ATTENTION
          HKLM Group Policy restriction on software: .docx.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .txt.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .wav.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .divx.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .rar.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .xlsx.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .wma.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .mp4.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .doc.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .7z.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%*.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%*.js <====== ATTENTION
          HKLM Group Policy restriction on software: .wav.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .jpeg.com <====== ATTENTION
          HKLM Group Policy restriction on software: .7z.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .png.scr <====== ATTENTION
          HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .bmp.js <====== ATTENTION
          HKLM Group Policy restriction on software: .xlsx.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .pub.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .png.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .wmv.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .txt.jse <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%**.com <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%*.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .gif.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData*.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .pptx.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .gif.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .xls.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .rar.com <====== ATTENTION
          HKLM Group Policy restriction on software: .wav.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .xlsx.com <====== ATTENTION
          HKLM Group Policy restriction on software: .bmp.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .rar.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .xls.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .ppt.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IE Update*.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.jse <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData*.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.com <====== ATTENTION
          HKLM Group Policy restriction on software: %allusersprofile%*.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%*\svchost.exe <====== ATTENTION
          HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .pub.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .pptx.com <====== ATTENTION
          HKLM Group Policy restriction on software: .wmv.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .doc.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .txt.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .zip.com <====== ATTENTION
          HKLM Group Policy restriction on software: *:$Recycle.Bin <====== ATTENTION
          HKLM Group Policy restriction on software: .pptx.pif <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.com <====== ATTENTION
          HKLM Group Policy restriction on software: .docx.com <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.js <====== ATTENTION
          HKLM Group Policy restriction on software: .wmv.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: C:\Users*.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .avi.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .zip.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%*.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.com <====== ATTENTION
          HKLM Group Policy restriction on software: %systemdrive%*\svchost.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .txt.pif <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .gif.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%**.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%*.jse <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %allusersprofile%*.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .mp4.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.com <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .7z.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .mp4.js <====== ATTENTION
          HKLM Group Policy restriction on software: .wmv.js <====== ATTENTION
          HKLM Group Policy restriction on software: %allusersprofile%*.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %allusersprofile%*.js <====== ATTENTION
          HKLM Group Policy restriction on software: .xlsx.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .png.js <====== ATTENTION
          HKLM Group Policy restriction on software: .pptx.bat <====== ATTENTION
          HKLM Group Policy restriction on software: C:\Users*.js <====== ATTENTION
          HKLM Group Policy restriction on software: .divx.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .wma.js <====== ATTENTION
          HKLM Group Policy restriction on software: .divx.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .avi.com <====== ATTENTION
          HKLM Group Policy restriction on software: .wav.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .bmp.com <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%**.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .ppt.com <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%*.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%*.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .wav.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .zip.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .jpeg.js <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%*.com <====== ATTENTION
          HKLM Group Policy restriction on software: .docx.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .mp4.com <====== ATTENTION
          HKLM Group Policy restriction on software: .7z.js <====== ATTENTION
          HKLM Group Policy restriction on software: .xlsx.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .pptx.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .zip.js <====== ATTENTION
          HKLM Group Policy restriction on software: .zip.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .jpg.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .7z.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .pdf.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .xls.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .mp4.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%*.exe <====== ATTENTION
          HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .docx.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.js <====== ATTENTION
          HKLM Group Policy restriction on software: .rtf.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .rar.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .7z.jse <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .xls.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .doc.js <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData*.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .gif.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.pif <====== ATTENTION
          HKLM Group Policy restriction on software: %allusersprofile%*.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.js <====== ATTENTION
          HKLM Group Policy restriction on software: .jpg.js <====== ATTENTION
          HKLM Group Policy restriction on software: .divx.pif <====== ATTENTION
          HKLM Group Policy restriction on software: .mp3.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .ppt.js <====== ATTENTION
          HKLM Group Policy restriction on software: %programfiles%*\svchost.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .ppt.scr <====== ATTENTION
          HKLM Group Policy restriction on software: %allusersprofile%*.pif <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.com <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .divx.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: .bmp.exe <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%*.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .mp3.com <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.bat <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.scr <====== ATTENTION
          HKLM Group Policy restriction on software: .bmp.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .ppt.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .gif.pif <====== ATTENTION
          HKLM Group Policy restriction on software: %appdata%*.cmd <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.jse <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData*.com <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.jse <====== ATTENTION
          HKLM Group Policy restriction on software: .jpg.bat <====== ATTENTION
          HKLM Group Policy restriction on software: .divx.js <====== ATTENTION
          HKLM Group Policy restriction on software: .pdf.js <====== ATTENTION
          HKLM Group Policy restriction on software: .doc.com <====== ATTENTION
          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.com <====== ATTENTION
          HKLM Group Policy restriction on software: .7z.exe <====== ATTENTION
          HKLM Group Policy restriction on software: .png.exe <====== ATTENTION
          Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
          HKLM...\Policies\Explorer: [DisableLocalMachineRun] 0
          HKLM...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
          HKLM...\Policies\Explorer: [DisableCurrentUserRun] 0
          HKLM...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
          HKLM...\Policies\Explorer: [NoViewContextMenu] 0
          HKLM...\Policies\Explorer: [NoShellSearchButton] 0
          HKLM...\Policies\Explorer: [HideClock] 0
          HKLM...\Policies\Explorer: [NoTrayItemsDisplay] 0
          HKLM...\Policies\Explorer: [NoDevMgrUpdate] 0
          HKLM...\Policies\Explorer: [NoDeletePrinter] 0
          HKLM...\Policies\Explorer: [NoDFSTab] 0
          HKLM...\Policies\Explorer: [NoWindowsUpdate] 0
          HKLM...\Policies\Explorer: [NoEncryptOnMove] 0
          HKLM...\Policies\Explorer: [NoRunasInstallPrompt] 0
          HKLM...\Policies\Explorer: [NoResolveSearch] 0
          HKLM...\Policies\Explorer: [NoSaveSettings] 0
          HKLM...\Policies\Explorer: [NoHardwareTab] 0
          HKLM...\Policies\Explorer: [NoStartMenuSubFolders] 0
          HKU\S-1-5-19...\Policies\system: [DisableCMD] 0
          HKU\S-1-5-19...\Policies\system: [NoDispAppearancePage] 0
          HKU\S-1-5-19...\Policies\system: [NoDispBackgroundPage] 0
          HKU\S-1-5-19...\Policies\system: [NoDispSettingsPage] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoViewOnDrive] 0
          HKU\S-1-5-19...\Policies\Explorer: [DisableLocalMachineRun] 0
          HKU\S-1-5-19...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
          HKU\S-1-5-19...\Policies\Explorer: [DisableCurrentUserRun] 0
          HKU\S-1-5-19...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoViewContextMenu] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoShellSearchButton] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoFind] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoFile] 0
          HKU\S-1-5-19...\Policies\Explorer: [HideClock] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoTrayContextMenu] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoTrayItemsDisplay] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoSetFolders] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoDevMgrUpdate] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoSetTaskbar] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoDeletePrinter] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoDFSTab] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoChangeStartMenu] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoLogoff] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoWindowsUpdate] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoEncryptOnMove] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoRunasInstallPrompt] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoResolveSearch] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoSaveSettings] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoHardwareTab] 0
          HKU\S-1-5-19...\Policies\Explorer: [NoStartMenuSubFolders] 0
          HKU\S-1-5-20...\Policies\system: [DisableCMD] 0
          HKU\S-1-5-20...\Policies\system: [NoDispAppearancePage] 0
          HKU\S-1-5-20...\Policies\system: [NoDispBackgroundPage] 0
          HKU\S-1-5-20...\Policies\system: [NoDispSettingsPage] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoViewOnDrive] 0
          HKU\S-1-5-20...\Policies\Explorer: [DisableLocalMachineRun] 0
          HKU\S-1-5-20...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
          HKU\S-1-5-20...\Policies\Explorer: [DisableCurrentUserRun] 0
          HKU\S-1-5-20...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoViewContextMenu] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoShellSearchButton] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoFind] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoFile] 0
          HKU\S-1-5-20...\Policies\Explorer: [HideClock] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoTrayContextMenu] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoTrayItemsDisplay] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoSetFolders] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoDevMgrUpdate] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoSetTaskbar] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoDeletePrinter] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoDFSTab] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoChangeStartMenu] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoLogoff] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoWindowsUpdate] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoEncryptOnMove] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoRunasInstallPrompt] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoResolveSearch] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoSaveSettings] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoHardwareTab] 0
          HKU\S-1-5-20...\Policies\Explorer: [NoStartMenuSubFolders] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3097640 2015-11-13] ()
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Run: [Dropbox Update] => C:\Users\Explorer\AppData\Local\Dropbox\Update\Dro pboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Run: [Google Update] => C:\Users\Explorer\AppData\Local\Google\Update\1.3. 32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Run: [Epic Privacy Browser Installer] => C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2016-03-17] (Epic Privacy Browser)
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-14] (Sandboxie Holdings, LLC)
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Run: [ACDSeeCommanderPro10] => D:\Program Files\ACD Systems\ACDSee Pro\10.0\ACDSeeCommanderPro10.exe [3412936 2016-09-15] ()
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\system: [DisableCMD] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\system: [NoDispAppearancePage] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\system: [NoDispSettingsPage] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [DisableLocalMachineRun] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [DisableCurrentUserRun] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [NoViewContextMenu] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [NoShellSearchButton] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [HideClock] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [NoTrayItemsDisplay] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [NoDevMgrUpdate] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [NoDeletePrinter] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [NoDFSTab] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [NoWindowsUpdate] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [NoEncryptOnMove] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [NoRunasInstallPrompt] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [NoResolveSearch] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [NoSaveSettings] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [NoHardwareTab] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Explorer: [NoStartMenuSubFolders] 0
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\MountPoints2: {8185036d-bf50-11e5-82f9-14feb5c3027f} - “E:\LGAutoRun.exe”
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\MountPoints2: {b491a930-679a-11e3-825e-00dbdf2de1f9} - “E:\AutoRun.exe”
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\MountPoints2: {e5212153-5f05-11e3-8251-806e6f6e6963} - “Q:\autorun.exe”
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Control Panel\Desktop\SCRNSAVE.EXE →
          HKU\S-1-5-18...\Run: [Copy] => “C:\Users\Explorer\AppData\Roaming\Copy\CopyAgent. exe”
          HKU\S-1-5-18...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36592672 2015-08-20] (ooVoo LLC)
          HKU\S-1-5-18...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
          HKU\S-1-5-18...\Policies\system: [DisableCMD] 0
          HKU\S-1-5-18...\Policies\system: [NoDispAppearancePage] 0
          HKU\S-1-5-18...\Policies\system: [NoDispBackgroundPage] 0
          HKU\S-1-5-18...\Policies\system: [NoDispSettingsPage] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoViewOnDrive] 0
          HKU\S-1-5-18...\Policies\Explorer: [DisableLocalMachineRun] 0
          HKU\S-1-5-18...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
          HKU\S-1-5-18...\Policies\Explorer: [DisableCurrentUserRun] 0
          HKU\S-1-5-18...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoViewContextMenu] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoShellSearchButton] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoFind] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoFile] 0
          HKU\S-1-5-18...\Policies\Explorer: [HideClock] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoTrayContextMenu] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoTrayItemsDisplay] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoSetFolders] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoDevMgrUpdate] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoSetTaskbar] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoDeletePrinter] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoDFSTab] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoChangeStartMenu] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoLogoff] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoWindowsUpdate] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoEncryptOnMove] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoRunasInstallPrompt] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoResolveSearch] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoSaveSettings] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoHardwareTab] 0
          HKU\S-1-5-18...\Policies\Explorer: [NoStartMenuSubFolders] 0
          AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170688 2016-10-25] (NVIDIA Corporation)
          AppInit_DLLs: , C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [309168 2016-05-24] (Jaksta Technologies Pty Ltd)
          AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148200 2016-10-25] (NVIDIA Corporation)
          SSODL: EldosMountNotificator-cbfs4 - {D29EAAAC-24D4-4112-9735-6FF24D2FF502} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
          SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
          SSODL-x32: EldosMountNotificator-cbfs4 - {D29EAAAC-24D4-4112-9735-6FF24D2FF502} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
          ShellIconOverlayIdentifiers: [ “CryptorShellExtHandler.IconOverlayExt”] → {011F39D2-A764-419E-9479-69C93F6D37E0} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2015-06-26] (Secomba GmbH)
          ShellIconOverlayIdentifiers: [ “CryptorShellExtHandler.IconOverlayExt2”] → {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.IconOverl ayBlocker.Ext.dll [2015-06-26] (Secomba GmbH)
          ShellIconOverlayIdentifiers: [ IDM Shell Extension] → {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
          ShellIconOverlayIdentifiers: [ AccExtIco1] → {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
          ShellIconOverlayIdentifiers: [ AccExtIco2] → {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
          ShellIconOverlayIdentifiers: [ AccExtIco3] → {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
          ShellIconOverlayIdentifiers: [“DropboxExt1”] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers: [“DropboxExt2”] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers: [“DropboxExt3”] → {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers: [“DropboxExt4”] → {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers: [“DropboxExt5”] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers: [“DropboxExt6”] → {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers: [“DropboxExt7”] → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers: [“DropboxExt8”] → {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers: [###MegaShellExtPending] → {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX 64.dll [2016-07-21] ()
          ShellIconOverlayIdentifiers: [###MegaShellExtSynced] → {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX 64.dll [2016-07-21] ()
          ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] → {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX 64.dll [2016-07-21] ()
          ShellIconOverlayIdentifiers: [1aCopyShExtError] → {83BEA36E-7680-4598-A4DF-994426F6E78D} => → No File
          ShellIconOverlayIdentifiers: [2aCopyShExtSynced] → {845B7388-6F85-4F32-9FD5-F02DC7882B89} => → No File
          ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] → {F6378A7A-F753-449B-AE1B-997A96132E61} => → No File
          ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] → {3A511828-777D-46F8-82F4-5B530C1B3D9E} => → No File
          ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] → {C8C88204-5B14-40EC-BA72-8AEBC762047E} => → No File
          ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] → {ACFF45C3-3EEB-4351-86C2-6696BA264239} => → No File
          ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] → {29AF997F-488B-46F0-AE78-7146F1B89CC3} => → No File
          ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] → {03F9AD29-1C78-4B66-8890-B177B5430C53} => → No File
          ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] → {C198F50F-1D3A-4279-ABE1-0EC04BDB7426} => C:\Windows\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
          ShellIconOverlayIdentifiers: [{6238B220-1311-4627-B3DC-55736E5BA95F}] → {6238B220-1311-4627-B3DC-55736E5BA95F} => c:\Windows\System32\iMobileDisk.dll [2012-05-11] ()
          ShellIconOverlayIdentifiers-x32: [ “CryptorShellExtHandler.IconOverlayExt”] → {011F39D2-A764-419E-9479-69C93F6D37E0} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2015-06-26] (Secomba GmbH)
          ShellIconOverlayIdentifiers-x32: [ “CryptorShellExtHandler.IconOverlayExt2”] → {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.IconOverl ayBlocker.Ext.dll [2015-06-26] (Secomba GmbH)
          ShellIconOverlayIdentifiers-x32: [“DropboxExt1”] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers-x32: [“DropboxExt2”] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers-x32: [“DropboxExt3”] → {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers-x32: [“DropboxExt4”] → {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers-x32: [“DropboxExt5”] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers-x32: [“DropboxExt6”] → {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers-x32: [“DropboxExt7”] → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers-x32: [“DropboxExt8”] → {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => → No File
          ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] → {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX 32.dll [2016-07-21] ()
          ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] → {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX 32.dll [2016-07-21] ()
          ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] → {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX 32.dll [2016-07-21] ()
          ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] → {C198F50F-1D3A-4279-ABE1-0EC04BDB7426} => C:\Windows\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
          Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-07-06]
          ShortcutTarget: Install LastPass FF RunOnce.lnk → C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
          Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-07-06]
          ShortcutTarget: Install LastPass IE RunOnce.lnk → C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
          Startup: C:\Users\Explorer\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\Dropbox.lnk [2017-02-02]
          ShortcutTarget: Dropbox.lnk → C:\Users\Explorer\AppData\Roaming\Dropbox\bin\Drop box.exe (Dropbox, Inc.)
          GroupPolicy: Restriction <======= ATTENTION
          GroupPolicy\User: Restriction <======= ATTENTION
          GroupPolicyScripts: Restriction <======= ATTENTION
          CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

          ==================== Internet (Whitelisted) ====================

          (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

          HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\L ocal\ipsecPolicy{be0e178f-2e50-4541-804c-a34f7db55587} <======= ATTENTION (Restriction - IP)
          Winsock: Catalog5 09 C:\Windows\SysWOW64\wlidNSP.dll [50176 2014-10-28] (Microsoft Corporation)
          Winsock: Catalog5 10 C:\Windows\SysWOW64\wlidNSP.dll [50176 2014-10-28] (Microsoft Corporation)
          Winsock: Catalog5-x64 09 c:\Windows\System32\wlidnsp.dll [74240 2014-10-28] (Microsoft Corporation)
          Winsock: Catalog5-x64 10 c:\Windows\System32\wlidnsp.dll [74240 2014-10-28] (Microsoft Corporation)
          Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
          Tcpip..\Interfaces{54997AEA-6BE5-4B1D-AA3A-01377EAF9D27}: [DhcpNameServer] 8.8.8.8
          Tcpip..\Interfaces{7B4C56F8-54B9-49AE-AC24-2E617300C9FC}: [DhcpNameServer] 200.48.225.130 200.48.225.146
          Tcpip..\Interfaces{98FE26F2-9E79-4C35-8D23-4F5B94D8526A}: [DhcpNameServer] 200.48.225.130 200.48.225.146
          [HEADING=1]Internet Explorer:[/HEADING]
          HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
          HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
          HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
          HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
          HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
          HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
          SearchScopes: HKU\S-1-5-21-925185676-1098965860-4220522822-1001 → DefaultScope {56B90406-7F40-474C-AC73-88B4F2C484EF} URL = hxxps://encrypted.google.com/search?hl={language}&q={searchTerms}
          SearchScopes: HKU\S-1-5-21-925185676-1098965860-4220522822-1001 → {56B90406-7F40-474C-AC73-88B4F2C484EF} URL = hxxps://encrypted.google.com/search?hl={language}&q={searchTerms}
          BHO: IDM integration (IDMIEHlprObj Class) → {0055C089-8582-441B-A0BF-17B458C2A3A8} → C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
          BHO: CmjBrowserHelperObject Object → {6FE6A929-59D1-4763-91AD-29B61CFFB35B} → C:\Program Files\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2016-02-09] (Mindjet)
          BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-19] (Oracle Corporation)
          BHO: Webroot Vault → {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} → No File
          BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-19] (Oracle Corporation)
          BHO-x32: IDM integration (IDMIEHlprObj Class) → {0055C089-8582-441B-A0BF-17B458C2A3A8} → C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
          BHO-x32: PDFXChange 2012 IE Plugin → {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} → C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
          BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-09] (Oracle Corporation)
          BHO-x32: Evernote extension → {92EF2EAD-A7CE-4424-B0DB-499CF856608E} → C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-06-02] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
          BHO-x32: Webroot Vault → {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} → No File
          BHO-x32: Microsoft OneDrive for Business Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
          BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-09] (Oracle Corporation)
          Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
          Toolbar: HKLM-x32 - PDFXChange 2012 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
          Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
          IE Session Restore: HKU\S-1-5-21-925185676-1098965860-4220522822-1001 → is enabled.
          DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.uam.es/CACHE/stc/2/binaries/vpnweb.cab
          Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
          Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
          Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
          Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
          Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
          Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
          Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - D:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiv eX.dll No File
          [HEADING=1]FireFox:[/HEADING]
          FF DefaultProfile: sxpbrh0x.default
          FF ProfilePath: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\sxpbrh0x.default [2017-02-03]
          FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\sxpbrh0x.default → Google
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → autoconfig_url", “data:text/javascript,function FindProxyForURL(url, host) {if ((host == "[www.abc.net.au]('http://www.abc.net.au')”)
          (host == "iview.abc.net.au")
          (host == "iviewmetered-vh.akamaihd.net")
          (url.indexOf("proxmate=au") != -1)
          (host == "livestream.com")
          (host == "[www.livestream.com]('http://www.livestream.com')“)
          (host == "api.new.livestream.com")
          (host == "player.ooyala.com")
          (host == "xnewsvidhd-vh.akamaihd.net")
          (host == "[www.animelab.com]('http://www.animelab.com')”)
          (host == "dcgm6i50yfgtk.cloudfront.net")) { return ‘PROXY au-node.proxmate.me:8008’ } else if ((url.indexOf("proxmate=ca") != -1)
          (host == "ici.tou.tv")
          (host == "toutvuniver1-vh.akamaihd.net")
          (host == "geoip.radio-canada.ca")
          (host == "api.radio-canada.ca")
          (host == "images.tou.tv")
          (host == "player.siriusxm.ca")
          (host == "primary.hls-streaming.production.streaming.siriusxm.ca")
          (host == "now.sportsnet.ca")
          (host == "watch.sportsnet.ca")
          (host == "player.9c9media.com")
          (host == "metrics.ctv.ca")
          (host == "capi.9c9media.com")
          (host == "[www.ctv.ca]('http://www.ctv.ca')“)
          (host == "[www.willow.tv]('http://www.willow.tv')”)
          (host == "willowtv.live-s.cdn.bitgravity.com")) { return ‘PROXY ca-node.proxmate.me:8008’ } else if ((host == "arte.tv")
          (host == "[www.arte.tv]('http://www.arte.tv')“)
          (host == "geoftv-a.akamaihd.net")
          (host == "hdfauthftv-a.akamaihd.net")
          (host == "replayftv-vh.akamaihd.net")
          (host == "ftvingest-vh.akamaihd.net")
          (host == "live.francetv.fr")
          (host == "d8.tv")
          (host == "[www.d8.tv]('http://www.d8.tv')”)
          (host == "us-cplus-aka.canal-plus.com")
          (host == "hds_live_d8_aka-lh.akamaihd.net")
          (host == "d17.tv")
          (host == "[www.d17.tv]('http://www.d17.tv')“)
          (host == "hds_live_d17_aka-lh.akamaihd.net")
          (url.indexOf("proxmate=fr") != -1)
          (host == "[www.6play.fr]('http://www.6play.fr')”)
          (host == "geo.6cloud.fr")
          (host == "proxy-021.dc3.dailymotion.com")
          (host == "proxy-67.dailymotion.com")
          (host == "prof.estat.com")
          (host == "metrics.dailymotion.com")
          (host == "[www.dailymotion.com]('http://www.dailymotion.com')“)
          (host == "vmap.snappytv.com")) { return ‘PROXY fr-node.proxmate.me:8008’ } else if ((host == "vod-akamai-psd-hds.p7s1digital.de")
          (host == "vas.sim-technik.de")
          (url.indexOf("proxmate=de") != -1)
          (host == "nightclub.de")
          (host == "zdf.de")
          (host == "[www.zdf.de]('http://www.zdf.de')”)
          (host == "zdf_hds_de-f.akamaihd.net")
          (host == "api.nowtv.de")
          (host == "delivestream-lh.akamaihd.net")
          (host == "cdnapi.kaltura.com")
          (host == "disneychannel.de")
          (host == "[www.southpark.de]('http://www.southpark.de')“)) { return ‘PROXY de-node.proxmate.me:8008’ } else if ((host == "[www.tg4.ie]('http://www.tg4.ie')”)
          (url.indexOf("proxmate=ie") != -1)) { return ‘PROXY ie-node.proxmate.me:8008’ } else if ((host == "rai.tv")
          (host == "[www.rai.tv]('http://www.rai.tv')“)
          (host == "mediapolis.rai.it")
          (host == "[www.rai.it]('http://www.rai.it')”)
          (host == "stream5.rai.it")
          (host == "stream6.rai.it")
          (host == "stream7.rai.it")
          (host == "sspushrai1-s.akamaihd.net")
          (host == "sspushrai2-s.akamaihd.net")
          (host == "sspushraisport2-s.akamaihd.net")
          (host == "sspushrai3-s.akamaihd.net")
          (host == "secondary.adaptiveedge.rai.it")
          (host == "rai-italia01.wt-eu02.net")
          (host == "download.rai.tv")
          (host == "mediapolisvod.rai.it")
          (host == "ww.rai.tv")
          (host == ".xuniplay.fdnames.com")
          (url.indexOf("xuniplay.fdnames.com") != -1)
          (host == "se-to1-8.se.live3.msf.ticdn.it")
          (host == "live.shinystat.com")
          (host == "lic.mediaset.net")
          (host == "cssr.video.mediaset.it")
          (url.indexOf("proxmate=it") != -1)
          (host == "[www.vvvvid.it]('http://www.vvvvid.it')“)) { return ‘PROXY it-node.proxmate.me:8008’ } else if ((host == "telecinco.es")
          (host == "telecinco1-vh.akamaihd.net")
          (host == "[www.telecinco.es]('http://www.telecinco.es')”)
          (url.indexOf("proxmate=es") != -1)
          (host == "antena3.com")
          (host == "[www.antena3.com]('http://www.antena3.com')“)
          (host == "geodesprogresiva.antena3.com")
          (host == "rtve.es")
          (host == "[www.rtve.es]('http://www.rtve.es')”)
          (host == "ztnr.rtve.es")
          (host == "mvodt.lvlt.rtve.es")
          (host == "swf.rtve.es")
          (host == "cuatro.com")
          (host == "[www.cuatro.com]('http://www.cuatro.com')“)
          (host == "cuatro1-vh.akamaihd.net")
          (host == "peliculas-online.atresplayer.com")
          (host == "servicios.atresplayer.com")
          (host == "atresplayer.com")
          (host == "[www.atresplayer.com]('http://www.atresplayer.com')”)
          (host == "k.uecdn.es")
          (host == "v.uecdn.es")
          (host == "as.com")
          (host == "ep00.epimg.net")
          (host == "futbol.as.com")) { return ‘PROXY es-node.proxmate.me:8008’ } else if ((host == "prosieben.ch")
          (host == "[www.prosieben.ch]('http://www.prosieben.ch')“)
          (host == "s1tv.ch")
          (host == "[www.s1tv.ch]('http://www.s1tv.ch')”)
          (host == "zba2-0-hds-live.zahs.tv")
          (host == "embed-zattoo.com")
          (host == "chtv.ch")
          (host == "[www.chtv.ch]('http://www.chtv.ch')“)
          (host == "zba2-1-hds-live.zahs.tv")
          (host == "sat1.ch")
          (host == "[www.sat1.ch]('http://www.sat1.ch')”)
          (host == "rsi.ch")
          (host == "[www.rsi.ch]('http://www.rsi.ch')“)
          (host == "codch-vh.akamaihd.net")
          (host == "il.srgssr.ch")
          (host == "ch.viva.tv")
          (host == "intl.esperanto.mtvi.com")
          (url.indexOf("proxmate=ch") != -1)
          (host == "zattoo.com")
          (host == "[www.srf.ch]('http://www.srf.ch')”)
          (host == "srgssruni1ch-lh.akamaihd.net")
          (host == "srgssruni2ch-lh.akamaihd.net")
          (host == "srgssruni3ch-lh.akamaihd.net")
          (host == "[www.teleboy.ch]('http://www.teleboy.ch')“)
          (host == "aka-cdn-ns.adtech.de")
          (host == "teleboy.customers.cdn.iptv.ch")) { return ‘PROXY ch-node.proxmate.me:8008’ } else if ((host == "c.brightcove.com")
          (host == "secure.brightcove.com")
          (host == "metrics.brightcove.com")
          (host == "stv-ak.cds1.yospace.com")
          (host == "core.stvfiles.com")
          (host == "player.stv.tv")
          (host == "stv.brightcove.com.edgesuite.net")
          (host == "uk-dev-stv.cdn.videoplaza.tv")
          (host == "mercury.itv.com")
          (host == "[www.itv.com]('http://www.itv.com')”)
          (host == "itv.com")
          (host == "llnw.live.btv.simplestream.com")
          (host == "players.simplestream.com")
          (host == "uapi.simplestream.com")
          (host == "channel5.com")
          (host == "wwwcdn.channel5.com")
          (host == "cassie.channel5.com")
          (host == "player.channel5.com")
          (host == "deliver-hls.channel5.com")
          (host == "akahls.channel5.com")
          (host == "llnwhls.channel5.com")
          (host == "milkshake.tv")
          (host == "[www.milkshake.tv]('http://www.milkshake.tv')“)
          (host == "trk-euwest.tidaltv.com")
          (host == "mp.adverts.itv.com")
          (host == "req.tidaltv.com")
          (host == "s1.2mdn.net")
          (host == "pes.itv.com")
          (host == "ned.itv.com")
          (host == "itvdotcom.2cnt.net")
          (host == "tom.itv.com")
          (host == "dave.uktv.co.uk")
          (host == "uktvplay.uktv.co.uk")
          (host == "uktvhdse.brightcove.com.edgesuite.net")
          (host == "admin.brightcove.com")
          (host == "really.uktv.co.uk")
          (host == "yesterday.uktv.co.uk")
          (host == "drama.uktv.co.uk")
          (host == "live.tvplayer.com")
          (host == "tvplayer.com")
          (host == "sapi.tvplayer.com")
          (host == "api.tvplayer.com")
          (host == "[www.gamefront.com]('http://www.gamefront.com')”)
          (url.indexOf("proxmate=uk") != -1)
          (host == "channel4.com")
          (host == "ais.channel4.com")
          (host == "pandr.my.channel4.com")
          (host == "all4nav.channel4.com")
          (host == "4id.channel4.com")) { return ‘PROXY uk-node.proxmate.me:8008’ } else if ((host == "link.theplatform.com")
          (host == "discidevflash-f.akamaihd.net")
          (host == "api.geoip.dp.discovery.com")
          (host == "vidtech.cbsinteractive.com")
          (host == "vidtech.cbsima.com")
          (host == "om.cbsi.com")
          (host == "media.mtvnservices.com")
          (host == "api-manga.crunchyroll.com")
          (host == "crunchyroll.com")
          (host == "[www.crunchyroll.com]('http://www.crunchyroll.com')“)
          (host == "cdn.wwtv.warnerbros.com")
          (host == "hlsioscwtv.warnerbros.com")
          (host == "media.cwtv.com")
          (host == "servicesaetn-a.akamaihd.net")
          (host == "live.mlssoccer.com")
          (host == "tvewnbc-i.akamaihd.net")
          (host == "tvenbceast-i.akamaihd.net")
          (host == "nbcmpx-vh.akamaihd.net")
          (host == "[www.pandora.com]('http://www.pandora.com')”)
          (host == "video.pbs.org")
          (host == "ga.video.cdn.pbs.org")
          (host == "urs.pbs.org")
          (host == "play.spotify.com")
          (host == "[www.spotify.com]('http://www.spotify.com')“)
          (host == "play.spotify.edgekey.net")
          (host == "[www.iheart.com]('http://www.iheart.com')”)
          (host == "api2.iheart.com")
          (host == "api.iheart.com")
          (host == "iheart.com")
          (host == "nick.mtvnimages.com")
          (host == "sni-vh.akamaihd.net")
          (url.indexOf("proxmate=us") != -1)
          (url.indexOf(".googlevideo.com") != -1)
          (host == "api.segment.io")
          (host == "[www.vevo.com]('http://www.vevo.com')“)
          (host == "vevo.com")
          (host == "apiv2.vevo.com")
          (host == "songza.com")
          (host == "new.songza.com")
          (host == "[www.daisuki.net]('http://www.daisuki.net')”)
          (host == "bngn-vh.akamaihd.net")
          (host == "bngnwww.b-ch.com")
          (host == "[www.hbogo.com]('http://www.hbogo.com')“)
          (host == "catalog.lv3.hbogo.com")
          (host == "profile.lv3.hbogo.com")
          (host == "profile.hbogo.com")
          (url.indexOf(".lv3.hbogo.com") != -1)
          (host == "register.hbogo.com")
          (host == "play.hbogo.com")
          (host == "smetrics.hbogo.com")
          (url.indexOf(".lv3.cdn.hbo.com") != -1)
          (host == "comet.api.hbo.com")
          (host == "play.google.com")
          (host == "checkout.google.com")
          (host == "store.google.com")
          (host == "apis.google.com")
          (host == "amc350888def-vh.akamaihd.net")
          (host == "a564avoddashnsus-a.akamaihd.net")
          (host == "atv-ps.amazon.com")
          (host == "[www.amazon.com]('http://www.amazon.com')”)
          (host == "amazon.com")
          (host == "fls-na.amazon.com")
          (host == "phds-vod.cdn.turner.com")
          (host == "token.vgtf.net")
          (host == "[www.ondemandkorea.com]('http://www.ondemandkorea.com')“)
          (host == "[www.fxnetworks.com]('http://www.fxnetworks.com')”)
          (host == "fxvcms-f.akamaihd.net")
          (host == "tvetelemundo-vh.akamaihd.net")
          (host == "feed.theplatform.com")
          (host == "fsvideohds-vh.akamaihd.net")
          (host == "watchable.com")
          (host == "cilhlsvod-f.akamaihd.net")
          (host == "oxygenvod-vh.akamaihd.net")
          (host == "tvesyfy-vh.akamaihd.net")
          (host == "[www.smithsonianchannel.com]('http://www.smithsonianchannel.com')“)
          (host == "c.brightcove.com")
          (host == "brightcove01.brightcove.com")
          (host == "edge.api.brightcove.com")
          (host == "[www.eonline.com]('http://www.eonline.com')”)
          (host == "link.theplatform.com")
          (host == "api.listenlive.co")
          (host == "playerservices.streamtheworld.com")
          (host == "player.listenlive.co")
          (url.indexOf("live.streamtheworld.com") != -1)
          (host == "[www.cartoonnetwork.com]('http://www.cartoonnetwork.com')“)
          (host == "[www.viki.com]('http://www.viki.com')”)
          (host == "\"[www.viki.com]('http://www.viki.com')“)
          (host == "[www.origin.com]('http://www.origin.com')”)
          (host == "ht.cdn.turner.com")
          (host == "aolvideoshd-vh.akamaihd.net")
          (host == "syn.5min.com")
          (host == "stvideos.5min.com")
          (host == "[www.showtime.com]('http://www.showtime.com')“)
          (host == "secure.showtime.com")
          (url.indexOf(".vgtf.net") != -1)
          (host == "phds-live.cdn.turner.com")
          (host == "api.amplitude.com")
          (host == "order.rhapsody.com")
          (host == "payment.rhapsody.com")
          (host == "[www.pivot.tv]('http://www.pivot.tv')”)
          (host == "js.maxmind.com")
          (host == "shonenjump.viz.com")) { return ‘PROXY us-node.proxmate.me:8008’ } else if ((host == "livestreams.omroep.nl")
          (host == ".npostreaming.nl")
          (host == "ida.omroep.nl")
          (host == "npoplayer.omroep.nl")
          (host == "[www.zapp.nl]('http://www.zapp.nl')“)
          (host == "tellerapi.omroep.nl")
          (host == "e.omroep.nl")
          (url.indexOf("proxmate=nl") != -1)) { return ‘PROXY nl-node.proxmate.me:8008’ } else if ((host == "tvthek.orf.at")
          (host == "apasfiisl.apa.at")
          (host == "orf.oewabox.at")
          (host == "194.232.200.58")
          (host == "185.85.28.1")
          (host == "atvplus.oewabox.at")
          (host == "cdn.atv.at")
          (url.indexOf("proxmate=at") != -1)
          (host == "hdsvodsportsman-vh.akamaihd.net")
          (host == "streamaccess.unas.tv")
          (host == "[www.laola1.tv]('http://www.laola1.tv')”)
          (host == "[www.livestation.com]('http://www.livestation.com')“)
          (host == "livestation.com")
          (url.indexOf(".emigrantas.tv") != -1)) { return ‘PROXY at-node.proxmate.me:8008’ } else if ((host == "netflix.com")
          (host == "[www.netflix.com]('http://www.netflix.com')”)
          (host == "cbp-us.nccp.netflix.com")
          (host == "secure.netflix.com")
          (host == "api-global.netflix.com")
          (host == "ichnaea.netflix.com")
          (host == "customerevents.netflix.com")
          (host == "s.thebrighttag.com")) { return ‘PROXY usnet-node.proxmate.me:8008’ } else if ((host == "s.hulu.com")
          (host == "[www.funimation.com]('http://www.funimation.com')“)
          (host == "wpc.8c48.edgecastcdn.net")
          (host == "southpark.cc.com")
          (host == "api.utils.watchabc.go.com")
          (host == "[www.dramafever.com]('http://www.dramafever.com')”)
          (host == "[www.logotv.com]('http://www.logotv.com')“)
          (host == "api.watchabc.go.com")
          (host == "theanimenetwork.com")
          (host == "huluim.com")
          (host == "[www.hulu.com]('http://www.hulu.com')”)
          (host == "t2.hulu.com")
          (host == "urlcheck.hulu.com")
          (host == "t.hulu.com")
          (host == "s.hulu.com")
          (host == "play.hulu.com")
          (host == "t2.huluim.com")) { return ‘PROXY ush-node.proxmate.me:8008’ } else if ((host == "player.ooyala.com")
          (host == "l.ooyala.com")) { return ‘PROXY auv-node.proxmate.me:8008’ } else if ((host == "web-api-us.crackle.com")
          (host == "legacyweb-us.crackle.com")) { return ‘PROXY us2-node.proxmate.me:8008’ } else if ((host == "counter.yadro.ru")
          (host == "turbik.tv")
          (host == "player.rutv.ru")
          (host == "api.rutv.ru")
          (host == "cdnng.v.rtr-vesti.ru")
          (host == "player.vgtrk.com")
          (url.indexOf("proxmate=ru") != -1)
          (host == "stream.1tv.ru")
          (host == "mobdrm.1tv.ru")) { return ‘PROXY ru-node.proxmate.me:8008’ } else if ((host == "security.video.globo.com")
          (host == "api.globovideos.com")
          (host == "s.videos.globo.com")
          (host == "gshow.globo.com")
          (host == "voddownload02.video.globo.com")
          (host == "secure.nuuvem.com")
          (host == "webportal.nowonline.com.br")) { return ‘PROXY br-node.proxmate.me:8008’ } else if ((host == "[www.bbc.co.uk]('http://www.bbc.co.uk')“)
          (host == "open.live.bbc.co.uk")
          (host == "fig.bbc.co.uk")
          (host == "vod-hds-uk-live.edgesuite.net")
          (host == "vod-hds-uk-live.bbcfmt.vo.llnwd.net")
          (host == "vs-hds-uk-live.bbcfmt.vo.llnwd.net")
          (host == "vs-hds-uk-live.edgesuite.net")
          (host == "bbc.co.uk")) { return ‘PROXY ukb-node.proxmate.me:8008’ } else { return ‘DIRECT’; }}”
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → backup.ftp", “120.203.162.87”
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → backup.ftp_port", 8123
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → backup.socks", “120.203.162.87”
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → backup.socks_port", 8123
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → backup.ssl", “120.203.162.87”
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → backup.ssl_port", 8123
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → ftp", “185.127.164.20”
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → ftp_port", 443
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → http", “185.127.164.20”
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → http_port", 443
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → network.proxy.socks_remote_dns", 1
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → share_proxy_settings", true
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → socks", “185.127.164.20”
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → socks_port", 443
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → ssl", “185.127.164.20”
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → ssl_port", 443
          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → type", 1
          FF Extension: (Click&Clean) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\sxpbrh0x.default\Extensions\clickclean@hotcleaner.com [2016-12-12]
          FF Extension: (United States English Spellchecker) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\sxpbrh0x.default\Extensions\en-US@dictionaries.addons.mozilla.org [2016-03-20]
          FF Extension: (Spanish (Spain) Dictionary) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\sxpbrh0x.default\Extensions\es-es@dictionaries.addons.mozilla.org [2016-04-06]
          FF Extension: (Firebug) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\sxpbrh0x.default\Extensions\firebug@software.joehewitt.com.xpi [2016-12-17]
          FF Extension: (Russian Hunspell spellchecking dictionary) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\sxpbrh0x.default\Extensions\hunspell-ru@dictionaries.addons.mozilla.org [2015-12-31]
          FF Extension: (Proxy Switcher) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\sxpbrh0x.default\Extensions\jid0-hjBdm7jJii7llLkqacvGnd3gHge@jetpack.xpi [2016-12-10]
          FF Extension: (Session Manager) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\sxpbrh0x.default\Extensions{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-03-20]
          FF Extension: (Webroot Password Manager) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\sxpbrh0x.default\Extensions{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-07-06]
          FF ProfilePath: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox [2016-11-02]
          FF NewTab: Mozilla\Firefox\Profiles\JonDoFox → about:blank
          FF DefaultSearchEngine: Mozilla\Firefox\Profiles\JonDoFox → Startpage HTTPS
          FF SelectedSearchEngine: Mozilla\Firefox\Profiles\JonDoFox → Startpage HTTPS
          FF Homepage: Mozilla\Firefox\Profiles\JonDoFox → about:home
          FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox → ftp", “127.0.0.1”
          FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox → ftp_port", 4001
          FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox → gopher", “127.0.0.1”
          FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox → gopher_port", 4001
          FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox → http", “127.0.0.1”
          FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox → http_port", 4001
          FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox → no_proxies_on", “”
          FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox → socks", “127.0.0.1”
          FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox → socks_port", 4001
          FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox → socks_remote_dns", true
          FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox → ssl", “127.0.0.1”
          FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox → ssl_port", 4001
          FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox → type", 1
          FF Extension: (HTTPS-Everywhere) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2015-02-09] [not signed]
          FF Extension: (JonDoFox) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\Extensions{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2014-12-02] [not signed]
          FF Extension: (NoScript) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\Extensions{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-09] [not signed]
          FF Extension: (Webroot Password Manager) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\Extensions{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-07-06]
          FF Extension: (Cookie Controller) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\Extensions{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2014-12-02] [not signed]
          FF Extension: (DownloadHelper) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\Extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-27] [not signed]
          FF Extension: (Adblock Plus) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\Extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-03] [not signed]
          FF Extension: (ProfileSwitcher) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\Extensions{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2014-12-02] [not signed]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml [2014-12-02]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\google-de-ssl.xml [2014-12-02]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml [2014-12-02]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures—deutsch.xml [2014-12-02]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures—english.xml [2014-12-02]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\ixquick.xml [2014-12-02]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\leo-eng-ger.xml [2014-12-02]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\leo-esp-ale.xml [2014-12-02]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\leo-fra-all.xml [2014-12-02]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\metager2.xml [2014-12-02]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml [2014-12-02]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml [2014-12-02]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\startpage-https—deutsch.xml [2014-12-02]
          FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\ Profiles\JonDoFox\searchplugins\startpage-https.xml [2014-12-02]
          FF HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
          FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
          FF HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Explorer\AppData\Roaming\IDM\idmmzcc5
          FF Extension: (IDM CC) - C:\Users\Explorer\AppData\Roaming\IDM\idmmzcc5 [2017-02-03] [not signed]
          FF HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
          FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_ 207.dll [2016-12-11] ()
          FF Plugin: @java.com/DTPlugin,version=11.111.2 → C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1 .dll [2016-11-19] (Oracle Corporation)
          FF Plugin: @java.com/JavaPlugin,version=11.111.2 → C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-19] (Oracle Corporation)
          FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
          FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
          FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 → C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
          FF Plugin: adobe.com/AdobeAAMDetect → C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
          FF Plugin: wacom.com/WacomTabletPlugin → C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
          FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_ 207.dll [2016-12-11] ()
          FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
          FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
          FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
          FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
          FF Plugin-x32: @Google.com/GoogleEarthPlugin → C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
          FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 → C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1 .dll [2016-12-09] (Oracle Corporation)
          FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 → C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-09] (Oracle Corporation)
          FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
          FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
          FF Plugin-x32: @raidcall.en/RCplugin → C:\Users\Explorer\AppData\Roaming\raidcall\plugins \nprcplugin.dll [2014-03-04] (Raidcall)
          FF Plugin-x32: @raidcall.tw/RCplugin → C:\Users\Explorer\AppData\Roaming\RCTW\plugins\npr cplugin.dll [2013-06-25] (Raidcall)
          FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
          FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
          FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf → C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
          FF Plugin-x32: @videolan.org/vlc,version=2.0.5 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
          FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 → C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
          FF Plugin-x32: adobe.com/AdobeAAMDetect → C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
          FF Plugin-x32: wacom.com/WacomTabletPlugin → C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @Skype Limited.com/Facebook Video Calling Plugin → C:\Users\Explorer\AppData\Local\Facebook\Video\Sky pe\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @talk.google.com/GoogleTalkPlugin → C:\Users\Explorer\AppData\Roaming\Mozilla\plugins\ npgoogletalk.dll [2015-12-08] (Google)
          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @talk.google.com/O1DPlugin → C:\Users\Explorer\AppData\Roaming\Mozilla\plugins\ npo1d.dll [2015-12-08] (Google)
          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @tools.google.com/Google Update;version=3 → C:\Users\Explorer\AppData\Local\Google\Update\1.3. 32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @tools.google.com/Google Update;version=9 → C:\Users\Explorer\AppData\Local\Google\Update\1.3. 32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @unity3d.com/UnityPlayer,version=1.0 → C:\Users\Explorer\AppData\LocalLow\Unity\WebPlayer \loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 → C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-03-17] (Epic Privacy Browser)
          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 → C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-03-17] (Epic Privacy Browser)
          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 → C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll [2014-09-29] (Epic Privacy Browser)
          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 → C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll [2014-09-29] (Epic Privacy Browser)
          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: wacom.com/WacomTabletPlugin → C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
          FF Plugin ProgramFiles/Appdata: C:\Users\Explorer\AppData\Roaming\mozilla\plugins\ npgoogletalk.dll [2015-12-08] (Google)
          FF Plugin ProgramFiles/Appdata: C:\Users\Explorer\AppData\Roaming\mozilla\plugins\ npo1d.dll [2015-12-08] (Google)
          [HEADING=1]Chrome:[/HEADING]
          CHR DefaultProfile: Default
          CHR DefaultSearchKeyword: Default → ARcalc
          CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Widev ineCdm_platform_specific\win_x86\widevinecdmadapte r.dll (Google Inc.)
          CHR Plugin: (Shockwave Flash) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll => No File
          CHR Profile: C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default [2017-02-03]
          CHR Extension: (Google Drive) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-10-21]
          CHR Extension: (Session Manager) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdb bkcjfi [2014-12-24]
          CHR Extension: (YouTube) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-09-24]
          CHR Extension: (Google Search) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-10-28]
          CHR Extension: (Session Buddy) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbc dcpbko [2016-11-18]
          CHR Extension: (User-Agent Switcher for Google Chrome) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhkkpnppgnfaobgihpdblnhmm bodake [2016-11-04]
          CHR Extension: (Click&Clean) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmame dcbeod [2017-01-11]
          CHR Extension: (SuperSorter) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmd ckngij [2016-08-08]
          CHR Extension: (Page Ruler) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfh cbnbpn [2016-05-19]
          CHR Extension: (Aspect Ratio calculator) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\klgkjdnciknlegnojnpgpofaga ophdei [2016-04-14]
          CHR Extension: (WorkFlowy) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclboce hhgmkm [2016-12-21]
          CHR Extension: (Harmonica Tunings) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdcggjbhkaloeckehokgclkbf cpnabc [2014-05-24]
          CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgja ogfceg [2016-12-22]
          CHR Extension: (COPY URL) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhnbhdofgaendegcgbmndipmi jhbili [2016-03-29]
          CHR Extension: (Google Hangouts) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanao iihapd [2017-01-18]
          CHR Extension: (Webroot Password Manager) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajai fmmnnc [2016-07-06]
          CHR Extension: (IDM Integration Module) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhm bhlaek [2016-12-11]
          CHR Extension: (YSlow) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkg llmakh [2016-10-18]
          CHR Extension: (Autofill) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddk bbfkkk [2017-01-04]
          CHR Extension: (Chrome Web Store Payments) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-01-18]
          CHR Extension: (Hide My Ass - VPN) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocneleoikjgphlhjpeoabocgce gemegd [2014-08-03]
          CHR Extension: (ColorPick Eyedropper) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelf fpdolg [2016-04-17]
          CHR Extension: (TunnelBear VPN) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookp fjihpa [2017-01-17]
          CHR Extension: (Proxy SwitchyOmega) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomc lgjgif [2017-01-11]
          CHR Extension: (Gmail) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-04-02]
          CHR Extension: (Chrome Media Router) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-12-18]
          CHR HKLM...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
          CHR HKLM...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
          CHR HKLM...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
          CHR HKLM-x32...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
          CHR HKLM-x32...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
          CHR HKLM-x32...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
          CHR HKLM-x32...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - <no Path/update_url>

          ==================== Services (Whitelisted) ====================

          (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

          R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
          S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
          R2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [86992 2016-08-25] (American Megatrends Inc.)
          S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
          R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
          R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
          R2 Droid4XService; C:\Program Files (x86)\Droid4X\Droid4XService.exe [269312 2016-01-06] () [File not signed]
          R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2770312 2016-11-13] (ESET)
          S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
          R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10242128 2017-02-03] () [File not signed]
          R2 hddrsrv; C:\Program Files (x86)\HDD Regenerator\hrsrv.exe [82144 2013-05-08] ()
          R2 HLfms; C:\Program Files (x86)\High-Logic FontService\fontservice.exe [5505008 2016-07-04] (High-Logic B.V.)
          R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
          S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
          R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
          S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
          S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
          S3 memoQauhlp78; C:\Program Files (x86)\Kilgray\memoQ-2015\MemoQ.AutoUpdate.exe [223120 2016-07-19] (Kilgray)
          R2 NetTimeSvc; C:\Program Files (x86)\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed]
          R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [458176 2016-10-25] (NVIDIA Corporation)
          S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-08-23] (The OpenVPN Project)
          R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
          S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
          R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
          R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-14] (Sandboxie Holdings, LLC)
          R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
          S2 Tweak8SystemService; C:\Windows\system32\Tweak8SystemService.exe [134248 2015-07-31] (Totalidea Software)
          R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12462784 2015-11-25] ()
          S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
          R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
          R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)

          ===================== Drivers (Whitelisted) ======================

          (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

          R1 appliand; C:\Windows\system32\DRIVERS\appliand.sys [30304 2013-02-06] (Applian Technologies Inc.)
          R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems)
          R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
          R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
          R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
          S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
          S3 DIRECTIO; no ImagePath
          U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2013-12-07] (Disc Soft Ltd)
          R1 DuoVMDrv; C:\Windows\system32\DRIVERS\DuoVMDrv.sys [246720 2016-05-10] (American Megatrends Inc.)
          R3 jakstaVA; C:\Windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (e2eSoft)
          R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
          S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
          R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
          S3 NAVENG; no ImagePath
          S3 NAVEX15; no ImagePath
          S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-28] (Microsoft Corporation)
          R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
          R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
          R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [307768 2016-10-25] (NVIDIA Corporation)
          R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
          S3 RTCore64; no ImagePath
          S3 RTIFDH; C:\Windows\system32\DRIVERS\rtIFDH.sys [16256 2012-02-27] (Компания “Актив”) [File not signed]
          R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-14] (Sandboxie Holdings, LLC)
          S3 silabenm; C:\Windows\system32\DRIVERS\silabenm.sys [27336 2012-12-11] (Silicon Laboratories) [File not signed]
          S3 silabser; C:\Windows\system32\DRIVERS\silabser.sys [73216 2012-12-11] (Silicon Laboratories) [File not signed]
          R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-12-06] (Duplex Secure Ltd.)
          S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
          R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics)
          U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
          S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
          S3 VMSMP; no ImagePath
          R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation)
          R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
          R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
          S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
          R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
          S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
          R1 WindroyeBoxDrv; C:\Program Files\WindroyeBox\WindroyeBoxDrv.sys [252672 2015-03-03] (Windroy Corporation)
          S3 WinRing0_1_2_0; C:\Users\Explorer\Downloads\Compressed\ThrottleSto p_810_b2\ThrottleStop_810\WinRing0x64.sys [14544 2015-10-12] (OpenLibSys.org)
          R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
          U3 DfSdkS; no ImagePath
          S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys
          U0 SR; no ImagePath
          U2 srservice; no ImagePath
          S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys

          ==================== NetSvcs (Whitelisted) ===================

          (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

          ==================== One Month Created files and folders ========

          (If an entry is included in the fixlist, the file/folder will be moved.)

          2017-02-03 16:19 - 2017-02-03 16:19 - 00000000 ____D C:\FRST
          2017-02-02 21:34 - 2017-02-03 05:12 - 00000000 ____D C:\AdwCleaner
          2017-02-02 19:35 - 2017-02-02 19:35 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Dropbox
          2017-02-02 17:32 - 2017-02-02 18:10 - 00593770 _____ C:\Windows\ntbtlog.txt
          2017-02-02 17:12 - 2016-11-30 01:34 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
          2017-02-02 17:12 - 2016-11-30 01:27 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
          2017-02-02 16:34 - 2016-11-12 14:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
          2017-02-02 16:34 - 2016-11-12 13:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
          2017-02-02 16:34 - 2016-11-12 12:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
          2017-02-02 16:34 - 2016-11-12 12:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
          2017-02-02 16:33 - 2016-11-19 12:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
          2017-02-02 16:33 - 2016-11-19 12:22 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
          2017-02-02 16:33 - 2016-11-12 14:38 - 00613632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
          2017-02-02 16:33 - 2016-11-12 13:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
          2017-02-02 16:33 - 2016-11-12 13:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
          2017-02-02 16:33 - 2016-11-12 13:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
          2017-02-02 16:33 - 2016-11-12 12:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
          2017-02-02 16:33 - 2016-11-12 12:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
          2017-02-02 16:33 - 2016-11-12 12:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
          2017-02-02 16:33 - 2016-11-12 12:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
          2017-02-02 16:33 - 2016-11-12 12:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
          2017-02-02 16:33 - 2016-11-12 12:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
          2017-02-02 16:33 - 2016-11-12 12:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
          2017-02-02 16:33 - 2016-11-09 12:25 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
          2017-02-02 16:33 - 2016-11-05 13:35 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
          2017-02-02 16:33 - 2016-11-05 12:57 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
          2017-02-02 16:33 - 2016-11-05 12:11 - 03606528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
          2017-02-02 16:33 - 2016-11-05 10:56 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
          2017-02-02 16:33 - 2016-11-05 10:46 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
          2017-02-02 16:33 - 2016-10-27 09:28 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
          2017-02-02 16:33 - 2016-10-10 18:31 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
          2017-02-02 16:33 - 2016-10-10 13:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cmimcext.sys
          2017-02-02 16:33 - 2016-10-09 09:08 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
          2017-02-02 16:33 - 2016-10-08 16:31 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
          2017-02-02 16:33 - 2016-10-08 16:10 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
          2017-02-02 16:33 - 2016-10-05 09:01 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
          2017-02-02 16:33 - 2016-10-05 09:00 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
          2017-02-02 16:33 - 2016-10-04 23:15 - 01969944 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
          2017-02-02 16:33 - 2016-10-04 23:15 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
          2017-02-02 16:33 - 2016-10-04 23:15 - 00245320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
          2017-02-02 16:33 - 2016-09-20 17:30 - 02462040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
          2017-02-02 16:31 - 2016-11-10 21:33 - 01541240 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
          2017-02-02 16:31 - 2016-11-05 15:46 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
          2017-02-02 16:31 - 2016-10-11 11:45 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
          2017-02-02 16:31 - 2016-10-04 23:15 - 00324896 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
          2017-02-02 16:31 - 2016-09-27 15:16 - 00445873 _____ C:\Windows\system32\ApnDatabase.xml
          2017-02-02 16:30 - 2016-11-19 16:24 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
          2017-02-02 16:30 - 2016-11-19 16:24 - 00152856 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
          2017-02-02 16:30 - 2016-11-19 14:29 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
          2017-02-02 16:30 - 2016-11-19 13:44 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
          2017-02-02 16:30 - 2016-11-16 16:49 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
          2017-02-02 16:30 - 2016-11-12 16:06 - 00738104 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
          2017-02-02 16:30 - 2016-11-12 14:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
          2017-02-02 16:30 - 2016-11-12 14:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
          2017-02-02 16:30 - 2016-11-12 13:23 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
          2017-02-02 16:30 - 2016-11-12 13:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
          2017-02-02 16:30 - 2016-11-12 12:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
          2017-02-02 16:30 - 2016-11-12 12:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
          2017-02-02 16:30 - 2016-10-27 21:56 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
          2017-02-02 16:30 - 2016-10-12 16:49 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
          2017-02-02 16:30 - 2016-10-12 16:11 - 00922968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
          2017-02-02 16:30 - 2016-10-10 13:18 - 00069976 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
          2017-02-02 16:30 - 2016-10-09 09:17 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
          2017-02-02 16:30 - 2016-10-09 09:08 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
          2017-02-02 16:30 - 2016-10-08 17:24 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
          2017-02-02 16:30 - 2016-10-05 09:00 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
          2017-02-02 16:30 - 2016-10-05 08:52 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
          2017-02-02 16:30 - 2016-10-05 08:52 - 00513456 _____ C:\Windows\system32\locale.nls
          2017-02-01 17:12 - 2017-02-01 21:18 - 00000000 ____D C:\Users\Explorer\AppData\Local\Trend Micro
          2017-01-31 18:20 - 2017-01-31 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspell
          2017-01-31 17:31 - 2017-02-01 19:13 - 00000010 _____ C:\Users\Explorer\AppData\Local\sponge.last.runtim e.cache
          2017-01-31 16:26 - 2017-02-01 08:25 - 00407608 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
          2017-01-31 16:09 - 2017-02-01 21:18 - 00000000 ____D C:\ProgramData\Trend Micro
          2017-01-31 16:08 - 2017-01-31 16:08 - 00000036 _____ C:\Users\Explorer\AppData\Local\housecall.guid.cac he
          2017-01-31 16:03 - 2017-01-31 16:06 - 145050392 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
          2017-01-31 15:34 - 2017-01-31 15:34 - 00029177 _____ C:\ProgramData\agent.1485894894.bdinstall.bin
          2017-01-31 15:20 - 2017-01-31 15:20 - 00046951 _____ C:\ProgramData\agent.1485894021.bdinstall.bin
          2017-01-31 15:20 - 2017-01-31 15:20 - 00000000 ____D C:\ProgramData\Bitdefender Agent
          2017-01-25 21:56 - 2017-01-25 21:56 - 00000905 _____ C:\Users\Public\Desktop\OBS Studio.lnk
          2017-01-25 21:56 - 2017-01-25 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
          2017-01-24 02:22 - 2017-01-24 02:22 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\JAM Software
          2017-01-23 07:24 - 2017-01-23 07:24 - 00000000 ____D C:\Users\Explorer\Documents\Mapify Pro and Pretty Roads
          2017-01-21 03:26 - 2017-01-21 03:26 - 00097130 _____ C:\Users\Explorer\AppData\LocalLow\wbk2D45.tmp
          2017-01-21 01:09 - 2017-01-21 01:09 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Miranda IM
          2017-01-18 23:30 - 2017-01-18 23:30 - 00000000 ____D C:\ProgramData\High-Logic
          2017-01-18 22:06 - 2017-01-18 22:06 - 00002652 _____ C:\Users\Explorer\AppData\LocalLow\wbkD99A.tmp
          2017-01-18 21:48 - 2017-02-03 05:35 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\eM Client
          2017-01-18 21:30 - 2017-01-18 21:30 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
          2017-01-18 21:29 - 2017-01-18 21:35 - 00000000 ____D C:\Program Files (x86)\eM Client
          2017-01-18 19:12 - 2017-01-18 19:12 - 00000000 ____D C:\Users\Explorer.QtWebEngineProcess
          2017-01-18 19:12 - 2017-01-18 19:12 - 00000000 ____D C:\Users\Explorer.GoPro
          2017-01-13 00:03 - 2017-01-13 00:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High-Logic MainType
          2017-01-13 00:02 - 2017-01-13 00:02 - 00000000 ____D C:\Users\Explorer\Documents\MainType
          2017-01-13 00:02 - 2017-01-13 00:02 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\MainType
          2017-01-13 00:02 - 2017-01-13 00:02 - 00000000 ____D C:\ProgramData\High-Logic FontService
          2017-01-13 00:02 - 2017-01-13 00:02 - 00000000 ____D C:\Program Files (x86)\High-Logic FontService
          2017-01-13 00:02 - 2016-07-04 13:13 - 15137792 _____ C:\Windows\system32\hlfontlib.dll
          2017-01-13 00:02 - 2016-07-04 13:13 - 02448384 _____ (High-Logic B.V.) C:\Windows\SysWOW64\hlfontlib.dll
          2017-01-12 07:20 - 2017-01-12 07:20 - 00000000 ____D C:\Users\Explorer\Documents\Sony Photo Award
          2017-01-09 22:44 - 2017-01-09 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch
          2017-01-08 00:24 - 2017-01-08 00:24 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Tweak-8
          2017-01-08 00:24 - 2017-01-08 00:24 - 00000000 ____D C:\Users\Explorer\AppData\Local\Totalidea_Software
          2017-01-08 00:23 - 2017-01-08 00:23 - 00000000 ____D C:\Windows\Tweak-8
          2017-01-08 00:23 - 2017-01-08 00:23 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Tweak-8

          ==================== One Month Modified files and folders ========

          (If an entry is included in the fixlist, the file/folder will be moved.)

          2017-02-03 16:23 - 2015-12-04 05:32 - 00000000 ____D C:\ProgramData\Gramblr
          2017-02-03 16:23 - 2013-12-22 10:56 - 00000000 ____D C:\ProgramData\TEMP
          2017-02-03 16:22 - 2014-11-14 10:12 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0001d7 3c8b334.job
          2017-02-03 16:21 - 2013-12-06 12:49 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Skype
          2017-02-03 16:17 - 2014-05-06 18:56 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6986c 118e050.job
          2017-02-03 15:40 - 2013-12-06 08:24 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-925185676-1098965860-4220522822-1001
          2017-02-03 15:33 - 2016-03-17 23:51 - 00002432 _____ C:\Users\Explorer\Desktop\Epic Privacy Browser.lnk
          2017-02-03 15:33 - 2014-09-29 17:25 - 00000000 ____D C:\Users\Explorer\AppData\Local\Epic Privacy Browser
          2017-02-03 15:32 - 2015-06-19 05:06 - 00001138 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA.job
          2017-02-03 10:34 - 2015-02-12 12:54 - 00000000 ____D C:\Users\Explorer\AppData\Local\CrashDumps
          2017-02-03 07:35 - 2016-12-10 23:12 - 00000000 ____D C:\Users\Explorer\AppData\LocalLow\Mozilla
          2017-02-03 06:45 - 2013-12-07 01:24 - 00000000 ____D C:\Users\Explorer\Downloads\Compressed
          2017-02-03 06:38 - 2013-12-06 08:35 - 00000000 ____D C:\Users\Explorer\AppData\Local\Apps\2.0
          2017-02-03 06:25 - 2013-12-06 08:21 - 00000000 __RDO C:\Users\Explorer\SkyDrive
          2017-02-03 05:34 - 2016-03-04 12:55 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Telegram Desktop
          2017-02-03 05:22 - 2013-12-07 14:11 - 00000000 ___RD C:\Users\Explorer\Dropbox
          2017-02-03 05:19 - 2016-10-27 19:48 - 00000000 ____D C:\Users\Explorer.rainlendar2
          2017-02-03 05:16 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
          2017-02-03 05:15 - 2014-07-20 10:54 - 00000000 ____D C:\ProgramData\VMware
          2017-02-03 05:14 - 2016-04-11 02:14 - 00000000 ____D C:\ProgramData\NVIDIA
          2017-02-03 05:14 - 2016-01-14 19:46 - 00000000 _____ C:\hsrv.txt
          2017-02-03 05:14 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
          2017-02-03 03:10 - 2015-12-04 05:32 - 00000000 ____D C:\Program Files\Gramblr
          2017-02-03 02:00 - 2013-12-07 18:49 - 00000000 ____D C:\Users\Explorer\AppData\Local\Adobe
          2017-02-02 21:57 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
          2017-02-02 20:48 - 2013-08-22 09:44 - 06665784 _____ C:\Windows\system32\FNTCACHE.DAT
          2017-02-02 20:38 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
          2017-02-02 20:38 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\oobe
          2017-02-02 20:34 - 2013-12-06 08:50 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\KeePass
          2017-02-02 20:32 - 2015-06-19 05:06 - 00001086 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core.job
          2017-02-02 19:35 - 2013-12-07 13:42 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Dropbox
          2017-02-02 17:25 - 2013-12-09 00:43 - 00000000 ____D C:\Windows\system32\MRT
          2017-02-02 17:19 - 2013-12-09 00:43 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
          2017-02-02 17:16 - 2013-08-22 08:25 - 00000167 _____ C:\Windows\win.ini
          2017-02-02 17:00 - 2015-02-12 12:53 - 00000000 ____D C:\ProgramData\TechSmith
          2017-02-02 17:00 - 2013-12-06 08:17 - 00000000 ____D C:\Users\Explorer
          2017-02-02 16:51 - 2015-02-12 12:55 - 00000000 ____D C:\Users\Explorer\AppData\Local\TechSmith
          2017-02-02 04:09 - 2013-12-06 09:05 - 00000000 ____D C:\Temp
          2017-02-02 03:55 - 2013-12-09 02:12 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\uTorrent
          2017-02-01 21:18 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
          2017-02-01 17:07 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
          2017-02-01 17:06 - 2016-12-24 18:29 - 00000000 ____D C:\Users\Explorer\AppData\Local\JpegminiPro
          2017-02-01 17:06 - 2016-07-17 15:35 - 00000000 ____D C:\Program Files (x86)\Remo Repair MOV 2.0
          2017-02-01 08:32 - 2013-08-22 08:25 - 02359296 ___SH C:\Windows\system32\config\BBI
          2017-01-31 18:38 - 2016-07-05 09:20 - 00000600 _____ C:\Users\Explorer\AppData\Local\PUTTY.RND
          2017-01-31 02:40 - 2014-09-10 12:07 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Aegisub
          2017-01-31 02:31 - 2014-09-10 12:09 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\fontconfig
          2017-01-30 22:00 - 2013-12-13 13:29 - 00001456 _____ C:\Users\Explorer\AppData\Local\Adobe Save for Web 13.0 Prefs
          2017-01-30 21:01 - 2016-11-24 08:41 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\vlc
          2017-01-29 13:12 - 2015-12-20 01:44 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\AIMP
          2017-01-28 22:45 - 2016-07-06 10:47 - 00000000 ____D C:\ProgramData\WRData
          2017-01-28 22:41 - 2015-11-23 15:16 - 00000000 ____D C:\Program Files (x86)\Tooligram Professional
          2017-01-28 18:45 - 2016-03-30 21:30 - 00002062 _____ C:\Windows\Sandboxie.ini
          2017-01-27 13:59 - 2014-10-20 16:44 - 00000000 ____D C:\ProgramData\boost_interprocess
          2017-01-26 23:06 - 2016-03-17 21:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
          2017-01-26 22:16 - 2016-03-12 18:29 - 00001047 _____ C:\Windows\system32\Drivers\etc\hosts.ics
          2017-01-26 21:57 - 2013-12-07 12:22 - 00000000 ____D C:\ProgramData\Package Cache
          2017-01-26 21:53 - 2014-11-28 18:27 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Pointstone
          2017-01-26 21:53 - 2014-10-22 14:45 - 00000000 ____D C:\ProgramData\Ashampoo
          2017-01-26 21:25 - 2013-12-06 08:18 - 00000000 ____D C:\Users\Explorer\AppData\Local\Packages
          2017-01-26 11:29 - 2015-08-18 09:14 - 00000000 ____D C:\Users\Explorer\Documents\ЗИЛ
          2017-01-26 10:15 - 2016-07-31 00:25 - 00000000 ____D C:\Users\Explorer\AppData\Local\GoPro
          2017-01-26 10:09 - 2015-01-06 12:48 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
          2017-01-26 10:09 - 2015-01-06 12:48 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
          2017-01-26 10:09 - 2015-01-06 12:48 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
          2017-01-26 10:09 - 2015-01-06 12:48 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
          2017-01-25 22:34 - 2015-11-07 05:09 - 00002827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
          2017-01-25 20:02 - 2013-12-09 08:33 - 00000600 _____ C:\Users\Explorer\AppData\Roaming\winscp.rnd
          2017-01-25 03:21 - 2013-12-07 01:24 - 00000000 ____D C:\Users\Explorer\Downloads\Video
          2017-01-24 14:30 - 2016-03-15 12:37 - 00000034 _____ C:\Users\Explorer\AppData\Roaming\AdobeWLCMCache.d at
          2017-01-24 06:41 - 2013-12-06 08:43 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
          2017-01-24 06:41 - 2013-12-06 08:43 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
          2017-01-23 21:29 - 2015-09-13 17:11 - 00000109 ___SH C:\Users\Explorer\AppData\Local\00000128
          2017-01-23 16:49 - 2016-12-21 14:58 - 00000000 ____D C:\Users\Explorer\Documents\Poedit
          2017-01-22 21:12 - 2014-03-27 09:27 - 00843676 _____ C:\Windows\system32\perfh00A.dat
          2017-01-22 21:12 - 2014-03-27 09:27 - 00187258 _____ C:\Windows\system32\perfc00A.dat
          2017-01-22 21:12 - 2013-09-29 23:14 - 01951454 _____ C:\Windows\system32\PerfStringBackup.INI
          2017-01-21 23:00 - 2015-09-14 16:29 - 00000000 ____D C:\Users\Explorer\Documents\RS Ayahuasca
          2017-01-21 00:38 - 2015-03-18 12:17 - 00000000 ____D C:\Users\Explorer\Documents\ATI
          2017-01-18 23:27 - 2013-12-07 01:24 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\DMCache
          2017-01-18 23:25 - 2013-12-20 14:35 - 00000000 ____D C:\Users\Explorer\Documents\Dancebeat
          2017-01-18 22:48 - 2015-11-07 05:09 - 00002849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
          2017-01-18 22:48 - 2015-11-07 05:09 - 00002821 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
          2017-01-18 22:48 - 2015-11-07 05:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
          2017-01-18 22:45 - 2013-12-08 20:02 - 00000000 ____D C:\Program Files\Microsoft Office
          2017-01-18 16:19 - 2016-02-29 16:40 - 00000000 ____D C:\Users\Explorer\Documents\LRTimelapse
          2017-01-18 16:19 - 2015-08-10 11:49 - 00000000 ____D C:\Users\Explorer\Documents\Файлы Outlook
          2017-01-18 03:09 - 2016-09-02 23:25 - 00000753 _____ C:\Users\Explorer\Documents\CIII_LogFile.txt
          2017-01-18 02:53 - 2016-01-31 18:32 - 00000000 ____D C:\Program Files (x86)\Garmin
          2017-01-18 02:52 - 2016-04-27 03:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
          2017-01-18 02:51 - 2016-01-31 18:31 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
          2017-01-17 21:19 - 2013-12-06 12:49 - 00000000 ____D C:\ProgramData\Skype
          2017-01-16 07:50 - 2016-10-23 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tooligram Professional
          2017-01-12 21:34 - 2016-10-03 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
          2017-01-12 20:06 - 2016-03-25 22:26 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\qBittorrent
          2017-01-12 07:10 - 2015-12-10 08:52 - 00000000 ____D C:\Users\Explorer\AppData\Local\NVIDIA Corporation
          2017-01-11 21:24 - 2013-12-07 01:24 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\IDM
          2017-01-08 05:14 - 2013-12-07 13:59 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Notepad++
          2017-01-08 05:14 - 2013-12-07 13:59 - 00000000 ____D C:\Program Files (x86)\Notepad++
          2017-01-08 00:13 - 2014-02-24 14:25 - 00000000 ____D C:\Program Files\paint.net
          2017-01-07 23:48 - 2014-11-12 13:47 - 00000043 _____ C:\Users\Explorer\AppData\Local~wmrg
          2017-01-05 04:15 - 2016-09-18 05:39 - 00000000 ____D C:\Users\Explorer\DuOSShare

          ==================== Files in the root of some directories =======

          2016-03-26 22:00 - 2016-03-26 22:00 - 0002749 _____ () C:\Program Files (x86)\GPR.lnk
          2014-01-20 11:42 - 2015-11-25 00:49 - 0000132 _____ () C:\Users\Explorer\AppData\Roaming\Adobe BMP Format CC Prefs
          2014-04-07 02:17 - 2014-04-07 02:17 - 0000132 _____ () C:\Users\Explorer\AppData\Roaming\Adobe GIF Format CC Prefs
          2013-12-11 21:28 - 2015-11-03 00:53 - 0000132 _____ () C:\Users\Explorer\AppData\Roaming\Adobe PNG Format CC Prefs
          2016-03-15 12:37 - 2017-01-24 14:30 - 0000034 _____ () C:\Users\Explorer\AppData\Roaming\AdobeWLCMCache.d at
          2015-01-06 12:56 - 2013-07-22 03:59 - 0012005 _____ () C:\Users\Explorer\AppData\Roaming\alsoft.ini
          2014-10-20 16:41 - 2014-10-31 23:06 - 0000268 ___RH () C:\Users\Explorer\AppData\Roaming\Ambience
          2016-12-29 21:29 - 2016-12-29 21:29 - 0000003 _____ () C:\Users\Explorer\AppData\Roaming\CheckWinVer.log
          2016-01-14 19:40 - 2016-04-02 10:04 - 0002044 _____ () C:\Users\Explorer\AppData\Roaming\droid4xinstaller .log
          2016-04-28 15:56 - 2016-04-28 15:56 - 0347908 _____ () C:\Users\Explorer\AppData\Roaming\FontInfo.bin
          2016-04-28 15:56 - 2016-04-28 15:56 - 0105744 _____ () C:\Users\Explorer\AppData\Roaming\GlyphInfo.bin
          2015-03-20 14:21 - 2015-03-20 17:37 - 0576521 _____ () C:\Users\Explorer\AppData\Roaming\PS14_panel.log
          2014-12-17 12:17 - 2014-12-17 12:17 - 0002114 _____ () C:\Users\Explorer\AppData\Roaming\SAS7_000.DAT
          2013-12-09 08:33 - 2017-01-25 20:02 - 0000600 _____ () C:\Users\Explorer\AppData\Roaming\winscp.rnd
          2015-08-10 11:58 - 2015-08-10 11:58 - 0038508 _____ () C:\Users\Explorer\AppData\Roaming\Значения, разделенные запятыми.ADR
          2014-05-10 23:31 - 2015-03-01 20:06 - 0000010 _____ () C:\Users\Explorer\AppData\Local.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
          2015-03-20 13:48 - 2015-06-10 16:01 - 0000010 _____ () C:\Users\Explorer\AppData\Local.DG212F11-EC8C-210D-DE1E-D9584D18D740
          2015-09-13 17:11 - 2017-01-23 21:29 - 0000109 ___SH () C:\Users\Explorer\AppData\Local\00000128
          2013-12-08 14:40 - 2013-12-12 18:22 - 144752885 _____ () C:\Users\Explorer\AppData\Local\ACCCx2_2_1_260.zip .aamdownload
          2013-12-08 14:40 - 2013-12-12 18:22 - 0001817 _____ () C:\Users\Explorer\AppData\Local\ACCCx2_2_1_260.zip .aamdownload.aamd
          2013-12-13 13:29 - 2017-01-30 22:00 - 0001456 _____ () C:\Users\Explorer\AppData\Local\Adobe Save for Web 13.0 Prefs
          2013-12-08 20:43 - 2015-02-18 03:30 - 0026624 _____ () C:\Users\Explorer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
          2015-01-30 19:03 - 2015-01-31 08:24 - 0342476 _____ () C:\Users\Explorer\AppData\Local\helpman.imc
          2017-01-31 16:08 - 2017-01-31 16:08 - 0000036 _____ () C:\Users\Explorer\AppData\Local\housecall.guid.cac he
          2016-07-30 16:39 - 2016-07-30 16:39 - 0000001 _____ () C:\Users\Explorer\AppData\Local\llftool.4.40.agree ment
          2016-07-05 09:20 - 2017-01-31 18:38 - 0000600 _____ () C:\Users\Explorer\AppData\Local\PUTTY.RND
          2015-12-04 08:42 - 2015-12-04 08:42 - 0000847 _____ () C:\Users\Explorer\AppData\Local\recently-used.xbel
          2014-06-22 23:21 - 2016-10-13 13:36 - 0007583 _____ () C:\Users\Explorer\AppData\Local\Resmon.ResmonCfg
          2017-01-31 17:31 - 2017-02-01 19:13 - 0000010 _____ () C:\Users\Explorer\AppData\Local\sponge.last.runtim e.cache
          2014-11-12 13:47 - 2017-01-07 23:48 - 0000043 _____ () C:\Users\Explorer\AppData\Local~wmrg
          2017-01-31 15:20 - 2017-01-31 15:20 - 0046951 _____ () C:\ProgramData\agent.1485894021.bdinstall.bin
          2017-01-31 15:34 - 2017-01-31 15:34 - 0029177 _____ () C:\ProgramData\agent.1485894894.bdinstall.bin
          [HEADING=1]Files to move or delete:[/HEADING]
          C:\ProgramData\RegistryReviver.exe
          [HEADING=1]Some files in TEMP:[/HEADING]
          2017-01-25 21:59 - 2014-10-28 20:58 - 1040384 _____ (Microsoft Corporation) C:\Users\Explorer\AppData\Local\Temp\kernel32.dll
          2017-02-02 03:56 - 2017-02-02 03:56 - 1066336 _____ (Microsoft Corporation) C:\Users\Explorer\AppData\Local\Temp\PidGenX.dll

          ==================== Bamital & volsnap ======================

          (There is no automatic fix for files that do not pass verification.)

          C:\Windows\system32\winlogon.exe => File is digitally signed
          C:\Windows\system32\wininit.exe => File is digitally signed
          C:\Windows\explorer.exe => File is digitally signed
          C:\Windows\SysWOW64\explorer.exe => File is digitally signed
          C:\Windows\system32\svchost.exe => File is digitally signed
          C:\Windows\SysWOW64\svchost.exe => File is digitally signed
          C:\Windows\system32\services.exe => File is digitally signed
          C:\Windows\system32\User32.dll => File is digitally signed
          C:\Windows\SysWOW64\User32.dll => File is digitally signed
          C:\Windows\system32\userinit.exe => File is digitally signed
          C:\Windows\SysWOW64\userinit.exe => File is digitally signed
          C:\Windows\system32\rpcss.dll => File is digitally signed
          C:\Windows\system32\dnsapi.dll => File is digitally signed
          C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
          C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

          LastRegBack: 2016-03-26 02:17

          ==================== End of FRST.txt ============================[/SPOILER]
          [HEADING=1][SPOILER=“Explorer scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017”]Explorer scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
          Ran by Explorer (03-02-2017 16:23:56)
          Running from C:\Users\Explorer\Downloads\Programs
          Windows 8.1 Enterprise (Update) (X64) (2013-12-06 13:18:08)
          Boot Mode: Normal[/SPOILER][/HEADING][SPOILER=“Explorer scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017”]
          ==================== Accounts: =============================

          Administrator (S-1-5-21-925185676-1098965860-4220522822-500 - Administrator - Disabled)
          Guest (S-1-5-21-925185676-1098965860-4220522822-501 - Limited - Disabled)
          named (S-1-5-21-925185676-1098965860-4220522822-1005 - Limited - Enabled) => C:\Users\named
          Explorer (S-1-5-21-925185676-1098965860-4220522822-1001 - Administrator - Enabled) => C:\Users\Explorer

          ==================== Security Center ========================

          (If an entry is included in the fixlist, it will be removed.)

          AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          AV: ESET NOD32 Antivirus 9.0.408.0 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
          AS: ESET NOD32 Antivirus 9.0.408.0 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
          AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

          ==================== Installed Programs ======================

          (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

          “Лорелея - Программа для LiveInternet” (Версия 1.1.0.103) (HKLM-x32...\Лорелея_is1) (Version: - Andrey Sorvin)
          µTorrent (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
          A1 Sitemap Generator (HKLM...\016D8FA34C9345F4BAB03CF1A2D47E68_is1) (Version: 7.2.0 - Microsys)
          ACDSee Pro 10 (64-bit) (HKLM...{13E67D9D-8F6F-4709-B380-A04EC12343E7}) (Version: 10.0.0.625 - ACD Systems International Inc.)
          ActiveWorlds 3D (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\ActiveWorlds 3D) (Version: 6.1 - ActiveWorlds, Inc)
          Adobe After Effects CC 2014 (HKLM-x32...{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
          Adobe Audition CC 2015 (HKLM-x32...{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
          Adobe Creative Cloud (HKLM-x32...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
          Adobe Dreamweaver CC 2014 (HKLM-x32...{7F823F8E-4348-11E4-8BF8-81763C49AA32}) (Version: 15.0.0 - Adobe Systems Incorporated)
          Adobe Flash Player 23 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
          Adobe Illustrator CC 2015 (HKLM-x32...{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
          Adobe InDesign CC 2014 (HKLM-x32...{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
          Adobe Lightroom (HKLM-x32...{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.7 - Adobe Systems Incorporated)
          Adobe Media Encoder CC 2014 (HKLM-x32...{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.0 - Adobe Systems Incorporated)
          Adobe Photoshop CC 2014 (HKLM-x32...{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
          Adobe Premiere Pro CC 2014 (HKLM-x32...{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.0 - Adobe Systems Incorporated)
          Adobe Premiere Pro CC 2015 (HKLM-x32...{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated)
          Adobe Update Management Tool (HKLM-x32...{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
          Advanced PDF Password Recovery (HKLM-x32...{A85CC7BA-760F-4B65-8E2F-640BE314F2F8}) (Version: 5.06.113.2041 - Elcomsoft Co. Ltd.)
          Advanced Renamer (HKLM-x32...\Advanced Renamer_is1) (Version: 3.65 - Hulubulu Software)
          Aegisub 3.0.0 (HKLM-x32...{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.0.0 - Aegisub Team)
          Aegisub 3.2.2 (HKLM...{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
          AIMP (HKLM-x32...\AIMP) (Version: v4.11.1841, 09.10.2016 - AIMP DevTeam)
          Akeeba eXtract Wizard 3.3 (HKLM-x32...{C5A52C02-1618-47DB-8A92-559DE29048EC}_is1) (Version: - Akeeba Developers)
          Amazon Kindle (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
          Ancient Weapon Sounds (HKLM-x32...{E00A5837-482C-4DCE-B4CC-D16B343374E1}) (Version: 2.1.1 - Screaming Bee)
          Anki (HKLM-x32...\Anki) (Version: - )
          Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
          ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
          AntispamSniper for TheBat! (HKLM-x32...\AntispamSniper for TheBat!) (Version: - )
          Apowersoft Video Converter Studio V4.5.2 (HKLM-x32...{195E8D7F-292B-4B04-A6E7-E96CAF04C767}_is1) (Version: 4.5.2 - APOWERSOFT LIMITED)
          Apple Mobile Device Support (HKLM...{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
          Apple Software Update (HKLM-x32...{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
          Arclab Watermark Studio 3.4 (HKLM-x32...\Arclab Watermark Studio_is1) (Version: 3.4 - Arclab Software GbR)
          Ashampoo Snap 9 (HKLM-x32...{0A11EA01-D628-EEFD-B5E8-864238AE9105}_is1) (Version: 9.0.5 - Ashampoo GmbH & Co. KG)
          Asoftech Data Recovery (HKLM-x32...{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
          Aspell English Dictionary-0.50-2 (HKLM-x32...\Aspell English Dictionary_is1) (Version: - GNU)
          Aspell Russian Dictionary-0.50-2 (HKLM-x32...\Aspell Russian Dictionary_is1) (Version: - GNU)
          Asterisk Key 10.0 (HKLM-x32...\asterisk key) (Version: - )
          ATLAS.ti (HKLM-x32...{ED0D2B4E-A7F0-4EB5-9431-1AEEEED0DE7B}) (Version: 7.5.7.0 - ATLAS.ti Scientific Software Development GmbH)
          Atomic Mail Verifier 9.30.0.93 (HKLM-x32...\AtomicMailVerifier_is1) (Version: 9.30.0.93 - AtomPark Software)
          Attribute Manager 5.15 (HKLM-x32...\Attribute Manager_is1) (Version: - MIKLSOFT, Inc.)
          Audacity 2.1.2 (HKLM-x32...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
          Audials (HKLM-x32...{F5796078-0F2A-4E6F-BE6A-4E2A8464D3A2}) (Version: 14.0.60200.0 - Audials AG)
          Avidemux 2.6 - 64 bits (HKLM-x32...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.15.161119 - )
          Avidemux 2.6 - 64bits (HKLM-x32...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.9.00 - )
          Batch Converter Plug-In (HKLM-x32...{11BEA44C-BCFE-405E-9C76-33EF407A4354}) (Version: 4.0.4 - Screaming Bee)
          Becky! Ver.2 (HKLM-x32...\B2) (Version: - RimArts)
          Belarc Advisor 8.4 (HKLM-x32...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
          Bitcoin Core (64-bit) (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Bitcoin Core (64-bit)) (Version: 0.10.0 - Bitcoin Core project)
          Bitvise SSH Client 6.24 (remove only) (HKLM-x32...\BvSshClient) (Version: - )
          bl (x32 Version: 1.0.0 - Your Company Name) Hidden
          Blue Satin Skin (HKLM-x32...{FB7D6550-9260-42E6-83C8-BF3A7E54442F}) (Version: 2.2.1 - Screaming Bee)
          BlueStacks App Player (HKLM-x32...\BlueStacks App Player) (Version: 0.10.7.5601 - BlueStack Systems, Inc.)
          BlueStacks Notification Center (HKLM-x32...{783DCCCB-FBD0-4D1D-928D-7075DA8015E6}) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
          Boilsoft Video Splitter 6.34 (HKLM-x32...{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
          Bonjour (HKLM...{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
          Boxcryptor 2.1 (HKLM-x32...{35475679-86D4-4472-8E92-9C34A6432314}) (Version: 2.1.417.123 - Secomba GmbH)
          BS.Player PRO (HKLM-x32...\BSPlayerp) (Version: 2.70.1080 - AB Team, d.o.o.)
          CAcert Root Certificates (HKLM-x32...{3D42DACC-2DA6-455F-94FC-A15BCEF695E4}) (Version: 1.0.0 - CAcert Inc.)
          calibre 64bit (HKLM...{D7533406-78CD-4C2F-B363-D7224851720E}) (Version: 2.71.0 - Kovid Goyal)
          Canon Utilities Digital Photo Professional 3.5 (HKLM-x32...\DPP) (Version: 3.5.2.0 - Canon Inc.)
          CapMonster Standard (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\CapMonster Standard) (Version: 2.6.0.0 - ZennoLab)
          Capture NX 2 (HKLM...\Capture NX 2) (Version: 2.4.7 - NIKON CORPORATION)
          CardRecovery 6.10 (HKLM-x32...{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version: - WinRecovery Software)
          CCleaner (HKLM...\CCleaner) (Version: 5.16 - Piriform)
          CDex - Open Source Digital Audio CD Extractor (HKLM-x32...\CDex) (Version: 1.70.5.2014 - Georgy Berdyshev)
          Chameleon Startup Manager version 4.0.0.895 (HKLM-x32...{96C45BE0-C1AA-41B3-B161-F331DBC29B84-startup}}_is1) (Version: 4.0.0.895 - NeoSoft Tools)
          Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32...{7EC5A347-1BF1-4115-9063-55025F19AEFB}) (Version: 3.1.07021 - Cisco Systems, Inc.)
          ClipSync Server (HKLM-x32...{2E4AB750-27D1-4D7E-BD37-BC69FD8D341E}) (Version: 1.0.0 - BDWM)
          CnW (HKLM-x32...{72BCF850-3FCE-4BD9-AD43-6E92CB4470C2}) (Version: 5.09 - CnW Recovery Developments Ltd)
          Color Suite v11.1.4 (HKLM-x32...{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC)
          Comic Sound Pack (HKLM-x32...{91C78DA1-800F-4ACE-B6F6-206F7617D69E}) (Version: 2.1.1 - Screaming Bee)
          Content Downloader X1 (HKLM-x32...\Content Downloader X1) (Version: - )
          Corel PaintShop Pro X8 (HKLM-x32..._{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}) (Version: 18.2.0.61 - Corel Corporation)
          Creatures of Darkness (HKLM-x32...{573F9269-A022-4C6F-97BD-CF1316A76369}) (Version: 3.3.1 - Screaming Bee)
          Cryptocat (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Cryptocat) (Version: 3.0.24 - Nadim Kobeissi)
          CryptoPrevent (HKLM-x32...{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
          CrystalDiskInfo 7.0.0 (HKLM-x32...\CrystalDiskInfo_is1) (Version: 7.0.0 - Crystal Dew World)
          CrystalDiskMark 5.1.2 (HKLM...\CrystalDiskMark5_is1) (Version: 5.1.2 - Crystal Dew World)
          Customer Database Pro (HKLM-x32...\Customer Database Pro) (Version: - Microguru Corporation)
          DAEMON Tools Lite (HKLM-x32...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
          Datacol5 (HKLM...\Datacol_is1) (Version: 5.596 - Datacol)
          DB Browser for SQLite (HKLM-x32...\SqliteBrowser3) (Version: 3.8.0 - oldsch00l)
          Deep Space Voices (HKLM-x32...{67CEC218-B250-4B4C-B23F-A597EC8DB153}) (Version: 3.3.1 - Screaming Bee)
          Dell System Detect (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\58d94f3ce2c27db0) (Version: 7.3.0.6 - Dell)
          Distortion Control Data (HKLM-x32...{B08B4896-886C-4644-8664-BBA4CE99D318}) (Version: 1.00.0000 - Nikon)
          DJ Streaming Plug-In (HKLM-x32...{956F54F5-0AA4-441D-8933-7B45F4F56F74}) (Version: 4.3.0 - Screaming Bee)
          Droid4X (HKLM-x32...\Droid4X) (Version: 0.9.0 - Haiyu Dongxiang Co.,Ltd.)
          Dropbox (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Dropbox) (Version: 19.4.12 - Dropbox, Inc.)
          DuOS (HKLM...{25E5B76A-CA64-4569-B639-0F50CF4FB537}) (Version: 2.0.8.8511 - American Megatrends Inc.)
          EaseUS Data Recovery Wizard (HKLM...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
          Easy Watermark Studio version 3.5 (HKLM-x32...{5EC71BC9-52DB-417C-807F-19E6381863E8}_is1) (Version: 3.5 - Refero Group SRL)
          EditPad Pro 7 v.7.4.0 (HKLM...\EditPad Pro 7) (Version: v.7.4.0 - Just Great Software)
          Elcomsoft Dictionaries (HKLM-x32...{74A23A1E-A394-4880-AB2B-076EDFC52AB5}) (Version: 1.0.1110 - Elcomsoft Co. Ltd.)
          Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
          eM Client (HKLM-x32...{2A4CAF55-4B18-4B61-BE9E-94A54209F547}) (Version: 7.0.27943.0 - eM Client Inc.)
          English Grammar in Use Extra application (HKLM-x32...\EnglishGrammarinUseExtra) (Version: 1.0.0 - Cambridge University Press Holdings Limited)
          English Grammar in Use Extra application (x32 Version: 1.0.0 - Cambridge University Press Holdings Limited) Hidden
          English Grammar in Use Extra content (HKLM-x32...\English Grammar in Use Extra content) (Version: 1.0.0.0 - Cambridge University Press)
          Epic Privacy Browser (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Epic) (Version: 55.0.2661.75 - Epic)
          Eraser 6.2.0.2969 (HKLM...{66AB13EA-E7D2-4CFC-9B66-8E9EE44C89EE}) (Version: 6.2.2969 - The Eraser Project)
          eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
          Evernote v. 5.8.8 (HKLM-x32...{CD252A60-0965-11E5-B3A2-00505695D7B0}) (Version: 5.8.8.7837 - Evernote Corp.)
          Exact Audio Copy 1.1 (HKLM-x32...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
          EXIF Date Changer v3.3.6 (HKLM-x32...{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1) (Version: - Rellik Software)
          Exif Tag Remover 5.1 (HKLM-x32...\Exif Tag Remover_is1) (Version: - RL Vision)
          Express Talk (HKLM-x32...\Talk) (Version: 4.35 - NCH Software)
          Facebook Video Calling 3.1.0.521 (HKLM-x32...{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
          Fade In Professional Screenwriting Software (HKLM-x32...\Fade In Professional Screenwriting Software Demo_is1) (Version: - Fade In Professional Screenwriting Software)
          Fantasy Sound Pack (HKLM-x32...{B53415F5-4060-48DA-ABB8-00F768158F47}) (Version: 1.1.1 - Screaming Bee)
          Fantasy Voice Pack (HKLM-x32...{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}) (Version: 1.3.2 - Screaming Bee)
          Far Manager 3 (HKLM-x32...{01300352-5C74-4729-BD79-2086B8DC36EC}) (Version: 3.0.4774 - Eugene Roshal & Far Group)
          Farm Animal Sounds (HKLM-x32...{F290F841-044D-44EF-9E51-FFFEA7FEE2D7}) (Version: 1.1.1 - Screaming Bee)
          FastStone Image Viewer 5.5 (HKLM-x32...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
          FBReader for Windows (HKLM-x32...\FBReader for Windows) (Version: - )
          Female Voice Pack (HKLM-x32...{D947A225-8C23-4E52-866E-CF3967476BFC}) (Version: 3.3.2 - Screaming Bee)
          Fiddler (HKLM-x32...\Fiddler2) (Version: 4.4.5.9 - Telerik)
          FileLocator Pro x64 (HKLM...{FABB5600-6025-4CE1-A1B3-6AED653429C4}) (Version: 7.0.2028.1 - Mythicsoft Ltd)
          FileOptimizer (HKLM-x32...\FileOptimizer) (Version: 9.3.0.0 - Javier Gutiérrez Chamorro (Guti))
          Final Draft (HKLM-x32...{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.0.163 - Final Draft, Inc.)
          Flash Drive Tester v1.14 (HKLM-x32...{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}) (Version: 1.14 - Virtual Console)
          Fontlab Studio 5 (HKLM-x32...\Studio 5.2_is1) (Version: 5.2 - FontLab)
          Fontlab TransType4 (HKLM-x32...\TransType4.0_is1) (Version: 4.0 - FontLab)
          Fotosizer 2.08 (HKLM-x32...\Fotosizer) (Version: 2.08.0.545 - Fotosizer.com)
          Foxit PhantomPDF Business (HKLM-x32...{07396229-2F49-48AC-B275-F95228EC1E95}) (Version: 7.3.4.311 - Foxit Software Inc.)
          FreeMind (HKLM-x32...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
          Furry Voices for Second Life (HKLM-x32...{2032DA39-C844-43AE-B638-6A4F7496686E}) (Version: 1.3.1 - Screaming Bee)
          Galactic Voices (HKLM-x32...{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}) (Version: 1.3.1 - Screaming Bee)
          Garmin BaseCamp (HKLM-x32...{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
          Garmin Express (HKLM-x32...{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
          Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
          Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
          Garmin MapSource (HKLM-x32...{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
          GMS.NET (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\e80ba83f7712505b) (Version: 2.0.0.20 - codres.de)
          Gnaural ver. 1.0.20110606 (HKLM-x32...\Gnaural_is1) (Version: - Bret Logan)
          GNU Aspell 0.50-3 (HKLM-x32...\GNU Aspell_is1) (Version: - GNU)
          Google Chrome (HKLM-x32...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
          Google Drive plug-in 1.6.10.0 (HKLM...{52FDD388-69BC-4C53-B7D1-EFCA87E08EBD}) (Version: 1.6.10.0 - Google Inc)
          Google Earth (HKLM-x32...{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
          Google Talk Plugin (HKLM-x32...{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
          Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
          Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
          gpr (HKLM-x32...{DA730E9B-D189-4D6F-99E4-EE35A2C4E365}) (Version: 1.27 - gpr)
          Gramblr (HKLM...\Gramblr) (Version: 2.8.2 - Gramblr Team)
          Hard Disk Sentinel PRO (HKLM-x32...\Hard Disk Sentinel_is1) (Version: - HDS)
          HD Tune Pro 5.60 (HKLM-x32...\HD Tune Pro_is1) (Version: - EFD Software)
          HDD Regenerator (HKLM-x32...{CC5DA723-D428-40D1-B82B-21EB64B1273C}) (Version: 20.11.0011 - Abstradrome)
          Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
          HHD Software Hex Editor Neo 6.21 (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.21.0.5841 - HHD Software, Ltd.)
          HiDownloadPlatinum (HKLM-x32...\HiDownload Platinum_is1) (Version: - )
          High-Logic MainType 7 (HKLM-x32...\MainType4_is1) (Version: - High-Logic B.V.)
          Hosts File Editor (HKLM-x32...{EC9CF3E9-3C14-43D6-B9D0-5B4232926FAC}) (Version: 1.0.0 - Scott Lerch)
          HxD Hex Editor version 1.7.7.0 (HKLM-x32...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maлl Hцrz)
          ICA (x32 Version: 18.2.0.61 - Corel Corporation) Hidden
          IMAPSize 0.3.7 (HKLM-x32...\IMAPSize_is1) (Version: - Broobles)
          ImBatch 4.0.1 (HKLM-x32...{5C8028D2-E41D-44A3-A51E-E6FFF8F448B3}_is1) (Version: 4.0.1 - High Motion Software)
          Inkscape 0.91 (HKLM...{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
          Intel(R) Management Engine Components (HKLM-x32...{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
          Intel(R) Processor Graphics (HKLM-x32...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
          Intel(R) Processor Identification Utility (HKLM-x32...{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
          Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM...{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
          Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32...{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
          Intel® PROSet/Wireless Software (HKLM-x32...{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)
          Internet Download Manager (HKLM-x32...\Internet Download Manager) (Version: - Tonec Inc.)
          IPM_PSP_COM64 (Version: 18.2.0.61 - Corel Corporation) Hidden
          Java 8 Update 111 (64-bit) (HKLM...{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
          Java 8 Update 111 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
          Jitsi (HKLM...{8D69CE08-8C5F-4428-B159-28AB690AFA27}) (Version: 2.4.4997 - Jitsi)
          JMicron Flash Media Controller Driver (HKLM-x32...{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
          JonDo (HKLM-x32...\JonDoUninstall) (Version: - )
          JPEG Lossless Rotator 9.2 (HKLM...\JPEG Lossless Rotator_is1) (Version: - Anny)
          JPEGminiPro (HKLM-x32...{F6FB0050-975B-4E6B-B4BF-4E8BF8F3F864}) (Version: 1.9.5.0 - Beamr Imaging LTD)
          JPEXS Free Flash Decompiler (HKLM-x32...{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 4.0.5 - JPEXS)
          KeePass Password Safe 2.35 (HKLM-x32...\KeePassPasswordSafe2_is1) (Version: 2.35 - Dominik Reichl)
          Kundli Chakra 2014 Professional (HKLM-x32...\Kundli Chakra 2014 Professional_is1) (Version: - Horizon aarc)
          Kutools for Excel (HKLM...{8517B4FB-CB2A-4544-8A1B-94E4CE01CA6D}) (Version: 10.0.0.228 - Detong Technology Ltd.)
          LAME v3.99.3 (for Windows) (HKLM-x32...\LAME_is1) (Version: - )
          LAV Filters 0.55.3 (HKLM-x32...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes)
          LeaderTask 8.4.1 (HKLM-x32...\LeaderTask_is1) (Version: - Organizer LeaderTask LLC)
          Light Image Resizer 5.0.2.0 (HKLM-x32...{D5C093E0-D3DF-42D3-AFD6-CAAFB6985CBC}_is1) (Version: 5.0.2.0 - ObviousIdea)
          LinkChecker 8.6 (HKLM-x32...\LinkChecker_is1) (Version: - )
          LRTimelapse 4.7.1 (HKLM-x32...{3B86296C-F4C8-4FE7-8561-CC5F444098D4}}_is1) (Version: 4.7.1 - Gunther Wegner)
          Lunascape6 (All Users) (HKLM-x32...\Lunascape6) (Version: 6.9.2.27391 - Lunascape)
          Maelstrom (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Maelstrom) (Version: 42.0.1.13 - Maelstrom)
          MailingCheck (HKLM-x32...{369B1CE1-6D7B-443A-93D5-637FC67326AB}) (Version: 1.00.0004 - eDisplay srl)
          Male Voice Pack (HKLM-x32...{2CC32E0E-9A10-4BCC-94F0-614F85375F59}) (Version: 1.3.1 - Screaming Bee)
          Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
          Maxidix HotSpot version 14.9 (HKLM-x32...{83AE11EF-F89D-4732-A211-C8666259A613}_is1) (Version: 14.9 - Maxidix s.r.o.)
          MediaInfo 0.7.87 (HKLM...\MediaInfo) (Version: 0.7.87 - MediaArea.net)
          MEGAsync (HKLM-x32...\MEGAsync) (Version: - Mega Limited)
          memoQ 2015 (HKLM-x32...{02493572-ba7f-4e14-9669-d4f3ca7e6734}_is1) (Version: - Kilgray)
          MetadataTouch (HKLM-x32...{907943B7-967C-4490-A00C-83B4701E413B}) (Version: 7.00.0000 - Digital Confidence)
          MetaX for Windows (HKLM-x32...{FD7A7C70-B21D-4309-BCCD-FD87ECF626EA}) (Version: 2.49 - No Bull Software)
          Microsoft ASP.NET MVC 2 (HKLM-x32...{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
          Microsoft ASP.NET MVC 4 Runtime (HKLM-x32...{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
          Microsoft Data Access Components 2.8 SDK (HKLM-x32...{DB29456E-BB83-42EE-9BD8-75A821560FBE}) (Version: 1.00.1425.0 - Microsoft Corporation)
          Microsoft Office Language Pack 2016 - Russian/русский (HKLM...\Office16.OMUI.ru-ru) (Version: 16.0.4266.1001 - Microsoft Corporation)
          Microsoft Office Professional Plus 2016 (HKLM...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
          Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
          Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
          Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
          Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
          Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
          Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
          Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM...{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
          Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
          Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM...{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
          Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
          Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32...{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
          Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
          Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
          Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
          Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
          Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
          Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
          Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
          Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
          Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
          Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32...{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
          Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
          Microsoft XNA Framework Redistributable 3.1 (HKLM-x32...{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
          Microsoft XNA Framework Redistributable 4.0 (HKLM-x32...{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
          Mindjet MindManager 2016 (HKLM...{C6FFF09B-3978-450D-B560-E2D6068D3CEF}) (Version: 16.1.193 - Mindjet)
          MiniTool Power Data Recovery Edition 7.0 (HKLM...\MiniTool Power Data Recovery Edition_is1) (Version: - MiniTool Solution Ltd.)
          Miranda IM 0.10.66 (HKLM-x32...\Miranda IM) (Version: 0.10.66 - Miranda IM Project)
          mIRC (HKLM-x32...\mIRC) (Version: 7.38 - mIRC Co. Ltd.)
          MKVToolNix 9.3.1 (64bit) (HKLM-x32...\MKVToolNix) (Version: 9.3.1 - Moritz Bunkus)
          MobiOne 2.6.1 (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\com.poweredbypulse.profile-0-rb-10081-1394387867273) (Version: 2.6.1 - Genuitec, LLC)
          Modern War Sounds (HKLM-x32...{A514E94F-C436-44C3-A1E9-1F58CD352669}) (Version: 1.0.1 - Screaming Bee)
          MorphVOX Effects Rack (HKLM-x32...{4439ED25-D9ED-4E78-A41E-6C6C5DCEDE62}) (Version: 4.3.0 - Screaming Bee)
          MorphVOX Pro (HKLM-x32...{76828C87-C612-4329-843B-4DB58060030A}) (Version: 4.4.9 - Screaming Bee)
          Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
          Mozilla Maintenance Service (HKLM-x32...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
          MP4Tools v3.4 (HKLM-x32...\MP4Tools_is1) (Version: - Thüring IT-Consulting)
          MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
          MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
          MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
          MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
          My Dream Diary (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\My Dream Diary) (Version: - )
          My MP4Box GUI 0.6.0.6 (HKLM...{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin)
          MySQL Connector Net 6.1.6 (HKLM-x32...{5FD88490-011C-4DF1-B886-F298D955171B}) (Version: 6.1.6 - Oracle)
          NbuExplorer version 3.2 (HKLM-x32...{6C58B3E8-0822-490B-BC94-40CC02A6B37F}_is1) (Version: 3.2 - Petr Vilem)
          Nero BurningROM 2016 (HKLM-x32...{6C1E6289-0A1B-4ED5-A376-0819DE3651FD}) (Version: 17.0.00200 - Nero AG)
          Nero Info (HKLM-x32...{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
          NetTime (HKLM-x32...\NetTime_is1) (Version: - Mark Griffiths)
          Nikon Message Center 2 (HKLM-x32...{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
          NirSoft WebVideoCap (HKLM-x32...\NirSoft WebVideoCap) (Version: - )
          Noise Reduction Plug-in 2.0 (HKLM-x32...{BF4742B0-7A7B-11E1-AFD0-F04DA23A5C58}) (Version: 2.0.471 - Sony)
          Noki v2.1 (HKLM-x32...\Noki_is1) (Version: - hz)
          Nokia Connectivity Cable Driver (HKLM-x32...{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
          Nokia PC Internet Access (HKLM-x32...\Nokia PC Internet Access) (Version: 2.0.1.5 - Nokia)
          Nokia PC Internet Access (x32 Version: 2.0.1.5 - Nokia) Hidden
          Nokia PC Suite (HKLM-x32...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
          Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
          Notepad++ (32-bit x86) (HKLM-x32...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
          NVIDIA Graphics Driver 375.70 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
          NVIDIA HD Audio Driver 1.3.26.4 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
          ON1 Photo 10 (HKLM...\ON1 Photo 10 PE) (Version: 10.5.1 - ON1)
          One Click Root (HKLM-x32...{5B9840AC-FA2B-4C87-B636-78FF7B4DC963}) (Version: 1.00.0192 - One Click Root)
          ooVoo (HKLM-x32...{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.9001 - ooVoo LLC.)
          Opanda IExif 2.3 (HKLM-x32...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
          Opanda PowerExif 1.2 Professional Trial (HKLM-x32...\Opanda PowerExif Professional Trial_is1) (Version: 1.2 - Opanda Studio)
          OpenAL (HKLM-x32...\OpenAL) (Version: - )
          OpenOffice 4.0.1 Language Pack (English) (HKLM-x32...{59256CE6-4343-41C5-B2AD-7133913AD540}) (Version: 4.01.9714 - Apache Software Foundation)
          OpenVPN 2.3.12-I601 (HKLM...\OpenVPN) (Version: 2.3.12-I601 - )
          Oracle VM VirtualBox 4.3.12_ZZZZ (HKLM...{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
          Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
          PanoramaStudio 2.6 Pro ((uninstall)) (HKLM...\PanoramaStudio2Pro) (Version: - )
          PanoramaStudio 3.0 Pro ((uninstall)) (HKLM...\PanoramaStudio3Pro) (Version: - )
          Password Safe (HKLM-x32...\Password Safe) (Version: - )
          PC Connectivity Solution (HKLM-x32...{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
          PCSX2 - Playstation 2 Emulator (HKLM-x32...\pcsx2-r5875) (Version: - )
          PDF-XChange 2012 Pro (HKLM...{A922AD64-F9A6-4E5F-BE22-142CABB53C8D}) (Version: 5.0.272.306 - Tracker Software Products (Canada) Ltd.)
          Personality Voices (HKLM-x32...{4B886E97-AF5B-46F0-9F48-6BE03149D972}) (Version: 1.0.1 - Screaming Bee)
          ph (x32 Version: 1.0.0 - Your Company Name) Hidden
          Phoenix Service Software (HKLM-x32...{E4C21200-3F47-4EB2-8B07-19E317CDE3FD}) (Version: 2012.50.000.49146 - Nokia)
          Phoenix Service Software 2012.50.000.49146 (HKLM-x32...\Phoenix Service Software 2012.50.000.49146_is1) (Version: - Seidea.com)
          Phoenix UEFI Winflash (HKLM-x32...{E098A365-7CA4-48BD-83E2-F25F1CD2DF48}) (Version: 1.5.66.0 - Phoenix Technologies Ltd.)
          Photo Frame Studio (HKLM-x32...\Photo Frame Studio_is1) (Version: 3.0 - MOJOSOFT)
          Photo Mechanic 5 (HKLM-x32...{DE924CF0-B8BB-42BA-BDA0-14535F79DF3F}) (Version: 5.0 - Camera Bits, Inc)
          Photomatix Pro version 5.1.3 (HKLM...\PhotomatixPro5x64_is1) (Version: 5.1.3 - HDRsoft Ltd)
          Picture Control Utility x64 (HKLM...{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.1 - Nikon)
          Pidgin (HKLM-x32...\Pidgin) (Version: 2.10.11 - )
          pidgin-otr 4.0.1 (HKLM-x32...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
          PIXPRO_SP360 (HKLM-x32...{93F8E743-7426-4997-A19B-EBA500F7F37B}) (Version: 2.00.03 - JK Imaging)
          Poedit 1.8.11 (HKLM-x32...\Poedit_is1) (Version: 1.8.11 - Vaclav Slavik)
          PowerGREP 4 v.4.6.3 (HKLM...\PowerGREP 4) (Version: v.4.6.3 - Just Great Software)
          Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
          Process Hacker 2.39 (r124) (HKLM...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
          Product Key Explorer 3.7.7 (HKLM-x32...\Product Key Explorer_is1) (Version: - Nsasoft, LLC.)
          PSD Codec by Ardfry Imaging, LLC (32 bit) (x32 Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
          PSD Codec by Ardfry Imaging, LLC (64 bit) (Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
          PSD CODEC Version 1.6.1.0 (HKLM...\Ardfry PSD CODEC_is1) (Version: 1.6.1.0 - Ardfry Imaging, LLC)
          PSPPContent (x32 Version: 18.2.0.61 - Corel Corporation) Hidden
          PSPPHelp (x32 Version: 18.2.0.61 - Corel Corporation) Hidden
          PSPPro64 (Version: 18.2.0.61 - Corel Corporation) Hidden
          PTGui Pro 10.0.11 (HKLM-x32...\PTGui) (Version: - New House Internet Services B.V.)
          PuTTY (HKLM-x32...{ED9EF59B-0799-428E-823D-6D2B7B4FE2E0}) (Version: 0.67.0.0 - Simon Tatham)
          qBittorrent 3.3.3 (HKLM-x32...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
          Quickset64 (HKLM...{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.26 - Dell Inc.)
          QuickTime 7 (HKLM-x32...{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
          RaidCall (HKLM-x32...\RaidCall) (Version: 8.1.8-1.0.3110.145 - raidcall.com.ru)
          Rainlendar2 (remove only) (HKLM-x32...\Rainlendar2) (Version: - )
          RazorSQL 6.3.17 (HKLM-x32...\RazorSQL 6.3.17_is1) (Version: - Richardson Software, LLC)
          Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
          Recuva (HKLM...\Recuva) (Version: 1.52 - Piriform)
          Red Giant Link (HKLM-x32...{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.8.1 - Red Giant, LLC)
          RegexMagic 2 v.2.1.1 (HKLM...\RegexMagic 2) (Version: v.2.1.1 - Just Great Software)
          Registry Trash Keys Finder (Freeware) (HKLM-x32...\Registry Trash Keys Finder) (Version: 3.9.3.0 - SNC)
          Remo Repair MOV (HKLM-x32...{8DD5B1BF-E1BB-43DB-965C-DC6180A19518}_is1) (Version: 2.0.0.16 - Remo Software)
          Replay Media Catcher 6 (6.0.1.27) (HKLM-x32...\Replay Media Catcher 6) (Version: 6.0.1.27 - Applian Technologies)
          Revo Uninstaller Pro (HKLM...\Revo Uninstaller Pro) (Version: - VS Revo Group)
          Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
          R-Undelete 4.9 (HKLM-x32...\R-Undelete 4.9NSIS) (Version: 4.9.160808 - R-Tools Technology Inc.)
          Samsung USB Driver for Mobile Phones (HKLM...{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
          Sci-Fi 2 Sound Pack (HKLM-x32...{62DC2D57-7AB8-4181-994B-C62D55FCE6F4}) (Version: 1.3.1 - Screaming Bee)
          Sci-Fi Sound Pack (HKLM-x32...{D16C611D-CA6F-402B-9EDA-9862CF4A701B}) (Version: 1.1.1 - Screaming Bee)
          Sci-Fi Voice Pack (HKLM-x32...{BC038C91-D3C6-4E43-8439-B65976FE7937}) (Version: 1.3.1 - Screaming Bee)
          Screaming Frog SEO Spider (HKLM-x32...\Screaming Frog SEO Spider) (Version: 7.1 - Screaming Frog Ltd)
          SDFormatter (HKLM-x32...{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
          SecureZIP for Windows 14.20.0027 (HKLM...{E31117D0-A867-4AF2-BB50-E038E2C498E5}) (Version: 14.20.0027 - PKWARE, Inc)
          SES Driver (HKLM...{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
          Setup (x32 Version: 18.2.0.61 - Corel Corporation) Hidden
          SharePoint Client Components (HKLM...{95150004-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4711.1001 - Microsoft Corporation)
          Shtirlitz IV (HKLM-x32...\ShtirlitzIV) (Version: - )
          SignMyImage (HKLM-x32...\SignMyImage) (Version: 4.15 - Filip Krolupper)
          SkHistory (HKLM-x32...\SkHistory) (Version: 0.9.7 - UNKNOWN)
          SkHistory (x32 Version: 0.9.7 - UNKNOWN) Hidden
          Skype chat helper (HKLM-x32...{EB951722-70F4-4EF1-902C-CD665AA17A19}) (Version: 1.1.1 - Pril)
          Skype™ 7.31 (HKLM-x32...{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
          Slack (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\slack) (Version: 2.0.3 - Slack Technologies)
          Smart Cutter (HKLM-x32...{BEDE9B89-27C6-45BB-B3E2-B6D8883D8326}) (Version: 1.9.4 - FameRing)
          Sniper Elite V2 (HKLM-x32...\Sniper Elite V2_is1) (Version: - )
          SolveigMM Video Splitter Business Edition (HKLM-x32...\SolveigMM Video Splitter Business Edition 6.0.1609.2) (Version: 6.0.1609.2 - Solveig Multimedia)
          Sound Forge Pro (HKLM-x32...\Sound Forge Pro) (Version: - )
          Special Effects Voices (HKLM-x32...{913C4C4F-9E3E-41A6-A614-1BDC1352A225}) (Version: 1.0.2 - Screaming Bee)
          Spooky Sounds (HKLM-x32...{F71EBF86-9A73-44C0-A674-55FA3E4A8428}) (Version: 2.1.1 - Screaming Bee)
          SQL-Splitter 1.2.0.1 (HKLM-x32...\SQL-Splitter_is1) (Version: - CoolFactory)
          ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32...{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0028 - ST Microelectronics)
          Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
          Stellar Phoenix Outlook PST Repair - Technical (HKLM...\Stellar Phoenix Outlook PST Repair - Technical_is1) (Version: 5.0.0.0 - Stellar Information Technology Pvt Ltd.)
          Stellar Phoenix Video Repair (HKLM-x32...\Stellar Phoenix Video Repair_is1) (Version: 2.0.0.0 - Stellar Information Technology Pvt Ltd.)
          Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd)
          SuperMemo (HKLM-x32...\SuperMemo) (Version: 15.4 - SuperMemo World)
          swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
          TAP-Windows 9.21.2 (HKLM...\TAP-Windows) (Version: 9.21.2 - )
          Technitium MAC Address Changer v6.0.5 (HKLM-x32...\TMACv6.0) (Version: 6.0.5 - Technitium)
          Telegram Desktop version 0.10.20 (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...{53F49750-6209-4FBF-9CA8-7A333C87D1ED}is1) (Version: 0.10.20 - Telegram Messenger LLP)
          Teleport Pro (HKLM-x32...\Teleport Pro) (Version: 1.71 - Tennyson Maxwell Information Systems, Inc.)
          Text Twist 2 1.00 (HKLM-x32...\Text Twist 2 1.00) (Version: - )
          Text-To-VoIP Plug-in (HKLM-x32...{C1A6E1A4-B337-41B5-B580-30EB1FF76D56}) (Version: 4.0.0 - Screaming Bee)
          Tipard Video Converter Ultimate 9.0.32 (HKLM-x32...{F2922911-108A-4d9e-B33A-2A101444F4CE}is1) (Version: 9.0.32 - Tipard Studio)
          Tooligram Professional (HKLM-x32...{C46AD13D-E852-5802-FE02-0A633C6C2E3D}) (Version: 2.6.0 - Tooligram Group)
          Total Commander 64-bit (Remove or Repair) (HKLM...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
          Total Commander 64-bit (Remove or Repair) (HKLM-x32...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
          Translator Fun Voice Pack (HKLM-x32...{C39768C1-82E7-4466-8526-2D8AC44B768F}) (Version: 1.5.1 - Screaming Bee)
          Trapcode Suite 64-bit (HKLM-x32...\InstallShield          {460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant)
          Trapcode Suite 64-bit (Version: 12.1.3 - Red Giant) Hidden
          Tweak-8 (HKLM...\Tweak-8) (Version: 1.0 build 1080 - Totalidea Software)
          Twidium Accounter 3.8 build 9 (HKLM-x32...\Twidium Accounter_is1) (Version: - Twidium)
          Twidium Twitter Edition 1.0.27 (HKLM-x32...\Twidium Twitter Edition_is1) (Version: 1.0.27.0 - Twidium Team)
          Twingly Screensaver (HKLM-x32...{EB711BC7-0FDF-460C-A00C-DF8E5E996037}) (Version: 1.0.0 - Primelabs)
          Twister 0.9.28.0 (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Twister) (Version: 0.9.28.0 - )
          UltraCompare (HKLM-x32...\InstallShield          {11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}) (Version: 15.10.20 - IDM Computer Solutions, Inc.)
          UltraCompare (x32 Version: 15.10.20 - IDM Computer Solutions, Inc.) Hidden
          UltraEdit (HKLM-x32...{39805786-E230-4C4F-B062-773DC53C7F11}) (Version: 22.20.40 - IDM Computer Solutions, Inc.)
          UltraFinder (HKLM-x32...{3D79501A-B9BC-426B-90B0-D2B291E1E7C8}) (Version: 16.0.0.8 - IDM Computer Solutions, Inc.)
          UltraSearch V2.1.2 (64 bit) (HKLM...\UltraSearch_is1) (Version: 2.1.2 - JAM Software)
          Unity Web Player (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
          Universal Adb Driver (HKLM-x32...{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
          Unlocker 1.9.2 (HKLM...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
          Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM...{90160000-0011-0000-1000-0000000FF1CE}Office16.PROPLUS{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
          Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM...{90160000-012B-0409-1000-0000000FF1CE}Office16.PROPLUS{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
          Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM...{90160000-012B-0419-1000-0000000FF1CE}Office16.OMUI.ru-ru{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
          UUDeview for Windows (HKLM-x32...\UUDeview for Windows) (Version: 1.3 - Michael Newcomb and Frank Pilhofer)
          VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
          Vegas Pro 13.0 (64-bit) (HKLM...{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
          Vit Registry Fix 12.7.0 (Remove only) (HKLM...\Vit Registry Fix) (Version: - VITSOFT)
          VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.4 - VideoLAN)
          VMware Workstation (HKLM...{0AD91785-F9BD-47FD-84F7-9E27B5A1853D}) (Version: 12.1.0 - VMware, Inc.)
          Voice Splicer Plug-In (HKLM-x32...{5A53F620-6A7A-4362-94AD-12D9FCB856E1}) (Version: 4.2.11 - Screaming Bee)
          VoipConnect (HKLM-x32...\VoipConnect_is1) (Version: 4.14 build 770 - Finarea S.A. Switzerland)
          VX Search Ultimate 7.4.16 (HKLM-x32...\VX Search Ultimate) (Version: 7.4.16 - Flexense Computing Systems Ltd.)
          Wacom (HKLM...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
          WebM for Premiere (HKLM...{7BCAE84F-ACE9-4089-87BB-75B914551743}) (Version: 1.0.0 - fnord software)
          WebMoney Agent (HKLM-x32...\WebMoney Agent) (Version: 3.5 - Softomate)
          WebMoney Keeper WinPro 3.9.9.8 (HKLM-x32...{6D9A7CEE-054A-437D-99EF-DD7C77E001FD}) (Version: 3.9.9.8 - WM Transfer Ltd.)
          WebTablet FB Plugin 32 bit (HKLM-x32...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
          WebTablet FB Plugin 64 bit (HKLM...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
          WinDirStat 1.1.2 (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\WinDirStat) (Version: - )
          WinDjView 2.0.2 (HKLM...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
          Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
          Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
          Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
          Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
          Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0) (HKLM...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
          Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
          Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
          WinHex (HKLM-x32...\WinHex) (Version: - )
          WinMerge 2.14.0 (HKLM-x32...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
          WinPcap 4.1.3 (HKLM-x32...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
          WinRAR 5.30 beta 5 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.30.5 - win.rar GmbH)
          WinSCP 5.8.1 beta (HKLM-x32...\winscp3_is1) (Version: 5.8.1 beta - Martin Prikryl)
          WinX HD Video Converter Deluxe 5.9.4 (HKLM-x32...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
          WM Recorder (HKLM-x32...\WM Recorder14.16.2.0) (Version: 14.16.2.0 - AllAlex, Inc)
          Workplace Backgrounds (HKLM-x32...{13304708-E115-4044-82DA-88A6F5424359}) (Version: 1.0.0 - Screaming Bee)
          XnView 2.36 (HKLM-x32...\XnView_is1) (Version: 2.36 - Gougelet Pierre-e)
          yWriter5 (HKLM-x32...\yWriter5_is1) (Version: - Spacejock Software)
          ZennoPoster Standard (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\ZennoPoster Standard) (Version: 5.9.9.1 - ZennoLab)
          Домашняя бухгалтерия (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Домашняя бухгалтерия) (Version: 5.2 - Keepsoft)
          Засоби перевірки правопису Microsoft Office 2016 – українська (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
          Парсер Яндекс Карт ver 4.3, версия 4.3.0.0 (HKLM-x32...{A793623D-40C5-4DB9-A2A4-2E91EA0DEC33}_is1) (Version: 4.3.0.0 - Parsinfo)
          Поддержка программ Apple (HKLM-x32...{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
          Средства проверки правописания Microsoft Office 2016 — русский (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

          ==================== Custom CLSID (Whitelisted): ==========================

          (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

          ==================== Scheduled Tasks (Whitelisted) =============

          (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

          Task: {00CE6CA9-7691-46ED-A32B-41B5D8052A0B} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\SymErr.exe
          Task: {063A6DF0-D9DF-4D01-98C0-43B458DBC34F} - System32\Tasks{36E7CDCE-3B01-4650-8948-AF254DEB073C} => pcalua.exe -a C:\Users\Explorer\Downloads\Programs\Shtrl4.exe -d C:\Users\Explorer\AppData\Roaming\IDM
          Task: {0A4E987C-6912-497D-A2C5-DDC107B9467C} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount...st@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [2016-01-07] (Adobe Systems Incorporated)
          Task: {0AC4904A-8372-4020-9BFF-55B687BCD936} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
          Task: {0CB03F15-7BBF-4237-8FBB-FE6F3FA35FCD} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6986c11 8e050 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
          Task: {197671D1-207D-49D1-A944-E0D46AEF8027} - System32\Tasks\GoogleUpdateTaskMachineUA1d041918bd fa750 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
          Task: {2409A78A-85F7-40FD-AD75-A78F381E4B62} - System32\Tasks\Chameleon Monitor-Explorer => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [2015-02-10] (NeoSoft Tools)
          Task: {2D04D24E-3525-4A26-A43D-33B1A0FF27BC} - System32\Tasks\GoogleUpdateTaskMachineUA1d0001d73c 8b334 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
          Task: {32B41AF0-40BF-4D96-9837-DD6843CC1A3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
          Task: {36B69D02-CE82-4816-BD15-57E6CEC2A0DC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
          Task: {3C7DF767-9E4B-4F3B-841D-95887E75AEFD} - \Pointstone\System Cleaner\Daily Notice → No File <==== ATTENTION
          Task: {43A17CBD-36AD-4BFB-B3C5-1FEF32E15681} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
          Task: {4515A598-639B-489A-B22D-0FF6267D4734} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\SymErr.exe
          Task: {4AC54D11-6DD2-4038-A5FF-94888CBDEE05} - System32\Tasks\Run RoboForm TaskBar Icon => D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
          Task: {5296151F-94E0-4363-BD38-3D32EB8820F6} - {505A68B3-E825-4D29-AC08-B71CA2308CF5} → No File <==== ATTENTION
          Task: {5F4BF8A0-2FF1-467F-916B-CC2DAC8D72B1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
          Task: {6A53FC7F-5F79-4FB4-8C68-579E7C847A2D} - System32\Tasks{F5A09CDD-01AF-42BB-88BB-10471CCE6707} => pcalua.exe -a “C:\Program Files\ReviverSoft\Registry Reviver\Uninstall.exe”
          Task: {7476B54B-CDB4-47A2-85FC-8F1BC37E7E33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
          Task: {7B81CF39-A304-40ED-B0FA-E97FCA106CC3} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMHMKMJMPMGMNMNMKJCNMMNJNMOJC NLMOJGMOJCNGMLJKJMJCNJJJJOMJMKJLMGMJJLMJMOJMMJNJIC MIMCNGMCNNMNMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMP MCNNMJNPICMHMFMFMOMPMJNHICMEKMICNJJCKJNBJCMLKNIOJJ IKJDJDJKJNIJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMPMFM (the data entry has 35 more characters).
          Task: {8033146A-54E7-453E-A3E9-FC0972A14F1A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
          Task: {8D6A16C1-3BA2-4877-85C3-A3631C653532} - System32\Tasks{A1D5D0E4-BB6C-4E3C-BD67-E5A8C0E74A2E} => pcalua.exe -a C:\Users\Explorer\Downloads\Programs\MDAC_TYP.EXE -d C:\Users\Explorer\AppData\Roaming\IDM
          Task: {8EC5BF83-AC06-4190-A64A-4096E5BBCD19} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
          Task: {8F3B47E0-D5F4-47FA-B387-F689471175DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
          Task: {915FE576-044F-4C41-BB42-88FC4859018F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core => C:\Users\Explorer\AppData\Local\Dropbox\Update\Dro pboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
          Task: {91E9E3CA-F7D9-4D12-A30D-BB7ADA79C6DC} - System32\Tasks\Chameleon Startup Manager-Explorer => C:\Program Files (x86)\Chameleon Startup Manager\manager.exe [2015-02-10] (NeoSoft Tools)
          Task: {92C88288-96C8-4FDF-A609-217497BFBEF9} - \Pointstone\System Cleaner\Log On Notice → No File <==== ATTENTION
          Task: {9822B3AD-B62E-42E8-8E38-EFEAEF22F1B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA => C:\Users\Explorer\AppData\Local\Google\Update\Goog leUpdate.exe [2015-08-31] (Google Inc.)
          Task: {9CBC36AC-65A1-4EE6-ADFE-AFF60472DD16} - System32\Tasks\Chameleon Monitor-startup-Explorer => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [2015-02-10] (NeoSoft Tools)
          Task: {A549169A-D962-4B64-81D2-C964B9449C9A} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
          Task: {AA5D7753-F298-4993-9145-8B2B5CC146AF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA => C:\Users\Explorer\AppData\Local\Dropbox\Update\Dro pboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
          Task: {CA479769-6B76-4C74-B358-67423E5E14AE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
          Task: {D3E94B6F-E162-41ED-A78D-49068CC7ED23} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
          Task: {DAAEF8CA-94B0-46E6-94ED-FDC4B3E4AF4A} - System32\Tasks{2F3CCF69-1646-4DB0-AFD2-72E35FF466E2} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/ru/abandoninstall?page=tsMain
          Task: {DDB4C5BF-2FE1-41E1-8D6F-FE99673976A4} - System32\Tasks{CA56EAE6-5E60-454F-8EE2-3825A791791D} => pcalua.exe -a C:\Users\Explorer\Downloads\Programs\CardReader_JM icron_W7_A01_TKH3F_ZPE.exe -d C:\Users\Explorer\AppData\Roaming\IDM
          Task: {E050D551-CEF3-49EA-B469-70424D4A805A} - System32\Tasks\Opera scheduled Autoupdate 1408935599 => C:\Program Files (x86)\Opera\launcher.exe
          Task: {E2DB1668-3E8B-457C-AF8E-95E39708C96A} - System32\Tasks{2090741D-AF19-4C0D-987B-D5AD2CA171A4} => pcalua.exe -a “H:\Games\Teenage Mutant Ninja Turtles\TMNT.EXE” -d “H:\Games\Teenage Mutant Ninja Turtles”
          Task: {E51F8CD2-3D68-4A05-B85C-9933D704E00E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
          Task: {FCC01015-90D3-40BB-A7B7-FB8C342A9385} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1d0411f110ceba0 => C:\Users\Explorer\AppData\Local\Google\Update\Goog leUpdate.exe [2015-08-31] (Google Inc.)

          (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

          Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core.job => C:\Users\Explorer\AppData\Local\Dropbox\Update\Dro pboxUpdate.exe
          Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA.job => C:\Users\Explorer\AppData\Local\Dropbox\Update\Dro pboxUpdate.exe
          Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core.job => C:\Users\Explorer\AppData\Local\Facebook\Update\Fa cebookUpdate.exe
          Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6986c 118e050.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
          Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0001d7 3c8b334.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
          Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cfd791cbe00d3.job => C:\Users\Explorer\AppData\Local\Google\Update\Goog leUpdate.exe
          Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cfed3dadc0292f.job => C:\Users\Explorer\AppData\Local\Google\Update\Goog leUpdate.exe
          Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cffedb14d73815.job => C:\Users\Explorer\AppData\Local\Google\Update\Goog leUpdate.exe

          ==================== Shortcuts =============================

          (The entries could be listed to be restored or removed.)

          Shortcut: C:\Users\Explorer\Favorites\FileOptimizer Home Page.lnk → hxxp://nikkhokkho.sourceforge.net/static.php?page=FileOptimize
          Shortcut: C:\Users\Explorer\Favorites\NCH Software Download Site.lnk → hxxp://www.nch.com.au/index.htm
          Shortcut: C:\Users\Explorer\Dropbox\Равиль\для меня.lnk → C:\Users\o_O\Documents\для меня (No File) <===== Cyrillic
          Shortcut: C:\Users\Explorer\Desktop\Домашняя бухгалтерия 5.lnk → C:\Program Files (x86)\Keepsoft\HomeBuh5\HomeBuh5.exe (Keepsoft) <===== Cyrillic
          Shortcut: C:\Users\Explorer\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Yamb 2.1.0.0 beta 2\Yamb - Website.lnk → hxxp://yamb.unite-video.com

          ShortcutWithArgument: C:\Users\Explorer\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Chrome Apps\WorkFlowy.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=koegeopamaoljbmhnfjbclbocehhgmkm
          ShortcutWithArgument: C:\Users\Explorer\AppData\Roaming\Microsoft\Intern et Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click &Clean.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
          ShortcutWithArgument: C:\Users\Explorer\AppData\Roaming\Microsoft\Intern et Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Hango uts.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd
          ShortcutWithArgument: C:\Users\Explorer\AppData\Roaming\Microsoft\Intern et Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5a7f1fc1149619d6\Epic Privacy Browser.lnk → C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Application\epic.exe (Hidden Reflex) → --profile-directory=Default

          ==================== Loaded Modules (Whitelisted) ==============

          2016-01-06 00:28 - 2016-01-06 00:28 - 00269312 _____ () C:\Program Files (x86)\Droid4X\Droid4XService.exe
          2013-05-08 14:17 - 2013-05-08 14:17 - 00082144 _____ () C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
          2016-11-14 19:00 - 2012-05-12 01:27 - 00473088 _____ () C:\Program Files (x86)\NetTime\NetTimeService.exe
          2016-04-11 02:14 - 2016-10-25 15:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
          2015-11-25 18:09 - 2015-11-25 18:09 - 12462784 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
          2015-01-13 22:03 - 2014-08-19 14:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
          2016-01-22 13:55 - 2016-01-22 13:55 - 00553136 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
          2014-05-01 09:13 - 2016-07-21 00:01 - 00592384 _____ () C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX 64.dll
          2012-05-11 00:23 - 2012-05-11 00:23 - 00204800 _____ () c:\Windows\System32\iMobileDisk.dll
          2016-02-09 20:56 - 2016-02-09 20:56 - 00179888 _____ () C:\Program Files\Mindjet\MindManager 16\zlib64.dll
          2015-06-01 13:00 - 2015-06-01 13:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
          2015-11-13 07:19 - 2015-11-13 07:19 - 03097640 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
          2014-04-28 01:19 - 2014-04-28 01:19 - 00184320 _____ () C:\Program Files\Rainlendar2\lua52.dll
          2015-11-13 04:51 - 2015-11-13 04:51 - 00330240 _____ () C:\Program Files\Rainlendar2\libical.dll
          2015-11-13 04:51 - 2015-11-13 04:51 - 00060928 _____ () C:\Program Files\Rainlendar2\libicalss.dll
          2015-11-13 07:19 - 2015-11-13 07:19 - 00075816 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
          2014-04-28 01:19 - 2014-04-28 01:19 - 00015872 _____ () C:\Program Files\Rainlendar2\lfs.dll
          2016-09-15 12:13 - 2016-09-15 12:13 - 03412936 _____ () D:\Program Files\ACD Systems\ACDSee Pro\10.0\ACDSeeCommanderPro10.exe
          2009-10-19 06:47 - 2009-10-19 06:47 - 00210400 _____ () C:\Program Files (x86)\WebMoney Agent\wmagent.exe
          2016-11-14 19:00 - 2012-05-12 09:28 - 00772096 _____ () C:\Program Files (x86)\NetTime\NetTime.exe
          2016-07-28 13:45 - 2016-07-08 09:57 - 00082624 _____ () C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\PubLog.dll
          2016-07-28 13:46 - 2016-07-08 09:57 - 00528576 _____ () C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\uexper64.dll
          2016-07-28 13:45 - 2016-07-08 09:57 - 01102016 _____ () C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\EUNTFSSearchDLL.dll
          2015-06-17 15:23 - 2015-06-17 15:23 - 03691296 _____ () C:\Program Files\Kutools for Excel\KTEHelper64.dll
          2015-06-17 15:23 - 2015-06-17 15:23 - 09507616 _____ () C:\Program Files\Kutools for Excel\KTELoader64.dll
          2015-06-17 15:23 - 2015-06-17 15:23 - 06442784 _____ () C:\Program Files\Kutools for Excel\Pane\PaneforKutools64.dll
          2016-07-07 15:57 - 2016-07-07 15:57 - 00752520 _____ () C:\Program Files\Google\Drive plugin for Office\adxloader64.dll
          2016-09-17 10:48 - 2016-09-17 10:48 - 00569536 _____ () C:\Program Files\Adobe\Adobe Lightroom\AgKernel.dll
          2016-09-17 10:49 - 2016-09-17 10:49 - 53322944 _____ () C:\Program Files\Adobe\Adobe Lightroom\libcef.dll
          2016-09-17 10:49 - 2016-09-17 10:49 - 00730816 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFCore.dll
          2016-09-17 10:49 - 2016-09-17 10:49 - 00242368 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFSQLite.dll
          2016-09-17 10:49 - 2016-09-17 10:49 - 00095424 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFWeb.dll
          2016-09-17 10:49 - 2016-09-17 10:49 - 01164480 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFOzClient.dll
          2016-09-17 10:49 - 2016-09-17 10:49 - 00024768 _____ () C:\Program Files\Adobe\Adobe Lightroom\LightroomModels.dll
          2016-09-17 10:48 - 2016-09-17 10:48 - 03505344 _____ () C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamicli nkmediaserver\1.0\DNxHDCodec.dll
          2015-01-30 20:20 - 2015-01-30 20:20 - 02299392 _____ () C:\Program Files\Adobe\Common\Plug-ins\7.0\MediaCore\Ogg.prm
          2015-05-20 04:00 - 2014-03-07 12:27 - 01917952 _____ () C:\Program Files\Adobe\Common\Plug-ins\7.0\MediaCore\Theora.prm
          2016-10-17 15:41 - 2016-10-17 15:41 - 03117056 _____ () C:\Program Files\Adobe\Common\Plug-ins\7.0\MediaCore\WebM.prm
          2016-09-17 10:48 - 2016-09-17 10:48 - 00117440 _____ () C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamicli nkmediaserver\1.0\Plug-ins\XMPFiles\MP4OEM_Handler.xpi
          2015-12-04 05:32 - 2017-02-03 03:10 - 10242128 _____ () C:\Program Files\Gramblr\gramblr.exe
          2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
          2016-05-29 18:34 - 2014-12-19 10:56 - 03806720 _____ () C:\Program Files\JPEG Lossless Rotator\contmenu.dll
          2015-07-22 14:33 - 2015-01-12 03:20 - 00429056 _____ () C:\Program Files (x86)\ImBatch\ImBatchContextMenuHandler-X64.dll
          2016-11-27 12:55 - 2016-11-27 12:55 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
          2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
          2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
          2015-11-25 18:09 - 2015-11-25 18:09 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
          2015-11-25 18:09 - 2015-11-25 18:09 - 00165056 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
          2015-11-25 18:09 - 2015-11-25 18:09 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
          2015-11-25 18:09 - 2015-11-25 18:09 - 00388800 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
          2013-12-08 16:49 - 2013-09-16 14:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
          2012-06-26 13:11 - 2012-06-26 13:11 - 02302040 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll
          2012-06-26 13:11 - 2012-06-26 13:11 - 08197208 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll
          2012-06-26 13:11 - 2012-06-26 13:11 - 00345688 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll
          2012-06-26 13:10 - 2012-06-26 13:10 - 00202328 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
          2012-06-26 13:10 - 2012-06-26 13:10 - 00027736 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
          2012-06-26 13:11 - 2012-06-26 13:11 - 00282200 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll
          2017-02-02 19:34 - 2017-01-30 09:12 - 00801600 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\drop box_watchdog.dll
          2017-02-02 19:35 - 2017-01-13 18:53 - 00035792 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin_mult iprocessing.pyd
          2017-02-02 19:35 - 2017-01-13 18:53 - 00100296 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin_ctyp es.pyd
          2017-02-02 19:35 - 2017-01-13 18:53 - 00018888 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\sele ct.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00019776 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\torn ado.speedups.pyd
          2017-02-02 19:35 - 2017-01-13 18:53 - 00694224 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\unic odedata.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 00020824 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\cryp tography.hazmat.bindings._constant_time.pyd
          2017-02-02 19:35 - 2017-01-13 18:54 - 00123856 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin_cffi _backend.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 01682768 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\cryp tography.hazmat.bindings._openssl.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 00020816 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\cryp tography.hazmat.bindings._padding.pyd
          2017-02-02 19:34 - 2017-01-13 18:53 - 00145864 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\pyex pat.pyd
          2017-02-02 19:34 - 2017-01-13 18:54 - 00019408 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\faul thandler.pyd
          2017-02-02 19:35 - 2017-01-13 18:53 - 00116688 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\pywi ntypes27.dll
          2017-02-02 19:35 - 2017-01-13 18:56 - 00105928 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2api.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00022864 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winf fi.crt.compiled._winffi_crt.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 00052544 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\psut il._psutil_windows.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 00038712 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\fast path.pyd
          2017-02-02 19:35 - 2017-01-13 18:53 - 00392144 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\pyth oncom27.dll
          2017-02-02 19:34 - 2017-01-13 18:56 - 00020936 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\mmap file.pyd
          2017-02-02 19:35 - 2017-01-13 18:56 - 00024528 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2event.pyd
          2017-02-02 19:35 - 2017-01-13 18:57 - 00116176 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2security.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00381760 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2com.shell.shell.pyd
          2017-02-02 19:35 - 2017-01-13 18:56 - 00124880 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2file.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00026456 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winf fi.kernel32.compiled._winffi_kernel32.pyd
          2017-02-02 19:35 - 2017-01-13 18:56 - 00024016 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2clipboard.pyd
          2017-02-02 19:35 - 2017-01-13 18:56 - 00175560 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2gui.pyd
          2017-02-02 19:35 - 2017-01-13 18:57 - 00030160 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2pipe.pyd
          2017-02-02 19:35 - 2017-01-13 18:57 - 00043472 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2process.pyd
          2017-02-02 19:35 - 2017-01-13 18:57 - 00048592 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2service.pyd
          2017-02-02 19:35 - 2017-01-13 18:56 - 00057808 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2evtlog.pyd
          2017-02-02 19:35 - 2017-01-13 18:57 - 00024016 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2profile.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 00246608 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\brea kpad.client.windows.handler.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 00027488 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\drop box.infinite.win.compiled._driverinstallation.pyd
          2017-02-02 19:35 - 2017-01-13 18:55 - 00241104 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin_jpeg tran.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 00022336 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\cpui d.compiled._cpuid.pyd
          2017-02-02 19:35 - 2017-01-13 18:57 - 00028616 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2ts.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 01826104 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt 5.QtCore.pyd
          2017-02-02 19:35 - 2017-01-13 18:54 - 00083912 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\sip. pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 01972536 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt 5.QtGui.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 03928896 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt 5.QtWidgets.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 00531264 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt 5.QtNetwork.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00025432 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\wins creenshot.compiled._CaptureScreenshot.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00133432 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt 5.QtWebKit.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00224064 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt 5.QtWebKitWidgets.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 00207680 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt 5.QtPrintSupport.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00021840 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winf fi.user32.compiled._winffi_user32.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00022872 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winf fi.iphlpapi.compiled._winffi_iphlpapi.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00021848 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winf fi.winerror.compiled._winffi_winerror.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00022872 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winf fi.wininet.compiled._winffi_wininet.pyd
          2017-02-02 19:35 - 2017-01-13 18:57 - 00350152 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winx pgui.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00103232 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt 5.QtWinExtras.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00023896 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winv erifysignature.compiled._VerifySignature.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 00025936 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\libr syncffi.compiled._librsyncffi.pyd
          2017-02-02 19:34 - 2017-01-13 18:51 - 00036296 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\libr sync.dll
          2017-02-02 19:34 - 2017-01-30 09:14 - 00084288 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\drop box_sqlite_ext.DLL
          2017-02-02 19:34 - 2017-01-13 19:02 - 00017864 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\libE GL.dll
          2017-02-02 19:34 - 2017-01-13 19:02 - 01631184 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\libG LESv2.dll
          2017-02-02 19:35 - 2017-01-30 09:14 - 00042816 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt 5.QtWebChannel.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00171336 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt 5.QtWebEngineWidgets.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 00357688 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt 5.QtQml.pyd
          2017-02-02 19:35 - 2017-01-13 18:57 - 00060880 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win3 2print.pyd
          2017-02-02 19:35 - 2017-01-30 09:14 - 00026456 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winf fi.winhttp.compiled._winffi_winhttp.pyd
          2017-02-02 19:34 - 2017-01-30 09:14 - 00546104 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt 5.QtQuick.pyd
          2017-02-02 19:35 - 2017-01-13 19:04 - 00697304 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\QtQu ick\Controls\qtquickcontrolsplugin.dll
          2014-12-30 11:12 - 2014-10-31 16:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
          2014-12-30 11:12 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
          2016-01-28 12:32 - 2016-01-28 12:32 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
          2016-05-09 15:31 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
          2016-05-09 15:31 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
          2017-01-13 00:02 - 2016-07-04 13:13 - 15137792 _____ () C:\Windows\SYSTEM32\hlfontlib.dll
          2016-11-15 06:27 - 2016-11-15 06:27 - 08911552 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll
          2014-05-01 09:15 - 2016-07-21 00:01 - 00564224 _____ () C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX 32.dll
          2016-12-15 00:20 - 2016-12-08 02:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libgl esv2.dll
          2016-12-15 00:20 - 2016-12-08 02:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libeg l.dll
          2017-01-11 14:14 - 2017-01-11 14:14 - 17835096 _____ () C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll
          2016-09-21 15:40 - 2016-09-21 15:40 - 55719424 _____ () C:\Program Files (x86)\eM Client\libcef.DLL
          2016-09-21 15:39 - 2016-09-21 15:39 - 00871936 _____ () C:\Program Files (x86)\eM Client\SQLite\x86\sqlite3.dll
          2016-10-03 02:02 - 2016-08-31 03:41 - 00301056 _____ () C:\Program Files (x86)\Common Files\Solveig Multimedia\libebml.dll
          2016-10-03 02:02 - 2016-08-31 03:42 - 00433152 _____ () C:\Program Files (x86)\Common Files\Solveig Multimedia\libmatroska.dll
          2016-02-25 21:06 - 2016-02-25 21:06 - 00797184 _____ () D:\Program Files (x86)\Audials\Audials 2016\ac3filter.ax
          2013-12-17 17:38 - 2008-12-19 12:26 - 02625536 _____ () C:\Program Files (x86)\Cucusoft\iPhone Tool Kits\Filter\ffdshow.ax
          2016-05-22 16:39 - 2016-04-18 09:01 - 00268080 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\CrashRpt1403.dll
          2016-05-22 16:39 - 2016-04-18 09:01 - 00085296 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\MouseHook.dll
          2015-03-15 23:22 - 2013-06-09 18:18 - 00204800 _____ () C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll
          2016-11-27 12:55 - 2016-11-27 12:55 - 00021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
          2014-01-06 18:42 - 2016-08-20 14:36 - 02873856 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
          2002-12-21 00:41 - 2002-12-21 00:41 - 01364823 _____ () D:\Program Files (x86)\Aspell\bin\aspell-15.dll
          2014-10-03 17:40 - 2014-08-05 14:02 - 00014848 _____ () D:\Multitran\network\RusRes.DLL
          2015-12-23 18:58 - 2015-12-23 18:58 - 02967040 _____ () C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\imgseg\x86\imgseg.dll

          ==================== Alternate Data Streams (Whitelisted) =========

          (If an entry is included in the fixlist, only the ADS will be removed.)

          AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A [131]
          AlternateDataStreams: C:\ProgramData\TEMP:A064CECC [144]
          AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [194]
          AlternateDataStreams: C:\ProgramData\TEMP5FBE8F9 [157]
          AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
          AlternateDataStreams: C:\Users\Explorer\Desktop\Inner-Light.jpg:$CmdZnID [26]
          AlternateDataStreams: C:\Users\Explorer\Downloads\Keygen-MESMERiZE.rar:$CmdTcID [64]
          AlternateDataStreams: C:\Users\Explorer\Downloads\Keygen-MESMERiZE.rar:$CmdZnID [26]
          AlternateDataStreams: C:\Users\Explorer\Downloads\pijano (mastered).mp3:$CmdTcID [64]
          AlternateDataStreams: C:\Users\Explorer\Downloads\pijano (mastered).mp3:$CmdZnID [26]
          AlternateDataStreams: C:\Users\Explorer\Downloads\pocket.crx:$CmdZnID [26]
          AlternateDataStreams: C:\Users\Explorer\Downloads\Reset_antispam_0.3.1.7 z:$CmdZnID [26]
          AlternateDataStreams: C:\Users\Explorer\Downloads\rokcandy-2.0.1 (1).zip:$CmdZnID [26]
          AlternateDataStreams: C:\Users\Explorer\Downloads\root.crt:$CmdZnID [26]
          AlternateDataStreams: C:\Users\Explorer\Downloads\root.der:$CmdZnID [26]
          AlternateDataStreams: C:\Users\Explorer\Downloads\You Will Not Face This Alone.mp3:$CmdTcID [64]
          AlternateDataStreams: C:\Users\Explorer\Downloads\You Will Not Face This Alone.mp3:$CmdZnID [26]
          AlternateDataStreams: C:\Users\Explorer\Downloads[kickass.so]hotline.miami.update.3.gog.torrent:$CmdZnID [26]

          ==================== Safe Mode (Whitelisted) ===================

          (If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

          HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WRkrn => “”=“Driver”
          HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WRSVC => “”=“Service”

          ==================== Association (Whitelisted) ===============

          (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

          HKU.DEFAULT\Software\Classes\exefile: “%1” %* <===== ATTENTION
          HKU.DEFAULT\Software\Classes.exe: exefile => “%1” %* <===== ATTENTION

          ==================== Internet Explorer trusted/restricted ===============

          (If an entry is included in the fixlist, it will be removed from the registry.)

          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\a-k-d.ru → hxxps://a-k-d.ru
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\a-k-d.ru → hxxp://a-k-d.ru
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\a-practic.ru → hxxps://a-practic.ru
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\admkrsk.ru → hxxps://torgi.admkrsk.ru
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\admkrsk.ru → hxxp://torgi.admkrsk.ru
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\ahml.ru → hxxps://ahml.ru
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\ahml.ru → hxxp://ahml.ru
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\akosta.info → hxxps://akosta.info
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\akosta.info → hxxp://akosta.info
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\alfalot.ru → hxxps://alfalot.ru
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\alfalot.ru → hxxp://alfalot.ru
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\asgor.su → hxxps://etp.asgor.su
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\asgor.su → hxxp://etp.asgor.su
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\atctrade.ru → hxxps://atctrade.ru
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\atctrade.ru → hxxp://atctrade.ru
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\ati.su → hxxps://d.ati.su
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\ati.su → hxxp://d.ati.su
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\atlasnw.ru → hxxps://atlasnw.ru
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\auction63.ru → hxxps://auction63.ru
          IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\auction63.ru → hxxp://auction63.ru

          There are 161 more sites.

          ==================== Hosts content: ==========================

          (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

          2013-09-06 03:56 - 2016-12-29 12:35 - 00002033 ____A C:\Windows\system32\Drivers\etc\hosts

          127.0.0.1 lmlicenses.wip4.adobe.com # Adobe Activation
          127.0.0.1 lm.licenses.adobe.com # Adobe Activation
          127.0.0.1 na1r.services.adobe.com # Adobe Activation
          127.0.0.1 hlrcv.stage.adobe.com # Adobe Activation
          127.0.0.1 practivate.adobe.com # Adobe Activation
          127.0.0.1 activate.adobe.com # Adobe Activation
          127.0.0.1 player.kmpmedia.net # Disable adv. in KMPlayer
          127.0.0.1 sams.nikonimaging.com
          127.0.0.1 activation.cloud.techsmith.com
          127.0.0.1 oscount.techsmith.com
          127.0.0.1 updater.techsmith.com
          127.0.0.1 camtasiatudi.techsmith.com
          127.0.0.1 tsccloud.cloudapp.net
          127.0.0.1 assets.cloud.techsmith.com
          127.0.0.1 activation.cloud.techsmith.com
          127.0.0.1 oscount.techsmith.com
          127.0.0.1 licensing.ultraedit.com
          127.0.0.1 licensing2.ultraedit.com
          127.0.0.1 82.146.58.150 # AntiSniper Voyager
          127.0.0.1 licensing.ultraedit.com
          127.0.0.1 acdid.acdsystems.com
          127.0.0.1 activate.adobe.com
          127.0.0.1 practivate.adobe.com
          127.0.0.1 lmlicenses.wip4.adobe.com
          127.0.0.1 lm.licenses.adobe.com
          127.0.0.1 na1r.services.adobe.com
          127.0.0.1 hlrcv.stage.adobe.com
          127.0.0.1 activate-sea.adobe.com
          127.0.0.1 activate-sjc0.adobe.com
          127.0.0.1 ereg.adobe.com

          There are 13 more lines.

          ==================== Other Areas ============================

          (Currently there is no automatic fix for this section.)

          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Control Panel\Desktop\Wallpaper → D:\Ivan Tours\01.jpg
          DNS Servers: 200.48.225.130 - 200.48.225.146
          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
          Windows Firewall is enabled.

          ==================== MSCONFIG/TASK MANAGER disabled items ==

          HKLM...\StartupApproved\Run32: => “iTunesHelper”
          HKLM...\StartupApproved\Run32: => “QuickTime Task”

          ==================== FirewallRules (Whitelisted) ===============

          (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

          FirewallRules: [vm-monitoring-nb-session] => LPort=139
          FirewallRules: [TCP Query User{3BB22699-BF48-4579-A7DB-18EFA59FBF90}C:\program files (x86)\miranda im\miranda32.exe] => C:\program files (x86)\miranda im\miranda32.exe
          FirewallRules: [UDP Query User{3B99E38B-965B-4DA8-B7E9-A04D67ECD3DC}C:\program files (x86)\miranda im\miranda32.exe] => C:\program files (x86)\miranda im\miranda32.exe
          FirewallRules: [{79EA95A0-F365-4341-9F2C-6187DE252A4E}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
          FirewallRules: [{254E2A50-690C-4C77-9130-D41659FF188D}] => C:\Users\Explorer\AppData\Roaming\Dropbox\bin\Drop box.exe
          FirewallRules: [{80FE8B9B-44B1-411D-AB9A-841C3BFD7A53}] => C:\Users\Explorer\AppData\Roaming\Dropbox\bin\Drop box.exe
          FirewallRules: [{03B81AE2-5B4B-4E25-9235-55BD36D99DDC}] => C:\Users\Explorer\AppData\Roaming\uTorrent\uTorren t.exe
          FirewallRules: [{A6030441-88B0-44E1-9EB0-48A359D8B7D2}] => C:\Users\Explorer\AppData\Roaming\uTorrent\uTorren t.exe
          FirewallRules: [{2996E2D0-38F4-45D6-9DFA-087F1CDC700E}] => %ProgramFiles% (x86)\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe
          FirewallRules: [{FA265765-90E4-450B-9525-525DABABD0E6}] => %ProgramFiles% (x86)\WinSCP\WinSCP.exe
          FirewallRules: [{0C3C898E-5433-45FA-BFE3-AF462F0DA31E}] => %ProgramFiles% (x86)\WinSCP\WinSCP.exe
          FirewallRules: [TCP Query User{3F712BE6-AC16-402B-9CA6-B394CADB70C3}C:\program files (x86)\internet download manager\idman.exe] => C:\program files (x86)\internet download manager\idman.exe
          FirewallRules: [UDP Query User{A30D5400-0AA6-4557-8328-5227BA3BD591}C:\program files (x86)\internet download manager\idman.exe] => C:\program files (x86)\internet download manager\idman.exe
          FirewallRules: [{D36EDD44-9E33-493A-B46F-2D8A00F6DF3E}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
          FirewallRules: [{A94A54EF-1D2A-485A-B926-05F5A86BAD2C}] => C:\Program Files\Bonjour\mDNSResponder.exe
          FirewallRules: [{7F330708-61D1-4181-9BF8-994CCA79F140}] => C:\Program Files\Bonjour\mDNSResponder.exe
          FirewallRules: [{95C70A64-CD75-42CC-AFC9-F81D6AAB1801}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
          FirewallRules: [{0F1E1D58-ACA1-46C7-B6F1-0BF8E843BB2B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
          FirewallRules: [{5D4594E3-DA28-4B07-8F2C-798772FC0DA2}] => C:\Program Files (x86)\Fiddler2\Fiddler.exe
          FirewallRules: [TCP Query User{DF816B82-B9A4-4401-BCCF-167D918E3DFF}C:\users\Explorer\appdata\local\mobio ne studio\mobione 2.6.1\mobione.exe] => C:\users\Explorer\appdata\local\mobione studio\mobione 2.6.1\mobione.exe
          FirewallRules: [UDP Query User{501BC721-DC3E-4A86-9BAF-AD4E8FEC110D}C:\users\Explorer\appdata\local\mobio ne studio\mobione 2.6.1\mobione.exe] => C:\users\Explorer\appdata\local\mobione studio\mobione 2.6.1\mobione.exe
          FirewallRules: [{4D7A3AFE-2D55-4B6D-B03E-13D9489E5A2F}] => H:\Steam Games\SteamApps\common\Terraria\Terraria.exe
          FirewallRules: [{CBDEDD27-68EB-4CB0-BD03-41E066BA2A71}] => H:\Steam Games\SteamApps\common\Terraria\Terraria.exe
          FirewallRules: [TCP Query User{D7CA8E8D-8EF3-45B2-9D4A-49B61634B58E}C:\windows\system32\settingsynchost.e xe] => C:\windows\system32\settingsynchost.exe
          FirewallRules: [UDP Query User{4F52F55C-667C-44EC-B740-2D26FFE92C3A}C:\windows\system32\settingsynchost.e xe] => C:\windows\system32\settingsynchost.exe
          FirewallRules: [TCP Query User{CF192A0E-3DE8-485F-9402-B81C86964A45}C:\program files\bitcoin\bitcoin-qt.exe] => C:\program files\bitcoin\bitcoin-qt.exe
          FirewallRules: [UDP Query User{42049264-9DCB-45B4-B509-11582FE2F4D7}C:\program files\bitcoin\bitcoin-qt.exe] => C:\program files\bitcoin\bitcoin-qt.exe
          FirewallRules: [TCP Query User{DC0E8675-3213-4EAE-8569-EEA85CC336E5}C:\program files\jitsi\jitsi.exe] => C:\program files\jitsi\jitsi.exe
          FirewallRules: [UDP Query User{D9AFE522-4A72-4B83-8558-C5318B94874A}C:\program files\jitsi\jitsi.exe] => C:\program files\jitsi\jitsi.exe
          FirewallRules: [{1835B9E8-C504-42EC-B0F0-A1CC3F69412E}] => C:\Program Files (x86)\Nsasoft\ProductKeyExplorer\ProductKeyExplore r.exe
          FirewallRules: [{BC15A39F-55DB-4D55-B70C-9BAD616E3916}] => C:\Program Files (x86)\Nsasoft\ProductKeyExplorer\ProductKeyExplore r.exe
          FirewallRules: [{DC30A956-55E6-4EFD-BC39-A98A85A991CD}] => C:\Users\Explorer\AppData\Local\Facebook\Video\Sky pe\FacebookVideoCalling.exe
          FirewallRules: [TCP Query User{40439AB4-5508-4E81-B43B-0740E87A0357}C:\users\Explorer\appdata\local\temp\ cp3032020347734session\cptrustfolder3032020347734\ adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp30320203477 34session\cptrustfolder3032020347734\adobecaptivat ews
          FirewallRules: [UDP Query User{4D30EE59-57BC-4914-AA92-06C69D9DB6C3}C:\users\Explorer\appdata\local\temp\ cp3032020347734session\cptrustfolder3032020347734\ adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp30320203477 34session\cptrustfolder3032020347734\adobecaptivat ews
          FirewallRules: [TCP Query User{399A0F49-F2BE-4099-A5A3-C29F4C3E8FAF}C:\users\Explorer\appdata\local\temp\ cp996420483593session\cptrustfolder996420483593\ad obecaptivatews] => C:\users\Explorer\appdata\local\temp\cp99642048359 3session\cptrustfolder996420483593\adobecaptivatew s
          FirewallRules: [UDP Query User{BD1E06E7-9A92-4958-B0BB-ECB6210E2597}C:\users\Explorer\appdata\local\temp\ cp996420483593session\cptrustfolder996420483593\ad obecaptivatews] => C:\users\Explorer\appdata\local\temp\cp99642048359 3session\cptrustfolder996420483593\adobecaptivatew s
          FirewallRules: [TCP Query User{12D2FDF4-4A66-4432-90DB-BB8524DCE62B}C:\users\Explorer\appdata\local\temp\ cp3001220540515session\cptrustfolder3001220540546\ adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp30012205405 15session\cptrustfolder3001220540546\adobecaptivat ews
          FirewallRules: [UDP Query User{E6A65922-E7E8-44ED-9AA3-D13A25EE95A3}C:\users\Explorer\appdata\local\temp\ cp3001220540515session\cptrustfolder3001220540546\ adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp30012205405 15session\cptrustfolder3001220540546\adobecaptivat ews
          FirewallRules: [TCP Query User{E6BE25A8-25D5-4F62-B547-34BECEFC01F0}C:\users\Explorer\appdata\local\temp\ cp2960020607296session\cptrustfolder2960020607296\ adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp29600206072 96session\cptrustfolder2960020607296\adobecaptivat ews
          FirewallRules: [UDP Query User{57D45492-073F-479D-B084-350639AD561C}C:\users\Explorer\appdata\local\temp\ cp2960020607296session\cptrustfolder2960020607296\ adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp29600206072 96session\cptrustfolder2960020607296\adobecaptivat ews
          FirewallRules: [{5DFA32DB-F20B-4BA9-91A6-571C654F31FE}] => %ProgramFiles% (x86)\Final Draft 9\Final Draft.exe
          FirewallRules: [{867B1B76-71CE-4409-8741-7520BDE0C299}] => %ProgramFiles% (x86)\Final Draft 9\Final Draft.exe
          FirewallRules: [TCP Query User{CB673008-3B3F-4D9E-BE63-4E0833A2FDA7}C:\users\Explorer\appdata\roaming\twi ster\bin\twisterd.exe] => C:\users\Explorer\appdata\roaming\twister\bin\twis terd.exe
          FirewallRules: [UDP Query User{ED3C8D21-69D0-490D-8F0A-00D69CC7F107}C:\users\Explorer\appdata\roaming\twi ster\bin\twisterd.exe] => C:\users\Explorer\appdata\roaming\twister\bin\twis terd.exe
          FirewallRules: [TCP Query User{0CC99D78-C12F-4118-9B79-17D02760E487}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
          FirewallRules: [UDP Query User{FB425734-EC38-4231-B018-0C262430CE9C}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
          FirewallRules: [{7A33F9DB-3235-4DD9-A840-667E92076675}] => LPort=51001
          FirewallRules: [{40CA1EC6-912A-41DC-8E99-7103771CB798}] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe
          FirewallRules: [{D5CF5821-74C8-4CF9-A422-1CACDC26AD5F}] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe
          FirewallRules: [{0422736B-C8A4-45E3-93E0-806D06D0304C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
          FirewallRules: [{9F95353B-5F2E-4FFC-9AA0-89131643B655}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
          FirewallRules: [TCP Query User{BBEEEA73-01AD-4A73-AB91-B6B24D215EF7}D:\voyager\voyager.exe] => D:\voyager\voyager.exe
          FirewallRules: [UDP Query User{7C94E354-3363-4D10-B751-2CD3EB4B7C0E}D:\voyager\voyager.exe] => D:\voyager\voyager.exe
          FirewallRules: [TCP Query User{1F3DECCD-E4EB-46BB-AD8A-E07087796441}C:\program files (x86)\gnaural\gnaural.exe] => C:\program files (x86)\gnaural\gnaural.exe
          FirewallRules: [UDP Query User{2E6AF1CF-7599-4417-8BE3-5416C5D202F2}C:\program files (x86)\gnaural\gnaural.exe] => C:\program files (x86)\gnaural\gnaural.exe
          FirewallRules: [TCP Query User{F9F7C21E-476F-40FC-9A3E-62ACA3AF4663}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
          FirewallRules: [UDP Query User{5E215C76-6104-40EF-A595-3EA090121FFB}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
          FirewallRules: [TCP Query User{77C555E7-86E5-406F-8312-CA6C6BE9F790}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe
          FirewallRules: [UDP Query User{B3254739-5155-48F8-8DC7-BA6C7E926C46}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe
          FirewallRules: [TCP Query User{09903148-27CF-4AF1-9648-C47094636D45}C:\program files\qtox\bin\qtox.exe] => C:\program files\qtox\bin\qtox.exe
          FirewallRules: [UDP Query User{8289089B-6593-4E55-B41A-C823755BF3BC}C:\program files\qtox\bin\qtox.exe] => C:\program files\qtox\bin\qtox.exe
          FirewallRules: [TCP Query User{0F50CDD5-5887-4561-AF17-54444339ECC8}C:\users\Explorer\appdata\roaming\dro pbox\bin\dropbox.exe] => C:\users\Explorer\appdata\roaming\dropbox\bin\drop box.exe
          FirewallRules: [UDP Query User{9055331B-C859-4C34-B81C-AE313903A3E6}C:\users\Explorer\appdata\roaming\dro pbox\bin\dropbox.exe] => C:\users\Explorer\appdata\roaming\dropbox\bin\drop box.exe
          FirewallRules: [TCP Query User{8C338BBA-A9C9-4E5C-853F-BAF43004FC58}D:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => D:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
          FirewallRules: [UDP Query User{64BBFF22-59E0-45DC-9611-838C02E47B64}D:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => D:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
          FirewallRules: [{345127E9-4E97-477E-BD5B-B70EAFA7BC3D}] => C:\Users\Explorer\AppData\Local\Maelstrom\Applicat ion\chrome.native.torrent.exe
          FirewallRules: [{3C6661B7-1A73-46E5-93E0-892AB0CE47B4}] => C:\Users\Explorer\AppData\Local\Maelstrom\Applicat ion\chrome.native.torrent.exe
          FirewallRules: [TCP Query User{721D3BB5-094D-494F-A0C3-961143AC6BB3}D:\tox\tox\win64-0.3.0.exe] => D:\tox\tox\win64-0.3.0.exe
          FirewallRules: [UDP Query User{7EEB6A27-D15A-422A-87F9-451345F19CFF}D:\tox\tox\win64-0.3.0.exe] => D:\tox\tox\win64-0.3.0.exe
          FirewallRules: [TCP Query User{B648B437-6D2E-4D68-AA47-1087B3F73F83}C:\windows\system32\wfs.exe] => C:\windows\system32\wfs.exe
          FirewallRules: [UDP Query User{EBB7CFBE-3BEA-4006-9721-91E61C6EEA3A}C:\windows\system32\wfs.exe] => C:\windows\system32\wfs.exe
          FirewallRules: [TCP Query User{51437C17-45B6-48BB-93F1-3AF85267782A}C:\program files (x86)\nch software\talk\talk.exe] => C:\program files (x86)\nch software\talk\talk.exe
          FirewallRules: [UDP Query User{46082202-F0E8-49D4-9BF3-109B9B6F5AB6}C:\program files (x86)\nch software\talk\talk.exe] => C:\program files (x86)\nch software\talk\talk.exe
          FirewallRules: [{9F07EBB1-FFC4-411C-A982-6BC7F5EED943}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{32675478-1A9A-4F8A-9C85-FF2A4F46C051}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{F630B317-C17E-4482-9D73-99842C2D152D}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{10397154-91A9-4409-9488-1B8B2199B9F1}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{FB395038-D381-4159-9820-D7A618C358BE}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{2E423A41-E61B-488A-87FD-EA7C2441EA85}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{915B48F5-32CD-44D1-81AE-D50157835DF4}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{6D0B7B52-E234-4BCF-9CBE-C2ABBF496491}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{2418FB47-D6EC-4CF2-AF8B-31B77BCA33F4}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{B48C2C24-501C-4D0C-AFDE-A0FCF7EBC699}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{0244CD01-E858-4285-9C1F-4E340908EEAE}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{AEF16717-0E7C-4094-8AF9-251E3BE0A8A2}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{E1281ABF-360F-4629-8383-68C80539EF22}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{E1EFDE54-6F58-4D4B-8252-5DB2DC349213}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{FA98E4C7-4EEE-4132-8809-96E6EAE6741B}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{A08EBC77-1A3F-412E-8D02-14E8FFBBD880}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{4B73B9E1-056E-4716-9EE2-1F0F8BAF1BC5}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{03FA313F-9544-4C12-9D94-744A9D347AF2}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{C8A1E3CE-5938-49D1-A2DB-EC9FA3E2906E}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{1BADFC45-6C4A-484D-B568-71199EB9ED5A}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{B55E2E3C-7932-42C3-BA60-53DF3E2A76C4}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{E48E4FDE-EAEC-4785-AE48-4BD35B5547D5}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
          FirewallRules: [{9AA10285-6668-4E9F-9DC3-89631C5D64DB}] => C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
          FirewallRules: [{52DD9D6E-9350-4A54-AEA9-8EBCA91836CD}] => C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
          FirewallRules: [{F443DA9A-1EB5-4AF2-9C89-65C4C1274514}] => C:\Program Files (x86)\RaidCall.RU\rcplugin.exe
          FirewallRules: [{D5F0FECB-75ED-439F-9F35-A58FD9473547}] => C:\Program Files (x86)\RaidCall.RU\rcplugin.exe
          FirewallRules: [{EBEAA14F-4E6D-48B7-B979-1367E9B70701}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
          FirewallRules: [{4142E781-1FF1-4C20-88F9-C25432B932B6}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
          FirewallRules: [{9C1272CD-F8A3-428C-A83C-ED862C617658}] => %ProgramFiles%\IDM Computer Solutions\UltraEdit\Uedit32.exe
          FirewallRules: [TCP Query User{F7947EE0-4807-439C-B442-16148C7A229C}C:\users\Explorer\appdata\roaming\hai yuinst\plugins\download\minithunderplatform.exe] => C:\users\Explorer\appdata\roaming\haiyuinst\plugin s\download\minithunderplatform.exe
          FirewallRules: [{623C63A0-EA81-4734-A5E1-B69D1CD5C73A}] => C:\Program Files (x86)\Droid4X\Droid4X.exe
          FirewallRules: [{210DFFC3-F66C-49A0-95FA-FA43BB769DD8}] => C:\Program Files (x86)\Droid4X\download\MiniThunderPlatform.exe
          FirewallRules: [{5A3E0959-7B94-40D5-BEAD-819033DE558D}] => C:\Program Files\Oracle\VirtualBox\vboxheadless.exe
          FirewallRules: [{D7B7A8ED-788B-41FA-B636-7E7DA290F508}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
          FirewallRules: [{A2249D8C-E40E-4F5C-AEA2-1E3BB656E08C}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
          FirewallRules: [{1E30FEE0-0EDE-429F-8BDD-484F0CA24A86}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
          FirewallRules: [{998DC954-5916-4181-BC70-65F20328C3F3}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
          FirewallRules: [{54D26489-548D-425E-B852-9A2AC529FFC6}] => %systemroot%\system32\alg.exe
          FirewallRules: [{751944FA-3731-4D92-9613-E32FA94238E1}] => C:\Program Files (x86)\Droid4X\MultiMgr.exe
          FirewallRules: [{9A7C5B36-69B2-46D6-BF7F-4820321F96CC}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
          FirewallRules: [{A3748D19-C15E-421D-A689-DE28BE618906}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
          FirewallRules: [{64D47B7B-FD38-4F90-861C-C9A8C49BEC5D}] => C:\Program Files (x86)\AtomPark\Atomic Mail Verifier\AtomicMailVerifier.exe
          FirewallRules: [{A5F37AC1-79D3-46D8-BFA1-70194CB474B7}] => C:\Program Files (x86)\AtomPark\Atomic Mail Verifier\AtomicMailVerifier.exe
          FirewallRules: [{04013A99-2C59-4191-B7E3-C4019D896EF0}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe
          FirewallRules: [{0AA97732-90DC-411D-BB2E-45984F649287}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe
          FirewallRules: [{19DE3F49-C0C5-4D0A-8465-E6A1F7B9030F}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe
          FirewallRules: [{5B1252CB-1F8F-4E0F-BCD1-61A85FC3420B}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe
          FirewallRules: [{0444BBEE-67FD-451D-9BB0-BC9898EB4C6C}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe
          FirewallRules: [{94FD86E0-0A14-47D1-BFCF-49525A167183}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe
          FirewallRules: [{489BF9C8-1144-4971-9657-CEFAB3801D59}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe
          FirewallRules: [{900A7F4E-9826-4544-964F-9A8DDFA2DABF}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe
          FirewallRules: [{B841C62F-E638-4E1E-AEBE-6337B3A5DA0A}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe
          FirewallRules: [{1D72BE76-D67F-4B6A-A30A-0552FE864034}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe
          FirewallRules: [{DC985DF0-262D-4051-B439-455DE2A3ED00}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe
          FirewallRules: [{AFD0924A-8E05-4115-8E48-FEB417EF0B7A}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe
          FirewallRules: [{9A614AE7-2753-4306-8FF2-549ECBCD9328}] => D:\Program Files (x86)\Audials\Audials 2016\Audials.exe
          FirewallRules: [{E6E74A5D-0139-4DC8-8144-B7435B1DBA99}] => LPort=12972
          FirewallRules: [{1FCF2963-54D4-4171-B8D2-2F222DEE0650}] => LPort=14714
          FirewallRules: [{0AC2AB9B-B8EE-49D2-860B-8B5049EF36B5}] => LPort=31931
          FirewallRules: [TCP Query User{BB9A37A8-076E-43EF-BFA3-6C9E364C9FA7}C:\program files (x86)\bdwm\clipsync server\clipsync server.exe] => C:\program files (x86)\bdwm\clipsync server\clipsync server.exe
          FirewallRules: [UDP Query User{E5F1214E-BACA-4095-B0C3-2977428D0A83}C:\program files (x86)\bdwm\clipsync server\clipsync server.exe] => C:\program files (x86)\bdwm\clipsync server\clipsync server.exe
          FirewallRules: [TCP Query User{D88C0BC9-E6B5-4772-BE81-26B7CA092106}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
          FirewallRules: [UDP Query User{88AF2ACD-B723-4DD3-8090-4CDFE81A7E7E}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
          FirewallRules: [TCP Query User{64C8F271-8F34-4515-96C2-2C6C450FA4A9}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => C:\program files\on1\on1 photo 10\on1 photo 10.exe
          FirewallRules: [UDP Query User{D5C60433-0D8D-4127-98D1-78D18E8601C5}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => C:\program files\on1\on1 photo 10\on1 photo 10.exe
          FirewallRules: [{E0B2FF36-8CA8-4C1A-86F2-410537423324}] => C:\Program Files\AMI\DuOS\DuOS.exe
          FirewallRules: [{FB9292E6-C887-4A27-9747-AEA68D8EEC76}] => C:\Program Files\AMI\DuOS\DuOS.exe
          FirewallRules: [{85AB1D8C-972F-4846-ACDC-466917043A67}] => C:\Program Files\AMI\DuOS\Ubusd.exe
          FirewallRules: [{1D2D9293-80A8-44A1-A3F6-FA6FF7DF6A31}] => C:\Program Files\AMI\DuOS\Ubusd.exe
          FirewallRules: [{C628ED79-03E9-418D-B274-645413E98332}] => C:\Program Files\AMI\DuOS\Dsync.exe
          FirewallRules: [{A8D0BEB8-261F-47EA-A5BE-BB62DA2697A6}] => C:\Program Files\AMI\DuOS\Dsync.exe
          FirewallRules: [{C660BAD7-61C7-4688-BF98-BFEDE2DCBB4F}] => C:\Program Files\AMI\DuOS\SysEvent.exe
          FirewallRules: [{11EB8B46-0E85-401B-A609-1210C8FF3184}] => C:\Program Files\AMI\DuOS\SysEvent.exe
          FirewallRules: [{831243FA-0E3A-4F65-A997-1CB5588C0303}] => C:\Program Files\AMI\DuOS\locationservice.exe
          FirewallRules: [{79461DBD-6A28-43FD-B952-2DF286E27808}] => C:\Program Files\AMI\DuOS\locationservice.exe
          FirewallRules: [{A2E2AEED-B4DC-47E7-BAE5-9622F9FA0DBE}] => C:\Program Files\AMI\DuOS\CamProvider.exe
          FirewallRules: [{A932FC6C-1D12-40A0-9D19-FCC5BD363F5B}] => C:\Program Files\AMI\DuOS\CamProvider.exe
          FirewallRules: [{61817A31-0D2A-467C-9DBA-5E2D7EEFC239}] => C:\Program Files\AMI\DuOS\SensorService.exe
          FirewallRules: [{AEC57AAC-5101-4A7A-BFBB-F321C5EB71B6}] => C:\Program Files\AMI\DuOS\SensorService.exe
          FirewallRules: [{691EEC4D-D055-4441-AC0C-D01DF4AC6A87}] => C:\Program Files\AMI\DuOS..\DuoVM\DuoVMHeadless.exe
          FirewallRules: [{C58C9263-EAD4-485D-ACEF-CDACBED00CB7}] => C:\Program Files\AMI\DuOS..\DuoVM\DuoVMHeadless.exe
          FirewallRules: [{BF63DE1F-A700-4BD7-B79F-290C0BC63223}] => D:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
          FirewallRules: [{1BAFDF42-FEE9-497F-9EA4-93906F7CCA34}] => D:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
          FirewallRules: [TCP Query User{2C80E373-6253-4F1F-864C-ECF13B898098}D:\program files\adobe\adobe media encoder cc 2014\adobe media encoder.exe] => D:\program files\adobe\adobe media encoder cc 2014\adobe media encoder.exe
          FirewallRules: [UDP Query User{52A89238-6F02-4A72-82B2-B9DD46B37947}D:\program files\adobe\adobe media encoder cc 2014\adobe media encoder.exe] => D:\program files\adobe\adobe media encoder cc 2014\adobe media encoder.exe
          FirewallRules: [{E5E8F9D4-9096-49D5-A2AF-BF08F87BC356}] => C:\Program Files\WindroyeBox\WindroyeBoxHD.exe
          FirewallRules: [{22A92A95-2EFD-48A3-BCA1-56D4FFBB3D48}] => C:\Program Files\WindroyeBox\WindroyeBoxHD.exe
          FirewallRules: [TCP Query User{B5324F6A-85F9-4DBA-BD77-AD8FF8F416BC}C:\users\Explorer\downloads\compresse d\socialkitdemo\socialkit.exe] => C:\users\Explorer\downloads\compressed\socialkitde mo\socialkit.exe
          FirewallRules: [UDP Query User{47EB34F1-4785-40B4-A55B-E75A74E3C3F8}C:\users\Explorer\downloads\compresse d\socialkitdemo\socialkit.exe] => C:\users\Explorer\downloads\compressed\socialkitde mo\socialkit.exe
          FirewallRules: [{5D2B7C1E-6807-45BD-A1DD-1B44917C255C}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
          FirewallRules: [TCP Query User{7E83F546-A71C-4F33-860E-0A0347095156}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
          FirewallRules: [UDP Query User{C569FB11-C736-45E8-ACE3-E60DBAAE78CC}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe

          ==================== Restore Points =========================

          ==================== Faulty Device Manager Devices =============

          Name: Microsoft Teredo Tunneling Adapter
          Description: Microsoft Teredo Tunneling Adapter
          Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
          Manufacturer: Microsoft
          Service: tunnel
          Problem: : This device cannot start. (Code10)
          Resolution: Device failed to start. Click “Update Driver” to update the drivers for this device.
          On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.

          Name: Unknown USB Device (Device Descriptor Request Failed)
          Description: Unknown USB Device (Device Descriptor Request Failed)
          Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
          Manufacturer: (Standard USB Host Controller)
          Service:
          Problem: : Windows has stopped this device because it has reported problems. (Code 43)
          Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

          ==================== Event log errors: =========================
          [HEADING=1]Application errors:[/HEADING]
          Error: (02/03/2017 04:19:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
          Description: Windows cannot load classes registry file.
          DETAIL - Access is denied.

          Error: (02/03/2017 04:19:13 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
          Description: Windows cannot load classes registry file.
          DETAIL - Access is denied.

          Error: (02/03/2017 11:15:50 AM) (Source: Application Error) (EventID: 1000) (User: )
          Description: Faulting application name: AGSService.exe, version: 3.6.0.462, time stamp: 0x588050ed
          Faulting module name: AGSService.exe, version: 3.6.0.462, time stamp: 0x588050ed
          Exception code: 0xc0000005
          Fault offset: 0x0007aea9
          Faulting process id: 0x77c
          Faulting application start time: 0x01d27e0649912eb6
          Faulting application path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
          Faulting module path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
          Report Id: 06f89f45-ea2c-11e6-838f-00dbdf2de1f9
          Faulting package full name:
          Faulting package-relative application ID:

          Error: (02/03/2017 10:33:16 AM) (Source: Application Error) (EventID: 1000) (User: )
          Description: Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
          Faulting module name: ntdll.dll, version: 6.3.9600.18438, time stamp: 0x57ae642e
          Exception code: 0xc0000374
          Fault offset: 0x00000000000f1b70
          Faulting process id: 0x21dc
          Faulting application start time: 0x01d27e12e838235b
          Faulting application path: C:\Windows\explorer.exe
          Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
          Report Id: 143d7dee-ea26-11e6-838f-00dbdf2de1f9
          Faulting package full name:
          Faulting package-relative application ID:

          Error: (02/03/2017 08:29:28 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
          Description: License Activation (slui.exe) failed with the following error code:
          hr=0xC004F074
          Command-line arguments:
          RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=Net workQuarantineRetry

          Error: (02/03/2017 08:25:22 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
          Description: License Activation (slui.exe) failed with the following error code:
          hr=0xC004F074
          Command-line arguments:
          RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=Net workAvailable

          Error: (02/03/2017 08:25:01 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
          Description: License Activation (slui.exe) failed with the following error code:
          hr=0xC004F074
          Command-line arguments:
          RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=Net workAvailable

          Error: (02/03/2017 06:19:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
          Description: Windows cannot load classes registry file.
          DETAIL - Access is denied.

          Error: (02/03/2017 06:19:46 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
          Description: Windows cannot load classes registry file.
          DETAIL - Access is denied.

          Error: (02/03/2017 06:17:53 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
          Description: Windows cannot load classes registry file.
          DETAIL - Access is denied.
          [HEADING=1]System errors:[/HEADING]
          Error: (02/03/2017 04:19:13 PM) (Source: DCOM) (EventID: 10005) (User: RICA)
          Description: DCOM got error “1068” attempting to start the service workfolderssvc with arguments “Unavailable” in order to run the server:
          {DA1C0281-456B-4F14-A46D-8ED2E21A866F}

          Error: (02/03/2017 04:19:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
          Description: The Work Folders service depends on the Windows Search service which failed to start because of the following error:
          The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

          Error: (02/03/2017 04:19:13 PM) (Source: DCOM) (EventID: 10005) (User: RICA)
          Description: DCOM got error “1068” attempting to start the service workfolderssvc with arguments “Unavailable” in order to run the server:
          {DA1C0281-456B-4F14-A46D-8ED2E21A866F}

          Error: (02/03/2017 04:19:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
          Description: The Work Folders service depends on the Windows Search service which failed to start because of the following error:
          The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

          Error: (02/03/2017 04:19:13 PM) (Source: DCOM) (EventID: 10005) (User: RICA)
          Description: DCOM got error “1068” attempting to start the service workfolderssvc with arguments “Unavailable” in order to run the server:
          {DA1C0281-456B-4F14-A46D-8ED2E21A866F}

          Error: (02/03/2017 04:19:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
          Description: The Work Folders service depends on the Windows Search service which failed to start because of the following error:
          The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

          Error: (02/03/2017 04:19:13 PM) (Source: DCOM) (EventID: 10005) (User: RICA)
          Description: DCOM got error “1068” attempting to start the service workfolderssvc with arguments “Unavailable” in order to run the server:
          {DA1C0281-456B-4F14-A46D-8ED2E21A866F}

          Error: (02/03/2017 04:19:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
          Description: The Work Folders service depends on the Windows Search service which failed to start because of the following error:
          The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

          Error: (02/03/2017 03:06:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
          Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

          Error: (02/03/2017 03:06:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
          Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
          [HEADING=1]CodeIntegrity:[/HEADING]
          Date: 2016-08-09 20:39:36.657
          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

          Date: 2016-08-09 20:39:36.076
          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

          Date: 2016-08-09 20:38:39.909
          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

          Date: 2016-08-09 20:38:39.588
          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

          Date: 2016-08-09 19:52:52.171
          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

          Date: 2016-08-09 19:52:51.215
          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

          Date: 2016-08-09 19:52:13.870
          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

          Date: 2016-08-09 19:52:12.923
          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

          Date: 2016-08-09 19:51:22.427
          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

          Date: 2016-08-09 19:51:21.486
          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

          ==================== Memory info ===========================

          Processor: Intel(R) Core™ i7-2620M CPU @ 2.70GHz
          Percentage of memory in use: 81%
          Total physical RAM: 8086.16 MB
          Available physical RAM: 1468.86 MB
          Total Virtual: 19435.36 MB
          Available Virtual: 2952.81 MB

          ==================== Drives ================================

          Drive c: () (Fixed) (Total:150.22 GB) (Free:1.57 GB) NTFS
          Drive d: () (Fixed) (Total:533.67 GB) (Free:12.88 GB) NTFS
          Drive g: (Elements) (Fixed) (Total:931.48 GB) (Free:2.03 GB) NTFS
          Drive h: (My Passport) (Fixed) (Total:1862.98 GB) (Free:2.72 GB) NTFS
          Drive n: () (Fixed) (Total:3725.99 GB) (Free:3505.34 GB) NTFS

          ==================== MBR & Partition Table ==================

          ================================================== ======
          Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 4BDD9F5B)
          Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

          ================================================== ======
          Disk: 2 (Size: 3726 GB) (Disk ID: 0229E0E8)

          Partition: GPT.

          ================================================== ======
          Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
          Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

          ==================== End of Addition.txt ============================[/SPOILER]

            Comment

            • Malnutrition
              PCHF Moderator
              • Jul 2016
              • 7041
              #4
              While I look over things. Please run these three tools.

              Zemana Deep Scan.

              [ul]
              • [li]Right click on Zemana and run as admin.[/li][/ul]
                [ul]
                [li]Click the Cog/Sproket Wheel, at the top right of Zemana[/li][/ul]
                [ul]
                [li]Select Advanced - I have read the warning and wish to proceed.[/li][/ul]
                [ul]
                [li]Place a tick next to Detect Suspicious (Root CA) Certificates.[/li][/ul]
                [ul]
                [li]Then click the house icon in Zemana.[/li][/ul]
                [ul]
                [li]Then hit your start button at the lower left hand corner of your desktop.[/li][/ul]
                [ul]
                [li]Then left click on Computer.[/li][/ul]
                [ul]
                [li]Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.[/li][/ul]
                [ul]
                [li]http://i.imgur.com/bOVO6lY.png[/li][/ul]
                [ul]
                [li]Once the scan has completed click graph icon on the top right of the programs User interface.[/li][/ul]
                [ul]
                [li]Double click to open the latest log-file.[/li][/ul]
                [ul]
                [li]Copy it to your clipboard.[/li][/ul]
                [ul]
                [li]Post the log here in your next reply.[/li][/ul]


              Rogue Killer Scan.

              Download RogueKiller from one of the following links and save it to your Desktop:

              Link 1
              Link 2
              [ul]
              [li]Close all the running programs[/li][li]Double click on downloaded setup.exe file to install the program.[/li][li]Click on Start Scan button.[/li][li]Click on another Start Scan button.[/li][li]Wait until the Status box shows Scan Finished[/li][li]Click on Delete.[/li][/ul]
              [ul]
              [li]Wait until the Status box shows Deleting Finished.[/li][/ul]
              [ul]
              [li]Click on Report and copy/paste the content of the Notepad into your next reply.[/li][/ul]
              [ul]
              [li]RKreport.txt could also be found on your desktop.[/li][li]If more than one log is produced post all logs.[/li][/ul]
              Adware Cleaner Scan.

              Please download AdwCleaner by Xplode onto your desktop.

              [ul]
              [li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

                Comment

                • Malnutrition
                  PCHF Moderator
                  • Jul 2016
                  • 7041
                  #5
                  Uninstall these items below with Geek Uninstaller. If something will not un install then use Force Mode.

                  You may re-install Crypto Prevent when we are done here.
                  [HEADING=1]µTorrent (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
                  Bitcoin Core (64-bit) (HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Bitcoin Core (64-bit)) (Version: 0.10.0 - Bitcoin Core project)
                  Facebook Video Calling 3.1.0.521 (HKLM-x32...{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
                  Java 8 Update 111 (64-bit) (HKLM...{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
                  Java 8 Update 111 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
                  qBittorrent 3.3.3 (HKLM-x32...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
                  CryptoPrevent (HKLM-x32...{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)

                  Reboot your machine after removing these programs…[/HEADING]
                  It appears that your Eset Antivirus is only partially installed. It is listed here:

                  AV: ESET NOD32 Antivirus 9.0.408.0 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
                  AS: ESET NOD32 Antivirus 9.0.408.0 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}

                  But not listed in your installed programs. There is also only one service running from the antivirus.

                  R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2770312 2016-11-13] (ESET)
                  [HEADING=1]Can you confirm if the antivirus is indeed working?[/HEADING]

                  Clean up temp files and reduce startup load with CCleaner.

                  [ul]
                  [li]Download CCleaner from here.[/li][li]After install Click Options.[/li][li]Go to monitoring.[/li][li]Uncheck All Monitoring items.[/li][li]Go to advanced – Click close program after cleaning.[/li][li]Go to settings – click run ccleaner when the computer starts.[/li][li]Now that you have ccleaner installed and set-up:[/li][li]Open the program.[/li][li]Go to Tools[/li][li]Go to Startup[/li][li]Now double click each item. To Disable.[/li][li]Leave only your antivirus enabled.[/li][li]Then disable All items in your scheduled task as well.[/li][li]Unless they are related to windows defender.Or your antivirus.[/li][li]Reboot the machine.[/li][/ul]

                  FRST Fix.

                  Click Here To Download Fixlist.

                  Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

                  After you have posted the FRST fix.

                  Disable your Antivirus & Anti spyware applications!!
                  Download Autologger to your desktop.
                  Create a new folder on desktop.
                  Unzip it there.
                  Right click Autologger and run as admin.
                  AVZ4 will open and scan your machine, allow this to complete.
                  Upload Collectionlog.zip to your next reply.
                  [MEDIA=imgur]KA81Q57[/MEDIA]

                    Comment

                    • Malnutrition
                      PCHF Moderator
                      • Jul 2016
                      • 7041
                      #6
                      @rspulma How about an update for us?

                        Comment

                        • Malnutrition
                          PCHF Moderator
                          • Jul 2016
                          • 7041
                          #7
                          Hello @rspulma how are you moving along with the instructions? Have you got an update for us?

                          Please update this thread within 48 hours, or it will be closed. You can however have it re-opened at any time, by sending a private message to a staff member.

                            Comment

                            • rspulma
                              PCHF Member
                              • Feb 2017
                              • 7
                              #8
                              I am sorry for my late answer. I will publish everything today.

                                Comment

                                • Malnutrition
                                  PCHF Moderator
                                  • Jul 2016
                                  • 7041
                                  #9
                                  Thanks. We all volunteer our time here. So a followup from the OP is nice.

                                    Comment

                                    • rspulma
                                      PCHF Member
                                      • Feb 2017
                                      • 7
                                      #10
                                      Originally posted by Malnutrition
                                      Thanks. We all volunteer our time here. So a followup from the OP is nice.
                                      “Followup from the OP” I am sorry but I didn’t understand this part (((
                                      I answered to you by primate mail.
                                      Thank you very much guys!
                                      The antiviturs is not installed I deleted NOD32 so i think I have to use special utility from ESET to delete nod32 totally in safe mod.

                                        Comment

                                        • Malnutrition
                                          PCHF Moderator
                                          • Jul 2016
                                          • 7041
                                          #11
                                          Originally posted by rspulma
                                          “Followup from the OP” I am sorry but I didn’t understand this part (((
                                          It means that to have you come back and reply is nice, rather than you just letting this thread sit without an answer.

                                            Comment

                                            • rspulma
                                              PCHF Member
                                              • Feb 2017
                                              • 7
                                              #12
                                              Originally posted by Malnutrition
                                              It means that to have you come back and reply is nice, rather than you just letting this thread sit without an answer.
                                              I am very sorry this week was very busy also all of that program takes so much time for reports, next time I will be more aware about it and publish my request considering time factor. Thank you very much!

                                                Comment

                                                • Malnutrition
                                                  PCHF Moderator
                                                  • Jul 2016
                                                  • 7041
                                                  #13
                                                  @rspulma how about an update?

                                                    Comment

                                                    • Malnutrition
                                                      PCHF Moderator
                                                      • Jul 2016
                                                      • 7041
                                                      #14
                                                      Hello @rspulma how are you moving along with the instructions? Have you got an update for us?

                                                      Please update this thread within 48 hours, or it will be closed. You can however have it re-opened at any time, by sending a private message to a staff member.

                                                        Comment

                                                        • rspulma
                                                          PCHF Member
                                                          • Feb 2017
                                                          • 7
                                                          #15
                                                          Hello I am very sorry for long answer this is the file fixlog.txt
                                                          The problem still exists…
                                                          This is the file fixlog.txt:

                                                          Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
                                                          [/quote]

                                                          [HEADING=1]Ran by Traveller (23-02-2017 21:20:52) Run:1
                                                          Running from D:\FRST64
                                                          Loaded Profiles: Traveller (Available Profiles: Traveller & named)
                                                          Boot Mode: Normal[/HEADING]
                                                          fixlist content:

                                                          start
                                                          CloseProcesses:
                                                          CreateRestorePoint:
                                                          Emptytemp:
                                                          HKLM...\StartupApproved\Run32: => “iTunesHelper”
                                                          HKLM...\StartupApproved\Run32: => “QuickTime Task”
                                                          C:\Windows\system32\Drivers\etc\hosts
                                                          hosts:
                                                          HKU.DEFAULT\Software\Classes\exefile: “%1” %* <===== ATTENTION
                                                          HKU.DEFAULT\Software\Classes.exe: exefile => “%1” %* <===== ATTENTION
                                                          HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WRkrn => “”=“Driver”
                                                          HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\WRSVC => “”=“Service”
                                                          AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A [131]
                                                          AlternateDataStreams: C:\ProgramData\TEMP:A064CECC [144]
                                                          AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [194]
                                                          AlternateDataStreams: C:\ProgramData\TEMP5FBE8F9 [157]
                                                          AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
                                                          AlternateDataStreams: C:\Users\Traveller\Desktop\Inner-Light.jpg:$CmdZnID [26]
                                                          AlternateDataStreams: C:\Users\Traveller\Downloads\Keygen-MESMERiZE.rar:$CmdTcID [64]
                                                          AlternateDataStreams: C:\Users\Traveller\Downloads\Keygen-MESMERiZE.rar:$CmdZnID [26]
                                                          AlternateDataStreams: C:\Users\Traveller\Downloads\pijano (mastered).mp3:$CmdTcID [64]
                                                          AlternateDataStreams: C:\Users\Traveller\Downloads\pijano (mastered).mp3:$CmdZnID [26]
                                                          AlternateDataStreams: C:\Users\Traveller\Downloads\pocket.crx:$CmdZnID [26]
                                                          AlternateDataStreams: C:\Users\Traveller\Downloads\Reset_antispam_0.3.1. 7z:$CmdZnID [26]
                                                          AlternateDataStreams: C:\Users\Traveller\Downloads\rokcandy-2.0.1 (1).zip:$CmdZnID [26]
                                                          AlternateDataStreams: C:\Users\Traveller\Downloads\root.crt:$CmdZnID [26]
                                                          AlternateDataStreams: C:\Users\Traveller\Downloads\root.der:$CmdZnID [26]
                                                          AlternateDataStreams: C:\Users\Traveller\Downloads\You Will Not Face This Alone.mp3:$CmdTcID [64]
                                                          AlternateDataStreams: C:\Users\Traveller\Downloads\You Will Not Face This Alone.mp3:$CmdZnID [26]
                                                          AlternateDataStreams: C:\Users\Traveller\Downloads[kickass.so]hotline.miami.update.3.gog.torrent:$CmdZnID [26]
                                                          Shortcut: C:\Users\Traveller\Favorites\FileOptimizer Home Page.lnk → hxxp://nikkhokkho.sourceforge.net/static.php?page=FileOptimize
                                                          Shortcut: C:\Users\Traveller\Favorites\NCH Software Download Site.lnk → hxxp://www.nch.com.au/index.htm
                                                          Shortcut: C:\Users\Traveller\Dropbox\Равиль\для меня.lnk → C:\Users\o_O\Documents\для меня (No File) <===== Cyrillic
                                                          Shortcut: C:\Users\Traveller\Desktop\Домашняя бухгалтерия 5.lnk → C:\Program Files (x86)\Keepsoft\HomeBuh5\HomeBuh5.exe (Keepsoft) <===== Cyrillic
                                                          Shortcut: C:\Users\Traveller\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Yamb 2.1.0.0 beta 2\Yamb - Website.lnk → hxxp://yamb.unite-video.com
                                                          ShortcutWithArgument: C:\Users\Traveller\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Chrome Apps\WorkFlowy.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=koegeopamaoljbmhnfjbclbocehhgmkm
                                                          ShortcutWithArgument: C:\Users\Traveller\AppData\Roaming\Microsoft\Inter net Traveller\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click &Clean.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
                                                          ShortcutWithArgument: C:\Users\Traveller\AppData\Roaming\Microsoft\Inter net Traveller\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Hango uts.lnk → C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) → --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd
                                                          ShortcutWithArgument: C:\Users\Traveller\AppData\Roaming\Microsoft\Inter net Traveller\Quick Launch\User Pinned\ImplicitAppShortcuts\5a7f1fc1149619d6\Epic Privacy Browser.lnk → C:\Users\Traveller\AppData\Local\Epic Privacy Browser\Application\epic.exe (Hidden Reflex) → --profile-directory=Default
                                                          Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA.job => C:\Users\Traveller\AppData\Local\Dropbox\Update\Dr opboxUpdate.exe
                                                          Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core.job => C:\Users\Traveller\AppData\Local\Facebook\Update\F acebookUpdate.exe
                                                          Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6986c 118e050.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                                          Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0001d7 3c8b334.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                                          Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cfd791cbe00d3.job => C:\Users\Traveller\AppData\Local\Google\Update\Goo gleUpdate.exe
                                                          Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cfed3dadc0292f.job => C:\Users\Traveller\AppData\Local\Google\Update\Goo gleUpdate.exe
                                                          Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cffedb14d73815.job => C:\Users\Traveller\AppData\Local\Google\Update\Goo gleUpdate.exe
                                                          Task: {FCC01015-90D3-40BB-A7B7-FB8C342A9385} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1d0411f110ceba0 => C:\Users\Traveller\AppData\Local\Google\Update\Goo gleUpdate.exe [2015-08-31] (Google Inc.)
                                                          Task: {CA479769-6B76-4C74-B358-67423E5E14AE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
                                                          Task: {D3E94B6F-E162-41ED-A78D-49068CC7ED23} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
                                                          Task: {DAAEF8CA-94B0-46E6-94ED-FDC4B3E4AF4A} - System32\Tasks{2F3CCF69-1646-4DB0-AFD2-72E35FF466E2} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/ru/abandoninstall?page=tsMain
                                                          Task: {DDB4C5BF-2FE1-41E1-8D6F-FE99673976A4} - System32\Tasks{CA56EAE6-5E60-454F-8EE2-3825A791791D} => pcalua.exe -a C:\Users\Traveller\Downloads\Programs\CardReader_J Micron_W7_A01_TKH3F_ZPE.exe -d C:\Users\Traveller\AppData\Roaming\IDM
                                                          Task: {E050D551-CEF3-49EA-B469-70424D4A805A} - System32\Tasks\Opera scheduled Autoupdate 1408935599 => C:\Program Files (x86)\Opera\launcher.exe
                                                          Task: {E2DB1668-3E8B-457C-AF8E-95E39708C96A} - System32\Tasks{2090741D-AF19-4C0D-987B-D5AD2CA171A4} => pcalua.exe -a “H:\Games\Teenage Mutant Ninja Turtles\TMNT.EXE” -d “H:\Games\Teenage Mutant Ninja Turtles”
                                                          Task: {91E9E3CA-F7D9-4D12-A30D-BB7ADA79C6DC} - System32\Tasks\Chameleon Startup Manager-Traveller => C:\Program Files (x86)\Chameleon Startup Manager\manager.exe [2015-02-10] (NeoSoft Tools)
                                                          Task: {92C88288-96C8-4FDF-A609-217497BFBEF9} - \Pointstone\System Cleaner\Log On Notice → No File <==== ATTENTION
                                                          Task: {9822B3AD-B62E-42E8-8E38-EFEAEF22F1B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA => C:\Users\Traveller\AppData\Local\Google\Update\Goo gleUpdate.exe [2015-08-31] (Google Inc.)
                                                          Task: {9CBC36AC-65A1-4EE6-ADFE-AFF60472DD16} - System32\Tasks\Chameleon Monitor-startup-Traveller => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [2015-02-10] (NeoSoft Tools)
                                                          Task: {A549169A-D962-4B64-81D2-C964B9449C9A} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
                                                          Task: {4AC54D11-6DD2-4038-A5FF-94888CBDEE05} - System32\Tasks\Run RoboForm TaskBar Icon => D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
                                                          Task: {5296151F-94E0-4363-BD38-3D32EB8820F6} - {505A68B3-E825-4D29-AC08-B71CA2308CF5} → No File <==== ATTENTION
                                                          Task: {5F4BF8A0-2FF1-467F-916B-CC2DAC8D72B1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
                                                          Task: {6A53FC7F-5F79-4FB4-8C68-579E7C847A2D} - System32\Tasks{F5A09CDD-01AF-42BB-88BB-10471CCE6707} => pcalua.exe -a “C:\Program Files\ReviverSoft\Registry Reviver\Uninstall.exe”
                                                          Task: {7476B54B-CDB4-47A2-85FC-8F1BC37E7E33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
                                                          Task: {7B81CF39-A304-40ED-B0FA-E97FCA106CC3} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler “hxxp://www.roboform.com/uninstall.html?aaa=KICMHMKMJMPMGMNMNMKJCNMMNJNMOJC NLMOJGMOJCNGMLJKJMJCNJJJJOMJMKJLMGMJJLMJMOJMMJNJIC MIMCNGMCNNMNMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMP MCNNMJNPICMHMFMFMOMPMJNHICMEKMICNJJCKJNBJCMLKNIOJJ IKJDJDJKJNIJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMPMFM (the data entry has 35 more characters).
                                                          Task: {8033146A-54E7-453E-A3E9-FC0972A14F1A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
                                                          Task: {8D6A16C1-3BA2-4877-85C3-A3631C653532} - System32\Tasks{A1D5D0E4-BB6C-4E3C-BD67-E5A8C0E74A2E} => pcalua.exe -a C:\Users\Traveller\Downloads\Programs\MDAC_TYP.EXE -d C:\Users\Traveller\AppData\Roaming\IDM
                                                          Task: {8EC5BF83-AC06-4190-A64A-4096E5BBCD19} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
                                                          Task: {3C7DF767-9E4B-4F3B-841D-95887E75AEFD} - \Pointstone\System Cleaner\Daily Notice → No File <==== ATTENTION
                                                          Task: {43A17CBD-36AD-4BFB-B3C5-1FEF32E15681} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
                                                          Task: {4515A598-639B-489A-B22D-0FF6267D4734} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\SymErr.exe
                                                          Task: {00CE6CA9-7691-46ED-A32B-41B5D8052A0B} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\SymErr.exe
                                                          Task: {063A6DF0-D9DF-4D01-98C0-43B458DBC34F} - System32\Tasks{36E7CDCE-3B01-4650-8948-AF254DEB073C} => pcalua.exe -a C:\Users\Traveller\Downloads\Programs\Shtrl4.exe -d C:\Users\Traveller\AppData\Roaming\IDM
                                                          Task: {0A4E987C-6912-497D-A2C5-DDC107B9467C} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount...st@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [2016-01-07] (Adobe Systems Incorporated)
                                                          Task: {0AC4904A-8372-4020-9BFF-55B687BCD936} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
                                                          Task: {0CB03F15-7BBF-4237-8FBB-FE6F3FA35FCD} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6986c11 8e050 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
                                                          Task: {197671D1-207D-49D1-A944-E0D46AEF8027} - System32\Tasks\GoogleUpdateTaskMachineUA1d041918bd fa750 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
                                                          Task: {2409A78A-85F7-40FD-AD75-A78F381E4B62} - System32\Tasks\Chameleon Monitor-Traveller => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [2015-02-10] (NeoSoft Tools)
                                                          Task: {2D04D24E-3525-4A26-A43D-33B1A0FF27BC} - System32\Tasks\GoogleUpdateTaskMachineUA1d0001d73c 8b334 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
                                                          2017-01-25 21:59 - 2014-10-28 20:58 - 1040384 _____ (Microsoft Corporation) C:\Users\Traveller\AppData\Local\Temp\kernel32.dll
                                                          2017-02-02 03:56 - 2017-02-02 03:56 - 1066336 _____ (Microsoft Corporation) C:\Users\Traveller\AppData\Local\Temp\PidGenX.dll
                                                          C:\ProgramData\RegistryReviver.exe
                                                          2017-01-31 15:20 - 2017-01-31 15:20 - 0046951 _____ () C:\ProgramData\agent.1485894021.bdinstall.bin
                                                          2017-01-31 15:34 - 2017-01-31 15:34 - 0029177 _____ () C:\ProgramData\agent.1485894894.bdinstall.bin
                                                          2014-11-12 13:47 - 2017-01-07 23:48 - 0000043 _____ () C:\Users\Traveller\AppData\Local~wmrg
                                                          2013-12-08 20:43 - 2015-02-18 03:30 - 0026624 _____ () C:\Users\Traveller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
                                                          2014-05-10 23:31 - 2015-03-01 20:06 - 0000010 _____ () C:\Users\Traveller\AppData\Local.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
                                                          2015-03-20 13:48 - 2015-06-10 16:01 - 0000010 _____ () C:\Users\Traveller\AppData\Local.DG212F11-EC8C-210D-DE1E-D9584D18D740
                                                          2015-09-13 17:11 - 2017-01-23 21:29 - 0000109 ___SH () C:\Users\Traveller\AppData\Local\00000128
                                                          2017-01-07 23:48 - 2014-11-12 13:47 - 00000043 _____ C:\Users\Traveller\AppData\Local~wmrg
                                                          2017-01-12 20:06 - 2016-03-25 22:26 - 00000000 ____D C:\Users\Traveller\AppData\Roaming\qBittorrent
                                                          2017-01-18 02:51 - 2016-01-31 18:31 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
                                                          2017-01-23 21:29 - 2015-09-13 17:11 - 00000109 ___SH C:\Users\Traveller\AppData\Local\00000128
                                                          2017-01-28 22:45 - 2016-07-06 10:47 - 00000000 ____D C:\ProgramData\WRData
                                                          2017-02-02 03:55 - 2013-12-09 02:12 - 00000000 ____D C:\Users\Traveller\AppData\Roaming\uTorrent
                                                          2017-02-02 17:25 - 2013-12-09 00:43 - 00000000 ____D C:\Windows\system32\MRT
                                                          2017-02-02 17:19 - 2013-12-09 00:43 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
                                                          2017-02-03 16:17 - 2014-05-06 18:56 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6986c 118e050.job
                                                          2017-02-03 15:40 - 2013-12-06 08:24 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-925185676-1098965860-4220522822-1001
                                                          2017-02-03 16:23 - 2013-12-22 10:56 - 00000000 ____D C:\ProgramData\TEMP
                                                          2017-02-03 16:22 - 2014-11-14 10:12 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0001d7 3c8b334.job
                                                          2014-01-20 11:42 - 2015-11-25 00:49 - 0000132 _____ () C:\Users\Traveller\AppData\Roaming\Adobe BMP Format CC Prefs
                                                          2014-04-07 02:17 - 2014-04-07 02:17 - 0000132 _____ () C:\Users\Traveller\AppData\Roaming\Adobe GIF Format CC Prefs
                                                          2013-12-11 21:28 - 2015-11-03 00:53 - 0000132 _____ () C:\Users\Traveller\AppData\Roaming\Adobe PNG Format CC Prefs
                                                          2016-03-15 12:37 - 2017-01-24 14:30 - 0000034 _____ () C:\Users\Traveller\AppData\Roaming\AdobeWLCMCache. dat
                                                          2015-01-06 12:56 - 2013-07-22 03:59 - 0012005 _____ () C:\Users\Traveller\AppData\Roaming\alsoft.ini
                                                          2014-10-20 16:41 - 2014-10-31 23:06 - 0000268 ___RH () C:\Users\Traveller\AppData\Roaming\Ambience
                                                          2016-12-29 21:29 - 2016-12-29 21:29 - 0000003 _____ () C:\Users\Traveller\AppData\Roaming\CheckWinVer.log
                                                          2016-01-14 19:40 - 2016-04-02 10:04 - 0002044 _____ () C:\Users\Traveller\AppData\Roaming\droid4xinstalle r.log
                                                          2016-04-28 15:56 - 2016-04-28 15:56 - 0347908 _____ () C:\Users\Traveller\AppData\Roaming\FontInfo.bin
                                                          2016-04-28 15:56 - 2016-04-28 15:56 - 0105744 _____ () C:\Users\Traveller\AppData\Roaming\GlyphInfo.bin
                                                          2015-03-20 14:21 - 2015-03-20 17:37 - 0576521 _____ () C:\Users\Traveller\AppData\Roaming\PS14_panel.log
                                                          2014-12-17 12:17 - 2014-12-17 12:17 - 0002114 _____ () C:\Users\Traveller\AppData\Roaming\SAS7_000.DAT
                                                          2013-12-09 08:33 - 2017-01-25 20:02 - 0000600 _____ () C:\Users\Traveller\AppData\Roaming\winscp.rnd
                                                          2015-08-10 11:58 - 2015-08-10 11:58 - 0038508 _____ () C:\Users\Traveller\AppData\Roaming\Значения, разделенные запятыми.ADR
                                                          2014-05-10 23:31 - 2015-03-01 20:06 - 0000010 _____ () C:\Users\Traveller\AppData\Local.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
                                                          2015-03-20 13:48 - 2015-06-10 16:01 - 0000010 _____ () C:\Users\Traveller\AppData\Local.DG212F11-EC8C-210D-DE1E-D9584D18D740
                                                          2015-09-13 17:11 - 2017-01-23 21:29 - 0000109 ___SH () C:\Users\Traveller\AppData\Local\00000128
                                                          2013-12-08 14:40 - 2013-12-12 18:22 - 144752885 _____ () C:\Users\Traveller\AppData\Local\ACCCx2_2_1_260.zi p.aamdownload
                                                          2013-12-08 14:40 - 2013-12-12 18:22 - 0001817 _____ () C:\Users\Traveller\AppData\Local\ACCCx2_2_1_260.zi p.aamdownload.aamd
                                                          2013-12-13 13:29 - 2017-01-30 22:00 - 0001456 _____ () C:\Users\Traveller\AppData\Local\Adobe Save for Web 13.0 Prefs
                                                          2013-12-08 20:43 - 2015-02-18 03:30 - 0026624 _____ () C:\Users\Traveller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
                                                          2015-01-30 19:03 - 2015-01-31 08:24 - 0342476 _____ () C:\Users\Traveller\AppData\Local\helpman.imc
                                                          2017-01-31 16:08 - 2017-01-31 16:08 - 0000036 _____ () C:\Users\Traveller\AppData\Local\housecall.guid.ca che
                                                          2016-07-30 16:39 - 2016-07-30 16:39 - 0000001 _____ () C:\Users\Traveller\AppData\Local\llftool.4.40.agre ement
                                                          2016-07-05 09:20 - 2017-01-31 18:38 - 0000600 _____ () C:\Users\Traveller\AppData\Local\PUTTY.RND
                                                          2015-12-04 08:42 - 2015-12-04 08:42 - 0000847 _____ () C:\Users\Traveller\AppData\Local\recently-used.xbel
                                                          2014-06-22 23:21 - 2016-10-13 13:36 - 0007583 _____ () C:\Users\Traveller\AppData\Local\Resmon.ResmonCfg
                                                          2017-01-31 17:31 - 2017-02-01 19:13 - 0000010 _____ () C:\Users\Traveller\AppData\Local\sponge.last.runti me.cache
                                                          2014-11-12 13:47 - 2017-01-07 23:48 - 0000043 _____ () C:\Users\Traveller\AppData\Local~wmrg
                                                          2017-01-31 15:20 - 2017-01-31 15:20 - 0046951 _____ () C:\ProgramData\agent.1485894021.bdinstall.bin
                                                          2017-01-31 15:34 - 2017-01-31 15:34 - 0029177 _____ () C:\ProgramData\agent.1485894894.bdinstall.bin
                                                          2017-01-18 22:06 - 2017-01-18 22:06 - 00002652 _____ C:\Users\Traveller\AppData\LocalLow\wbkD99A.tmp
                                                          2017-01-31 16:26 - 2017-02-01 08:25 - 00407608 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
                                                          2017-01-31 16:09 - 2017-02-01 21:18 - 00000000 ____D C:\ProgramData\Trend Micro
                                                          2017-01-31 16:08 - 2017-01-31 16:08 - 00000036 _____ C:\Users\Traveller\AppData\Local\housecall.guid.ca che
                                                          2017-01-31 16:03 - 2017-01-31 16:06 - 145050392 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
                                                          2017-01-31 15:34 - 2017-01-31 15:34 - 00029177 _____ C:\ProgramData\agent.1485894894.bdinstall.bin
                                                          2017-01-31 15:20 - 2017-01-31 15:20 - 00046951 _____ C:\ProgramData\agent.1485894021.bdinstall.bin
                                                          2017-02-01 17:12 - 2017-02-01 21:18 - 00000000 ____D C:\Users\Traveller\AppData\Local\Trend Micro
                                                          U3 DfSdkS; no ImagePath
                                                          S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys
                                                          U0 SR; no ImagePath
                                                          U2 srservice; no ImagePath
                                                          S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys
                                                          S3 RTCore64; no ImagePath
                                                          S3 NAVENG; no ImagePath
                                                          S3 NAVEX15; no ImagePath
                                                          S3 DIRECTIO; no ImagePath
                                                          CHR HKLM-x32...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - <no Path/update_url>
                                                          CHR HKLM-x32...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
                                                          CHR HKLM-x32...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
                                                          CHR HKLM...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
                                                          CHR Extension: (YSlow) - C:\Users\Traveller\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ninejjcohidippngpapiilnmkg llmakh [2016-10-18]
                                                          CHR Extension: (Autofill) - C:\Users\Traveller\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddk bbfkkk [2017-01-04]
                                                          CHR Extension: (Chrome Web Store Payments) - C:\Users\Traveller\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-01-18]
                                                          CHR Extension: (COPY URL) - C:\Users\Traveller\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\mkhnbhdofgaendegcgbmndipmi jhbili [2016-03-29]
                                                          CHR Extension: (YouTube) - C:\Users\Traveller\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-09-24]
                                                          CHR Extension: (Google Search) - C:\Users\Traveller\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-10-28]
                                                          FF Plugin ProgramFiles/Appdata: C:\Users\Traveller\AppData\Roaming\mozilla\plugins \npgoogletalk.dll [2015-12-08] (Google)
                                                          FF Plugin ProgramFiles/Appdata: C:\Users\Traveller\AppData\Roaming\mozilla\plugins \npo1d.dll [2015-12-08] (Google)
                                                          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @tools.google.com/Google Update;version=3 → C:\Users\Traveller\AppData\Local\Google\Update\1.3 .32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
                                                          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @tools.google.com/Google Update;version=9 → C:\Users\Traveller\AppData\Local\Google\Update\1.3 .32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
                                                          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @unity3d.com/UnityPlayer,version=1.0 → C:\Users\Traveller\AppData\LocalLow\Unity\WebPlaye r\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
                                                          FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 → C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
                                                          FF Plugin-x32: adobe.com/AdobeAAMDetect → C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
                                                          FF Plugin-x32: wacom.com/WacomTabletPlugin → C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
                                                          FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @Skype Limited.com/Facebook Video Calling Plugin → C:\Users\Traveller\AppData\Local\Facebook\Video\Sk ype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
                                                          FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
                                                          FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
                                                          C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → autoconfig_url”, “data:text/javascript,function FindProxyForURL(url, host) {if ((host == "[www.abc.net.au]('http://www.abc.net.au')”)
                                                          (host == "iview.abc.net.au")
                                                          (host == "iviewmetered-vh.akamaihd.net")
                                                          (url.indexOf("proxmate=au") != -1)
                                                          (host == "livestream.com")
                                                          (host == "[www.livestream.com]('http://www.livestream.com')“)
                                                          (host == "api.new.livestream.com")
                                                          (host == "player.ooyala.com")
                                                          (host == "xnewsvidhd-vh.akamaihd.net")
                                                          (host == "[www.animelab.com]('http://www.animelab.com')”)
                                                          (host == "dcgm6i50yfgtk.cloudfront.net")) { return ‘PROXY au-node.proxmate.me:8008’ } else if ((url.indexOf("proxmate=ca") != -1)
                                                          (host == "ici.tou.tv")
                                                          (host == "toutvuniver1-vh.akamaihd.net")
                                                          (host == "geoip.radio-canada.ca")
                                                          (host == "api.radio-canada.ca")
                                                          (host == "images.tou.tv")
                                                          (host == "player.siriusxm.ca")
                                                          (host == "primary.hls-streaming.production.streaming.siriusxm.ca")
                                                          (host == "now.sportsnet.ca")
                                                          (host == "watch.sportsnet.ca")
                                                          (host == "player.9c9media.com")
                                                          (host == "metrics.ctv.ca")
                                                          (host == "capi.9c9media.com")
                                                          (host == "[www.ctv.ca]('http://www.ctv.ca')“)
                                                          (host == "[www.willow.tv]('http://www.willow.tv')”)
                                                          (host == "willowtv.live-s.cdn.bitgravity.com")) { return ‘PROXY ca-node.proxmate.me:8008’ } else if ((host == "arte.tv")
                                                          (host == "[www.arte.tv]('http://www.arte.tv')“)
                                                          (host == "geoftv-a.akamaihd.net")
                                                          (host == "hdfauthftv-a.akamaihd.net")
                                                          (host == "replayftv-vh.akamaihd.net")
                                                          (host == "ftvingest-vh.akamaihd.net")
                                                          (host == "live.francetv.fr")
                                                          (host == "d8.tv")
                                                          (host == "[www.d8.tv]('http://www.d8.tv')”)
                                                          (host == "us-cplus-aka.canal-plus.com")
                                                          (host == "hds_live_d8_aka-lh.akamaihd.net")
                                                          (host == "d17.tv")
                                                          (host == "[www.d17.tv]('http://www.d17.tv')“)
                                                          (host == "hds_live_d17_aka-lh.akamaihd.net")
                                                          (url.indexOf("proxmate=fr") != -1)
                                                          (host == "[www.6play.fr]('http://www.6play.fr')”)
                                                          (host == "geo.6cloud.fr")
                                                          (host == "proxy-021.dc3.dailymotion.com")
                                                          (host == "proxy-67.dailymotion.com")
                                                          (host == "prof.estat.com")
                                                          (host == "metrics.dailymotion.com")
                                                          (host == "[www.dailymotion.com]('http://www.dailymotion.com')“)
                                                          (host == "vmap.snappytv.com")) { return ‘PROXY fr-node.proxmate.me:8008’ } else if ((host == "vod-akamai-psd-hds.p7s1digital.de")
                                                          (host == "vas.sim-technik.de")
                                                          (url.indexOf("proxmate=de") != -1)
                                                          (host == "nightclub.de")
                                                          (host == "zdf.de")
                                                          (host == "[www.zdf.de]('http://www.zdf.de')”)
                                                          (host == "zdf_hds_de-f.akamaihd.net")
                                                          (host == "api.nowtv.de")
                                                          (host == "delivestream-lh.akamaihd.net")
                                                          (host == "cdnapi.kaltura.com")
                                                          (host == "disneychannel.de")
                                                          (host == "[www.southpark.de]('http://www.southpark.de')“)) { return ‘PROXY de-node.proxmate.me:8008’ } else if ((host == "[www.tg4.ie]('http://www.tg4.ie')”)
                                                          (url.indexOf("proxmate=ie") != -1)) { return ‘PROXY ie-node.proxmate.me:8008’ } else if ((host == "rai.tv")
                                                          (host == "[www.rai.tv]('http://www.rai.tv')“)
                                                          (host == "mediapolis.rai.it")
                                                          (host == "[www.rai.it]('http://www.rai.it')”)
                                                          (host == "stream5.rai.it")
                                                          (host == "stream6.rai.it")
                                                          (host == "stream7.rai.it")
                                                          (host == "sspushrai1-s.akamaihd.net")
                                                          (host == "sspushrai2-s.akamaihd.net")
                                                          (host == "sspushraisport2-s.akamaihd.net")
                                                          (host == "sspushrai3-s.akamaihd.net")
                                                          (host == "secondary.adaptiveedge.rai.it")
                                                          (host == "rai-italia01.wt-eu02.net")
                                                          (host == "download.rai.tv")
                                                          (host == "mediapolisvod.rai.it")
                                                          (host == "ww.rai.tv")
                                                          (host == ".xuniplay.fdnames.com")
                                                          (url.indexOf("xuniplay.fdnames.com") != -1)
                                                          (host == "se-to1-8.se.live3.msf.ticdn.it")
                                                          (host == "live.shinystat.com")
                                                          (host == "lic.mediaset.net")
                                                          (host == "cssr.video.mediaset.it")
                                                          (url.indexOf("proxmate=it") != -1)
                                                          (host == "[www.vvvvid.it]('http://www.vvvvid.it')“)) { return ‘PROXY it-node.proxmate.me:8008’ } else if ((host == "telecinco.es")
                                                          (host == "telecinco1-vh.akamaihd.net")
                                                          (host == "[www.telecinco.es]('http://www.telecinco.es')”)
                                                          (url.indexOf("proxmate=es") != -1)
                                                          (host == "antena3.com")
                                                          (host == "[www.antena3.com]('http://www.antena3.com')“)
                                                          (host == "geodesprogresiva.antena3.com")
                                                          (host == "rtve.es")
                                                          (host == "[www.rtve.es]('http://www.rtve.es')”)
                                                          (host == "ztnr.rtve.es")
                                                          (host == "mvodt.lvlt.rtve.es")
                                                          (host == "swf.rtve.es")
                                                          (host == "cuatro.com")
                                                          (host == "[www.cuatro.com]('http://www.cuatro.com')“)
                                                          (host == "cuatro1-vh.akamaihd.net")
                                                          (host == "peliculas-online.atresplayer.com")
                                                          (host == "servicios.atresplayer.com")
                                                          (host == "atresplayer.com")
                                                          (host == "[www.atresplayer.com]('http://www.atresplayer.com')”)
                                                          (host == "k.uecdn.es")
                                                          (host == "v.uecdn.es")
                                                          (host == "as.com")
                                                          (host == "ep00.epimg.net")
                                                          (host == "futbol.as.com")) { return ‘PROXY es-node.proxmate.me:8008’ } else if ((host == "prosieben.ch")
                                                          (host == "[www.prosieben.ch]('http://www.prosieben.ch')“)
                                                          (host == "s1tv.ch")
                                                          (host == "[www.s1tv.ch]('http://www.s1tv.ch')”)
                                                          (host == "zba2-0-hds-live.zahs.tv")
                                                          (host == "embed-zattoo.com")
                                                          (host == "chtv.ch")
                                                          (host == "[www.chtv.ch]('http://www.chtv.ch')“)
                                                          (host == "zba2-1-hds-live.zahs.tv")
                                                          (host == "sat1.ch")
                                                          (host == "[www.sat1.ch]('http://www.sat1.ch')”)
                                                          (host == "rsi.ch")
                                                          (host == "[www.rsi.ch]('http://www.rsi.ch')“)
                                                          (host == "codch-vh.akamaihd.net")
                                                          (host == "il.srgssr.ch")
                                                          (host == "ch.viva.tv")
                                                          (host == "intl.esperanto.mtvi.com")
                                                          (url.indexOf("proxmate=ch") != -1)
                                                          (host == "zattoo.com")
                                                          (host == "[www.srf.ch]('http://www.srf.ch')”)
                                                          (host == "srgssruni1ch-lh.akamaihd.net")
                                                          (host == "srgssruni2ch-lh.akamaihd.net")
                                                          (host == "srgssruni3ch-lh.akamaihd.net")
                                                          (host == "[www.teleboy.ch]('http://www.teleboy.ch')“)
                                                          (host == "aka-cdn-ns.adtech.de")
                                                          (host == "teleboy.customers.cdn.iptv.ch")) { return ‘PROXY ch-node.proxmate.me:8008’ } else if ((host == "c.brightcove.com")
                                                          (host == "secure.brightcove.com")
                                                          (host == "metrics.brightcove.com")
                                                          (host == "stv-ak.cds1.yospace.com")
                                                          (host == "core.stvfiles.com")
                                                          (host == "player.stv.tv")
                                                          (host == "stv.brightcove.com.edgesuite.net")
                                                          (host == "uk-dev-stv.cdn.videoplaza.tv")
                                                          (host == "mercury.itv.com")
                                                          (host == "[www.itv.com]('http://www.itv.com')”)
                                                          (host == "itv.com")
                                                          (host == "llnw.live.btv.simplestream.com")
                                                          (host == "players.simplestream.com")
                                                          (host == "uapi.simplestream.com")
                                                          (host == "channel5.com")
                                                          (host == "wwwcdn.channel5.com")
                                                          (host == "cassie.channel5.com")
                                                          (host == "player.channel5.com")
                                                          (host == "deliver-hls.channel5.com")
                                                          (host == "akahls.channel5.com")
                                                          (host == "llnwhls.channel5.com")
                                                          (host == "milkshake.tv")
                                                          (host == "[www.milkshake.tv]('http://www.milkshake.tv')“)
                                                          (host == "trk-euwest.tidaltv.com")
                                                          (host == "mp.adverts.itv.com")
                                                          (host == "req.tidaltv.com")
                                                          (host == "s1.2mdn.net")
                                                          (host == "pes.itv.com")
                                                          (host == "ned.itv.com")
                                                          (host == "itvdotcom.2cnt.net")
                                                          (host == "tom.itv.com")
                                                          (host == "dave.uktv.co.uk")
                                                          (host == "uktvplay.uktv.co.uk")
                                                          (host == "uktvhdse.brightcove.com.edgesuite.net")
                                                          (host == "admin.brightcove.com")
                                                          (host == "really.uktv.co.uk")
                                                          (host == "yesterday.uktv.co.uk")
                                                          (host == "drama.uktv.co.uk")
                                                          (host == "live.tvplayer.com")
                                                          (host == "tvplayer.com")
                                                          (host == "sapi.tvplayer.com")
                                                          (host == "api.tvplayer.com")
                                                          (host == "[www.gamefront.com]('http://www.gamefront.com')”)
                                                          (url.indexOf("proxmate=uk") != -1)
                                                          (host == "channel4.com")
                                                          (host == "ais.channel4.com")
                                                          (host == "pandr.my.channel4.com")
                                                          (host == "all4nav.channel4.com")
                                                          (host == "4id.channel4.com")) { return ‘PROXY uk-node.proxmate.me:8008’ } else if ((host == "link.theplatform.com")
                                                          (host == "discidevflash-f.akamaihd.net")
                                                          (host == "api.geoip.dp.discovery.com")
                                                          (host == "vidtech.cbsinteractive.com")
                                                          (host == "vidtech.cbsima.com")
                                                          (host == "om.cbsi.com")
                                                          (host == "media.mtvnservices.com")
                                                          (host == "api-manga.crunchyroll.com")
                                                          (host == "crunchyroll.com")
                                                          (host == "[www.crunchyroll.com]('http://www.crunchyroll.com')“)
                                                          (host == "cdn.wwtv.warnerbros.com")
                                                          (host == "hlsioscwtv.warnerbros.com")
                                                          (host == "media.cwtv.com")
                                                          (host == "servicesaetn-a.akamaihd.net")
                                                          (host == "live.mlssoccer.com")
                                                          (host == "tvewnbc-i.akamaihd.net")
                                                          (host == "tvenbceast-i.akamaihd.net")
                                                          (host == "nbcmpx-vh.akamaihd.net")
                                                          (host == "[www.pandora.com]('http://www.pandora.com')”)
                                                          (host == "video.pbs.org")
                                                          (host == "ga.video.cdn.pbs.org")
                                                          (host == "urs.pbs.org")
                                                          (host == "play.spotify.com")
                                                          (host == "[www.spotify.com]('http://www.spotify.com')“)
                                                          (host == "play.spotify.edgekey.net")
                                                          (host == "[www.iheart.com]('http://www.iheart.com')”)
                                                          (host == "api2.iheart.com")
                                                          (host == "api.iheart.com")
                                                          (host == "iheart.com")
                                                          (host == "nick.mtvnimages.com")
                                                          (host == "sni-vh.akamaihd.net")
                                                          (url.indexOf("proxmate=us") != -1)
                                                          (url.indexOf(".googlevideo.com") != -1)
                                                          (host == "api.segment.io")
                                                          (host == "[www.vevo.com]('http://www.vevo.com')“)
                                                          (host == "vevo.com")
                                                          (host == "apiv2.vevo.com")
                                                          (host == "songza.com")
                                                          (host == "new.songza.com")
                                                          (host == "[www.daisuki.net]('http://www.daisuki.net')”)
                                                          (host == "bngn-vh.akamaihd.net")
                                                          (host == "bngnwww.b-ch.com")
                                                          (host == "[www.hbogo.com]('http://www.hbogo.com')“)
                                                          (host == "catalog.lv3.hbogo.com")
                                                          (host == "profile.lv3.hbogo.com")
                                                          (host == "profile.hbogo.com")
                                                          (url.indexOf(".lv3.hbogo.com") != -1)
                                                          (host == "register.hbogo.com")
                                                          (host == "play.hbogo.com")
                                                          (host == "smetrics.hbogo.com")
                                                          (url.indexOf(".lv3.cdn.hbo.com") != -1)
                                                          (host == "comet.api.hbo.com")
                                                          (host == "play.google.com")
                                                          (host == "checkout.google.com")
                                                          (host == "store.google.com")
                                                          (host == "apis.google.com")
                                                          (host == "amc350888def-vh.akamaihd.net")
                                                          (host == "a564avoddashnsus-a.akamaihd.net")
                                                          (host == "atv-ps.amazon.com")
                                                          (host == "[www.amazon.com]('http://www.amazon.com')”)
                                                          (host == "amazon.com")
                                                          (host == "fls-na.amazon.com")
                                                          (host == "phds-vod.cdn.turner.com")
                                                          (host == "token.vgtf.net")
                                                          (host == "[www.ondemandkorea.com]('http://www.ondemandkorea.com')“)
                                                          (host == "[www.fxnetworks.com]('http://www.fxnetworks.com')”)
                                                          (host == "fxvcms-f.akamaihd.net")
                                                          (host == "tvetelemundo-vh.akamaihd.net")
                                                          (host == "feed.theplatform.com")
                                                          (host == "fsvideohds-vh.akamaihd.net")
                                                          (host == "watchable.com")
                                                          (host == "cilhlsvod-f.akamaihd.net")
                                                          (host == "oxygenvod-vh.akamaihd.net")
                                                          (host == "tvesyfy-vh.akamaihd.net")
                                                          (host == "[www.smithsonianchannel.com]('http://www.smithsonianchannel.com')“)
                                                          (host == "c.brightcove.com")
                                                          (host == "brightcove01.brightcove.com")
                                                          (host == "edge.api.brightcove.com")
                                                          (host == "[www.eonline.com]('http://www.eonline.com')”)
                                                          (host == "link.theplatform.com")
                                                          (host == "api.listenlive.co")
                                                          (host == "playerservices.streamtheworld.com")
                                                          (host == "player.listenlive.co")
                                                          (url.indexOf("live.streamtheworld.com") != -1)
                                                          (host == "[www.cartoonnetwork.com]('http://www.cartoonnetwork.com')“)
                                                          (host == "[www.viki.com]('http://www.viki.com')”)
                                                          (host == "\"[www.viki.com]('http://www.viki.com')“)
                                                          (host == "[www.origin.com]('http://www.origin.com')”)
                                                          (host == "ht.cdn.turner.com")
                                                          (host == "aolvideoshd-vh.akamaihd.net")
                                                          (host == "syn.5min.com")
                                                          (host == "stvideos.5min.com")
                                                          (host == "[www.showtime.com]('http://www.showtime.com')“)
                                                          (host == "secure.showtime.com")
                                                          (url.indexOf(".vgtf.net") != -1)
                                                          (host == "phds-live.cdn.turner.com")
                                                          (host == "api.amplitude.com")
                                                          (host == "order.rhapsody.com")
                                                          (host == "payment.rhapsody.com")
                                                          (host == "[www.pivot.tv]('http://www.pivot.tv')”)
                                                          (host == "js.maxmind.com")
                                                          (host == "shonenjump.viz.com")) { return ‘PROXY us-node.proxmate.me:8008’ } else if ((host == "livestreams.omroep.nl")
                                                          (host == ".npostreaming.nl")
                                                          (host == "ida.omroep.nl")
                                                          (host == "npoplayer.omroep.nl")
                                                          (host == "[www.zapp.nl]('http://www.zapp.nl')“)
                                                          (host == "tellerapi.omroep.nl")
                                                          (host == "e.omroep.nl")
                                                          (url.indexOf("proxmate=nl") != -1)) { return ‘PROXY nl-node.proxmate.me:8008’ } else if ((host == "tvthek.orf.at")
                                                          (host == "apasfiisl.apa.at")
                                                          (host == "orf.oewabox.at")
                                                          (host == "194.232.200.58")
                                                          (host == "185.85.28.1")
                                                          (host == "atvplus.oewabox.at")
                                                          (host == "cdn.atv.at")
                                                          (url.indexOf("proxmate=at") != -1)
                                                          (host == "hdsvodsportsman-vh.akamaihd.net")
                                                          (host == "streamaccess.unas.tv")
                                                          (host == "[www.laola1.tv]('http://www.laola1.tv')”)
                                                          (host == "[www.livestation.com]('http://www.livestation.com')“)
                                                          (host == "livestation.com")
                                                          (url.indexOf(".emigrantas.tv") != -1)) { return ‘PROXY at-node.proxmate.me:8008’ } else if ((host == "netflix.com")
                                                          (host == "[www.netflix.com]('http://www.netflix.com')”)
                                                          (host == "cbp-us.nccp.netflix.com")
                                                          (host == "secure.netflix.com")
                                                          (host == "api-global.netflix.com")
                                                          (host == "ichnaea.netflix.com")
                                                          (host == "customerevents.netflix.com")
                                                          (host == "s.thebrighttag.com")) { return ‘PROXY usnet-node.proxmate.me:8008’ } else if ((host == "s.hulu.com")
                                                          (host == "[www.funimation.com]('http://www.funimation.com')“)
                                                          (host == "wpc.8c48.edgecastcdn.net")
                                                          (host == "southpark.cc.com")
                                                          (host == "api.utils.watchabc.go.com")
                                                          (host == "[www.dramafever.com]('http://www.dramafever.com')”)
                                                          (host == "[www.logotv.com]('http://www.logotv.com')“)
                                                          (host == "api.watchabc.go.com")
                                                          (host == "theanimenetwork.com")
                                                          (host == "huluim.com")
                                                          (host == "[www.hulu.com]('http://www.hulu.com')”)
                                                          (host == "t2.hulu.com")
                                                          (host == "urlcheck.hulu.com")
                                                          (host == "t.hulu.com")
                                                          (host == "s.hulu.com")
                                                          (host == "play.hulu.com")
                                                          (host == "t2.huluim.com")) { return ‘PROXY ush-node.proxmate.me:8008’ } else if ((host == "player.ooyala.com")
                                                          (host == "l.ooyala.com")) { return ‘PROXY auv-node.proxmate.me:8008’ } else if ((host == "web-api-us.crackle.com")
                                                          (host == "legacyweb-us.crackle.com")) { return ‘PROXY us2-node.proxmate.me:8008’ } else if ((host == "counter.yadro.ru")
                                                          (host == "turbik.tv")
                                                          (host == "player.rutv.ru")
                                                          (host == "api.rutv.ru")
                                                          (host == "cdnng.v.rtr-vesti.ru")
                                                          (host == "player.vgtrk.com")
                                                          (url.indexOf("proxmate=ru") != -1)
                                                          (host == "stream.1tv.ru")
                                                          (host == "mobdrm.1tv.ru")) { return ‘PROXY ru-node.proxmate.me:8008’ } else if ((host == "security.video.globo.com")
                                                          (host == "api.globovideos.com")
                                                          (host == "s.videos.globo.com")
                                                          (host == "gshow.globo.com")
                                                          (host == "voddownload02.video.globo.com")
                                                          (host == "secure.nuuvem.com")
                                                          (host == "webportal.nowonline.com.br")) { return ‘PROXY br-node.proxmate.me:8008’ } else if ((host == "[www.bbc.co.uk]('http://www.bbc.co.uk')“)
                                                          (host == "open.live.bbc.co.uk")
                                                          (host == "fig.bbc.co.uk")
                                                          (host == "vod-hds-uk-live.edgesuite.net")
                                                          (host == "vod-hds-uk-live.bbcfmt.vo.llnwd.net")
                                                          (host == "vs-hds-uk-live.bbcfmt.vo.llnwd.net")
                                                          (host == "vs-hds-uk-live.edgesuite.net")
                                                          (host == "bbc.co.uk")) { return ‘PROXY ukb-node.proxmate.me:8008’ } else { return ‘DIRECT’; }}”
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → backup.ftp", “120.203.162.87”
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → backup.ftp_port", 8123
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → backup.socks", “120.203.162.87”
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → backup.socks_port", 8123
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → backup.ssl", “120.203.162.87”
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → backup.ssl_port", 8123
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → ftp", “185.127.164.20”
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → ftp_port", 443
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → http", “185.127.164.20”
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → http_port", 443
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → network.proxy.socks_remote_dns", 1
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → share_proxy_settings", true
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → socks", “185.127.164.20”
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → socks_port", 443
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → ssl", “185.127.164.20”
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → ssl_port", 443
                                                          FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default → type", 1
                                                          Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - D:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiv eX.dll No File
                                                          Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
                                                          Toolbar: HKLM-x32 - PDFXChange 2012 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
                                                          Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
                                                          BHO-x32: Webroot Vault → {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} → No File
                                                          HKLM\SOFTWARE\Policies\Microsoft\Internet Traveller: Restriction <======= ATTENTION
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Policies\Microsoft\Internet Traveller: Restriction <======= ATTENTION
                                                          HKLM\Software\Microsoft\Internet Traveller\Main,Start Page = about:blank
                                                          HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Start Page = about:blank
                                                          HKLM\Software\Microsoft\Internet Traveller\Main,Search Page =
                                                          HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Search Page =
                                                          HKLM\Software\Microsoft\Internet Traveller\Main,Default_Page_URL =
                                                          HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Default_Page_URL =
                                                          HKLM\Software\Microsoft\Internet Traveller\Main,Default_Search_URL =
                                                          HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Default_Search_URL =
                                                          HKLM\Software\Microsoft\Internet Traveller\Main,Local Page =
                                                          HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Local Page =
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Internet Traveller\Main,Start Page = about:blank
                                                          SearchScopes: HKU\S-1-5-21-925185676-1098965860-4220522822-1001 → DefaultScope {56B90406-7F40-474C-AC73-88B4F2C484EF} URL = hxxps://encrypted.google.com/search?hl={language}&q={searchTerms}
                                                          SearchScopes: HKU\S-1-5-21-925185676-1098965860-4220522822-1001 → {56B90406-7F40-474C-AC73-88B4F2C484EF} URL = hxxps://encrypted.google.com/search?hl={language}&q={searchTerms}
                                                          Tcpip..\Interfaces{54997AEA-6BE5-4B1D-AA3A-01377EAF9D27}: [DhcpNameServer] 8.8.8.8
                                                          Tcpip..\Interfaces{7B4C56F8-54B9-49AE-AC24-2E617300C9FC}: [DhcpNameServer] 200.48.225.130 200.48.225.146
                                                          Tcpip..\Interfaces{98FE26F2-9E79-4C35-8D23-4F5B94D8526A}: [DhcpNameServer] 200.48.225.130 200.48.225.146
                                                          HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\L ocal\ipsecPolicy{be0e178f-2e50-4541-804c-a34f7db55587} <======= ATTENTION (Restriction - IP)
                                                          GroupPolicy: Restriction <======= ATTENTION
                                                          GroupPolicy\User: Restriction <======= ATTENTION
                                                          GroupPolicyScripts: Restriction <======= ATTENTION
                                                          CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
                                                          ShortcutTarget: Install LastPass FF RunOnce.lnk → C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
                                                          Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-07-06]
                                                          ShortcutTarget: Install LastPass IE RunOnce.lnk → C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
                                                          ShellIconOverlayIdentifiers-x32: [“DropboxExt1”] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers-x32: [“DropboxExt2”] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers-x32: [“DropboxExt3”] → {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers-x32: [“DropboxExt4”] → {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers-x32: [“DropboxExt5”] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers-x32: [“DropboxExt6”] → {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers-x32: [“DropboxExt7”] → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers-x32: [“DropboxExt8”] → {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers: [1aCopyShExtError] → {83BEA36E-7680-4598-A4DF-994426F6E78D} => → No File
                                                          ShellIconOverlayIdentifiers: [2aCopyShExtSynced] → {845B7388-6F85-4F32-9FD5-F02DC7882B89} => → No File
                                                          ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] → {F6378A7A-F753-449B-AE1B-997A96132E61} => → No File
                                                          ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] → {3A511828-777D-46F8-82F4-5B530C1B3D9E} => → No File
                                                          ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] → {C8C88204-5B14-40EC-BA72-8AEBC762047E} => → No File
                                                          ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] → {ACFF45C3-3EEB-4351-86C2-6696BA264239} => → No File
                                                          ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] → {29AF997F-488B-46F0-AE78-7146F1B89CC3} => → No File
                                                          ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] → {03F9AD29-1C78-4B66-8890-B177B5430C53} => → No File
                                                          ShellIconOverlayIdentifiers: [“DropboxExt1”] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers: [“DropboxExt2”] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers: [“DropboxExt3”] → {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers: [“DropboxExt4”] → {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers: [“DropboxExt5”] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers: [“DropboxExt6”] → {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers: [“DropboxExt7”] → {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          ShellIconOverlayIdentifiers: [“DropboxExt8”] → {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => → No File
                                                          HKU\S-1-5-18...\Run: [Copy] => “C:\Users\Traveller\AppData\Roaming\Copy\CopyAgent .exe”
                                                          HKU\S-1-5-18...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36592672 2015-08-20] (ooVoo LLC)
                                                          HKU\S-1-5-18...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
                                                          HKU\S-1-5-18...\Policies\system: [DisableCMD] 0
                                                          HKU\S-1-5-18...\Policies\system: [NoDispAppearancePage] 0
                                                          HKU\S-1-5-18...\Policies\system: [NoDispBackgroundPage] 0
                                                          HKU\S-1-5-18...\Policies\system: [NoDispSettingsPage] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoViewOnDrive] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [DisableLocalMachineRun] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [DisableLocalMachineRunOnce] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [DisableCurrentUserRun] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [DisableCurrentUserRunOnce] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoViewContextMenu] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoShellSearchButton] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoFind] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoFile] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [HideClock] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoTrayContextMenu] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoTrayItemsDisplay] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoSetFolders] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoDevMgrUpdate] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoSetTaskbar] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoDeletePrinter] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoDFSTab] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoChangeStartMenu] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoLogoff] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoWindowsUpdate] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoEncryptOnMove] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoRunasInstallPrompt] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoResolveSearch] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoSaveSettings] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoHardwareTab] 0
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoStartMenuSubFolders] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\system: [DisableCMD] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\system: [NoDispAppearancePage] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\system: [NoDispSettingsPage] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [DisableLocalMachineRun] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [DisableLocalMachineRunOnce] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [DisableCurrentUserRun] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [DisableCurrentUserRunOnce] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoViewContextMenu] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoShellSearchButton] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [HideClock] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoTrayItemsDisplay] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoDevMgrUpdate] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoDeletePrinter] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoDFSTab] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoWindowsUpdate] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoEncryptOnMove] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoRunasInstallPrompt] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoResolveSearch] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoSaveSettings] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoHardwareTab] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoStartMenuSubFolders] 0
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\MountPoints2: {8185036d-bf50-11e5-82f9-14feb5c3027f} - “E:\LGAutoRun.exe”
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\MountPoints2: {b491a930-679a-11e3-825e-00dbdf2de1f9} - “E:\AutoRun.exe”
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\MountPoints2: {e5212153-5f05-11e3-8251-806e6f6e6963} - “Q:\autorun.exe”
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Run: [Google Update] => C:\Users\Traveller\AppData\Local\Google\Update\1.3 .32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
                                                          HKLM...\Policies\Traveller: [DisableLocalMachineRun] 0
                                                          HKLM...\Policies\Traveller: [DisableLocalMachineRunOnce] 0
                                                          HKLM...\Policies\Traveller: [DisableCurrentUserRun] 0
                                                          HKLM...\Policies\Traveller: [DisableCurrentUserRunOnce] 0
                                                          HKLM...\Policies\Traveller: [NoViewContextMenu] 0
                                                          HKLM...\Policies\Traveller: [NoShellSearchButton] 0
                                                          HKLM...\Policies\Traveller: [HideClock] 0
                                                          HKLM...\Policies\Traveller: [NoTrayItemsDisplay] 0
                                                          HKLM...\Policies\Traveller: [NoDevMgrUpdate] 0
                                                          HKLM...\Policies\Traveller: [NoDeletePrinter] 0
                                                          HKLM...\Policies\Traveller: [NoDFSTab] 0
                                                          HKLM...\Policies\Traveller: [NoWindowsUpdate] 0
                                                          HKLM...\Policies\Traveller: [NoEncryptOnMove] 0
                                                          HKLM...\Policies\Traveller: [NoRunasInstallPrompt] 0
                                                          HKLM...\Policies\Traveller: [NoResolveSearch] 0
                                                          HKLM...\Policies\Traveller: [NoSaveSettings] 0
                                                          HKLM...\Policies\Traveller: [NoHardwareTab] 0
                                                          HKLM...\Policies\Traveller: [NoStartMenuSubFolders] 0
                                                          HKU\S-1-5-19...\Policies\system: [DisableCMD] 0
                                                          HKU\S-1-5-19...\Policies\system: [NoDispAppearancePage] 0
                                                          HKU\S-1-5-19...\Policies\system: [NoDispBackgroundPage] 0
                                                          HKU\S-1-5-19...\Policies\system: [NoDispSettingsPage] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoViewOnDrive] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [DisableLocalMachineRun] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [DisableLocalMachineRunOnce] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [DisableCurrentUserRun] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [DisableCurrentUserRunOnce] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoViewContextMenu] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoShellSearchButton] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoFind] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoFile] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [HideClock] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoTrayContextMenu] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoTrayItemsDisplay] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoSetFolders] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoDevMgrUpdate] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoSetTaskbar] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoDeletePrinter] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoDFSTab] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoChangeStartMenu] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoLogoff] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoWindowsUpdate] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoEncryptOnMove] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoRunasInstallPrompt] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoResolveSearch] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoSaveSettings] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoHardwareTab] 0
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoStartMenuSubFolders] 0
                                                          HKU\S-1-5-20...\Policies\system: [DisableCMD] 0
                                                          HKU\S-1-5-20...\Policies\system: [NoDispAppearancePage] 0
                                                          HKU\S-1-5-20...\Policies\system: [NoDispBackgroundPage] 0
                                                          HKU\S-1-5-20...\Policies\system: [NoDispSettingsPage] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoViewOnDrive] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [DisableLocalMachineRun] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [DisableLocalMachineRunOnce] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [DisableCurrentUserRun] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [DisableCurrentUserRunOnce] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoViewContextMenu] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoShellSearchButton] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoFind] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoFile] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [HideClock] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoTrayContextMenu] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoTrayItemsDisplay] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoSetFolders] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoDevMgrUpdate] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoSetTaskbar] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoDeletePrinter] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoDFSTab] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoChangeStartMenu] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoLogoff] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoWindowsUpdate] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoEncryptOnMove] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoRunasInstallPrompt] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoResolveSearch] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoSaveSettings] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoHardwareTab] 0
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoStartMenuSubFolders] 0
                                                          HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .txt.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .avi.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%**.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp3.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%*.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xlsx.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .bmp.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp3.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wma.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xlsx.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .docx.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpg.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wmv.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%**.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%**.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rar.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rar.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .txt.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .doc.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .avi.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp4.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpg.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pub.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp3.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wma.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%*.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pptx.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pub.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pdf.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp3.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xls.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .png.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pptx.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .ppt.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .png.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .docx.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .doc.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: C:\Users*.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xlsx.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .gif.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pdf.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%*.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wmv.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .doc.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%*.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rtf.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wav.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .png.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wma.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp3.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .7z.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pdf.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%**.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .docx.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pub.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%*.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%*.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .gif.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpg.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xls.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpeg.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%*.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pub.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rtf.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .ppt.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp4.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%*.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpg.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .docx.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .avi.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rtf.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wma.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpeg.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wma.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .zip.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .avi.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: C:\Users*.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .avi.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .bmp.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .ppt.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp3.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xls.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .txt.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pdf.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programfiles(x86)%*\svchost.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rtf.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%**.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rar.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .zip.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp4.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpeg.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: C:\Users*.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pub.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpeg.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pub.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rtf.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wmv.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .avi.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .png.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wav.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .gif.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpg.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: C:\Users*.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpeg.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .zip.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%*.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pptx.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: C:\Users*.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpeg.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%*.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .divx.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .divx.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rar.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: ** <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wma.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .bmp.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .doc.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%*.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pdf.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wav.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%*.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%*.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pdf.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .txt.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rtf.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wmv.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rtf.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xls.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .docx.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .txt.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wav.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .divx.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rar.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xlsx.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wma.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp4.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .doc.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .7z.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%*.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%*.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wav.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpeg.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .7z.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .png.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .bmp.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xlsx.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pub.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .png.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wmv.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .txt.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%**.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%*.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .gif.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pptx.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .gif.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xls.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rar.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wav.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xlsx.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .bmp.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rar.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xls.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .ppt.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IE Update*.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%*\svchost.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pub.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pptx.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wmv.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .doc.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .txt.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .zip.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: *:$Recycle.Bin <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pptx.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .docx.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wmv.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: C:\Users*.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .avi.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .zip.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%*.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %systemdrive%*\svchost.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .txt.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .gif.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%**.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%*.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp4.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .7z.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp4.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wmv.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xlsx.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .png.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pptx.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: C:\Users*.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .divx.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wma.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .divx.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .avi.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wav.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .bmp.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%**.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .ppt.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%*.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%*.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .wav.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .zip.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpeg.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%*.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .docx.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp4.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .7z.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xlsx.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pptx.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .zip.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .zip.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpg.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .7z.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pdf.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xls.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp4.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%*.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .docx.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rtf.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .rar.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .7z.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .xls.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .doc.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .gif.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpg.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .divx.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp3.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .ppt.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %programfiles%*\svchost.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .ppt.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .divx.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .bmp.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%*.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .mp3.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.scr <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .bmp.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .ppt.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .gif.pif <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %appdata%*.cmd <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.jse <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .jpg.bat <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .divx.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .pdf.js <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .doc.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.com <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .7z.exe <====== ATTENTION
                                                          HKLM Group Policy restriction on software: .png.exe <====== ATTENTION
                                                          HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
                                                          CMD: RD /S /Q %WinDir%\System32\GroupPolicyUsers
                                                          CMD: RD /S /Q %WinDir%\System32\GroupPolicy
                                                          CMD: RD /S /Q %WinDir%\SysWOW64\GroupPolicyUsers
                                                          CMD: RD /S /Q %WinDir%\SysWOW64\GroupPolicy
                                                          CMD: RD /S /Q %WinDir%\SysNative\GroupPolicyUsers
                                                          CMD: RD /S /Q %WinDir%\SysNative\GroupPolicy
                                                          CMD: gpupdate /force
                                                          CMD: bitsadmin /reset /allusers
                                                          Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
                                                          Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
                                                          CMD: netsh advfirewall reset
                                                          CMD: netsh advfirewall set allprofiles state ON
                                                          CMD: ipconfig /flushdns
                                                          EmptyTemp:
                                                          end

                                                          Processes closed successfully.
                                                          Restore point was successfully created.
                                                          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32\iTunesHelper => value removed successfully
                                                          HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\iTunesHelper => value not found.
                                                          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32\QuickTime Task => value removed successfully
                                                          HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\QuickTime Task => value not found.
                                                          Could not move “C:\Windows\system32\Drivers\etc\hosts” => Scheduled to move on reboot.
                                                          Could not move “C:\Windows\System32\Drivers\etc\hosts” => Scheduled to move on reboot.
                                                          HKU.DEFAULT\Software\Classes\exefile => key removed successfully
                                                          HKU.DEFAULT\Software\Classes.exe => key removed successfully
                                                          HKLM\System\CurrentControlSet\Control\SafeBoot\Net work\WRkrn => key removed successfully
                                                          HKLM\System\CurrentControlSet\Control\SafeBoot\Net work\WRSVC => key removed successfully
                                                          C:\ProgramData\TEMP => “:41ADDB8A” ADS removed successfully.
                                                          C:\ProgramData\TEMP => “:A064CECC” ADS removed successfully.
                                                          C:\ProgramData\TEMP => “:B755D674” ADS removed successfully.
                                                          C:\ProgramData\TEMP => “5FBE8F9” ADS removed successfully.
                                                          C:\Users\Public\DRM => “:احتضان” ADS removed successfully.
                                                          C:\Users\Traveller\Desktop\Inner-Light.jpg => “:$CmdZnID” ADS removed successfully.
                                                          C:\Users\Traveller\Downloads\Keygen-MESMERiZE.rar => “:$CmdTcID” ADS removed successfully.
                                                          C:\Users\Traveller\Downloads\Keygen-MESMERiZE.rar => “:$CmdZnID” ADS removed successfully.
                                                          C:\Users\Traveller\Downloads\pijano (mastered).mp3 => “:$CmdTcID” ADS removed successfully.
                                                          C:\Users\Traveller\Downloads\pijano (mastered).mp3 => “:$CmdZnID” ADS removed successfully.
                                                          C:\Users\Traveller\Downloads\pocket.crx => “:$CmdZnID” ADS removed successfully.
                                                          C:\Users\Traveller\Downloads\Reset_antispam_0.3.1. 7z => “:$CmdZnID” ADS removed successfully.
                                                          C:\Users\Traveller\Downloads\rokcandy-2.0.1 (1).zip => “:$CmdZnID” ADS removed successfully.
                                                          C:\Users\Traveller\Downloads\root.crt => “:$CmdZnID” ADS removed successfully.
                                                          C:\Users\Traveller\Downloads\root.der => “:$CmdZnID” ADS removed successfully.
                                                          C:\Users\Traveller\Downloads\You Will Not Face This Alone.mp3 => “:$CmdTcID” ADS removed successfully.
                                                          C:\Users\Traveller\Downloads\You Will Not Face This Alone.mp3 => “:$CmdZnID” ADS removed successfully.
                                                          C:\Users\Traveller\Downloads[kickass.so]hotline.miami.update.3.gog.torrent => “:$CmdZnID” ADS removed successfully.
                                                          C:\Users\Traveller\Favorites\FileOptimizer Home Page.lnk => moved successfully
                                                          C:\Users\Traveller\Favorites\NCH Software Download Site.lnk => moved successfully
                                                          C:\Users\Traveller\Dropbox\Равиль\для меня.lnk => moved successfully
                                                          C:\Users\Traveller\Desktop\Домашняя бухгалтерия 5.lnk => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Yamb 2.1.0.0 beta 2\Yamb - Website.lnk => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Chrome Apps\WorkFlowy.lnk => Shortcut argument removed successfully.
                                                          C:\Users\Traveller\AppData\Roaming\Microsoft\Inter net Traveller\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click &Clean.lnk => not found.
                                                          C:\Users\Traveller\AppData\Roaming\Microsoft\Inter net Traveller\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Hango uts.lnk => not found.
                                                          C:\Users\Traveller\AppData\Roaming\Microsoft\Inter net Traveller\Quick Launch\User Pinned\ImplicitAppShortcuts\5a7f1fc1149619d6\Epic Privacy Browser.lnk => not found.
                                                          C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA.job => moved successfully
                                                          C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core.job => moved successfully
                                                          C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6986c 118e050.job => moved successfully
                                                          C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0001d7 3c8b334.job => moved successfully
                                                          C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cfd791cbe00d3.job => moved successfully
                                                          C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cfed3dadc0292f.job => moved successfully
                                                          C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cffedb14d73815.job => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{FCC0101 5-90D3-40BB-A7B7-FB8C342A9385} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{FCC0101 5-90D3-40BB-A7B7-FB8C342A9385} => key removed successfully
                                                          C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1d0411f110ceba0 => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1d0411f110ceba0 => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{CA47976 9-6B76-4C74-B358-67423E5E14AE} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{CA47976 9-6B76-4C74-B358-67423E5E14AE} => key removed successfully
                                                          C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_ {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{D3E94B6 F-E162-41ED-A78D-49068CC7ED23} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D3E94B6 F-E162-41ED-A78D-49068CC7ED23} => key removed successfully
                                                          C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_ {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfil eUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{DAAEF8C A-94B0-46E6-94ED-FDC4B3E4AF4A} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{DAAEF8C A-94B0-46E6-94ED-FDC4B3E4AF4A} => key removed successfully
                                                          C:\Windows\System32\Tasks{2F3CCF69-1646-4DB0-AFD2-72E35FF466E2} => not found.
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{2F3CCF69-1646-4DB0-AFD2-72E35FF466E2} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{DDB4C5B F-2FE1-41E1-8D6F-FE99673976A4} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{DDB4C5B F-2FE1-41E1-8D6F-FE99673976A4} => key removed successfully
                                                          C:\Windows\System32\Tasks{CA56EAE6-5E60-454F-8EE2-3825A791791D} => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{CA56EAE6-5E60-454F-8EE2-3825A791791D} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot{E050D551-CEF3-49EA-B469-70424D4A805A} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E050D55 1-CEF3-49EA-B469-70424D4A805A} => key removed successfully
                                                          C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408935599 => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1408935599 => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{E2DB166 8-3E8B-457C-AF8E-95E39708C96A} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E2DB166 8-3E8B-457C-AF8E-95E39708C96A} => key removed successfully
                                                          C:\Windows\System32\Tasks{2090741D-AF19-4C0D-987B-D5AD2CA171A4} => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{2090741D-AF19-4C0D-987B-D5AD2CA171A4} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{91E9E3C A-F7D9-4D12-A30D-BB7ADA79C6DC} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{91E9E3C A-F7D9-4D12-A30D-BB7ADA79C6DC} => key removed successfully
                                                          C:\Windows\System32\Tasks\Chameleon Startup Manager-Traveller => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chameleo n Startup Manager-Traveller => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{92C8828 8-96C8-4FDF-A609-217497BFBEF9} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{92C8828 8-96C8-4FDF-A609-217497BFBEF9} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pointsto ne\System Cleaner\Log On Notice => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{9822B3A D-B62E-42E8-8E38-EFEAEF22F1B2} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9822B3A D-B62E-42E8-8E38-EFEAEF22F1B2} => key removed successfully
                                                          C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{9CBC36A C-65A1-4EE6-ADFE-AFF60472DD16} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9CBC36A C-65A1-4EE6-ADFE-AFF60472DD16} => key removed successfully
                                                          C:\Windows\System32\Tasks\Chameleon Monitor-startup-Traveller => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chameleo n Monitor-startup-Traveller => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{A549169 A-D962-4B64-81D2-C964B9449C9A} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A549169 A-D962-4B64-81D2-C964B9449C9A} => key removed successfully
                                                          C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRepO nLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{4AC54D1 1-6DD2-4038-A5FF-94888CBDEE05} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{4AC54D1 1-6DD2-4038-A5FF-94888CBDEE05} => key removed successfully
                                                          C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run RoboForm TaskBar Icon => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{5296151 F-94E0-4363-BD38-3D32EB8820F6} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{5296151 F-94E0-4363-BD38-3D32EB8820F6} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{505A68B3-E825-4D29-AC08-B71CA2308CF5} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{5F4BF8A 0-2FF1-467F-916B-CC2DAC8D72B1} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{5F4BF8A 0-2FF1-467F-916B-CC2DAC8D72B1} => key removed successfully
                                                          C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmMon_ {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{6A53FC7 F-5F79-4FB4-8C68-579E7C847A2D} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6A53FC7 F-5F79-4FB4-8C68-579E7C847A2D} => key removed successfully
                                                          C:\Windows\System32\Tasks{F5A09CDD-01AF-42BB-88BB-10471CCE6707} => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{F5A09CDD-01AF-42BB-88BB-10471CCE6707} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{7476B54 B-CDB4-47A2-85FC-8F1BC37E7E33} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7476B54 B-CDB4-47A2-85FC-8F1BC37E7E33} => key removed successfully
                                                          C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineCore => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{7B81CF3 9-A304-40ED-B0FA-E97FCA106CC3} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{7B81CF3 9-A304-40ED-B0FA-E97FCA106CC3} => key removed successfully
                                                          C:\Windows\System32\Tasks\Open URL by RoboForm => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{8033146 A-54E7-453E-A3E9-FC0972A14F1A} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8033146 A-54E7-453E-A3E9-FC0972A14F1A} => key removed successfully
                                                          C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B 2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfil eUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{8D6A16C 1-3BA2-4877-85C3-A3631C653532} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8D6A16C 1-3BA2-4877-85C3-A3631C653532} => key removed successfully
                                                          C:\Windows\System32\Tasks{A1D5D0E4-BB6C-4E3C-BD67-E5A8C0E74A2E} => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{A1D5D0E4-BB6C-4E3C-BD67-E5A8C0E74A2E} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{8EC5BF8 3-AC06-4190-A64A-4096E5BBCD19} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8EC5BF8 3-AC06-4190-A64A-4096E5BBCD19} => key removed successfully
                                                          C:\Windows\System32\Tasks\Nero\Nero Info => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nero\Ner o Info => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{3C7DF76 7-9E4B-4F3B-841D-95887E75AEFD} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{3C7DF76 7-9E4B-4F3B-841D-95887E75AEFD} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pointsto ne\System Cleaner\Daily Notice => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{43A17CB D-36AD-4BFB-B3C5-1FEF32E15681} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{43A17CB D-36AD-4BFB-B3C5-1FEF32E15681} => key removed successfully
                                                          C:\Windows\System32\Tasks\Red Giant Link => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Red Giant Link => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{4515A59 8-639B-489A-B22D-0FF6267D4734} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{4515A59 8-639B-489A-B22D-0FF6267D4734} => key removed successfully
                                                          C:\Windows\System32\Tasks\Norton AntiVirus\Norton Error Processor => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton AntiVirus\Norton Error Processor => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{00CE6CA 9-7691-46ED-A32B-41B5D8052A0B} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{00CE6CA 9-7691-46ED-A32B-41B5D8052A0B} => key removed successfully
                                                          C:\Windows\System32\Tasks\Norton AntiVirus\Norton Error Analyzer => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton AntiVirus\Norton Error Analyzer => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{063A6DF 0-D9DF-4D01-98C0-43B458DBC34F} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{063A6DF 0-D9DF-4D01-98C0-43B458DBC34F} => key removed successfully
                                                          C:\Windows\System32\Tasks{36E7CDCE-3B01-4650-8948-AF254DEB073C} => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{36E7CDCE-3B01-4650-8948-AF254DEB073C} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{0A4E987 C-6912-497D-A2C5-DDC107B9467C} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{0A4E987 C-6912-497D-A2C5-DDC107B9467C} => key removed successfully
                                                          C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount...st@hotmail.com => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-MicrosoftAccount...st@hotmail.com => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{0AC4904 A-8372-4020-9BFF-55B687BCD936} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{0AC4904 A-8372-4020-9BFF-55B687BCD936} => key removed successfully
                                                          C:\Windows\System32\Tasks\GarminUpdaterTask => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GarminUp daterTask => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{0CB03F1 5-7BBF-4237-8FBB-FE6F3FA35FCD} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{0CB03F1 5-7BBF-4237-8FBB-FE6F3FA35FCD} => key removed successfully
                                                          C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A1cf6986c118e050 => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineUA1cf6986c118e050 => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{197671D 1-207D-49D1-A944-E0D46AEF8027} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{197671D 1-207D-49D1-A944-E0D46AEF8027} => key removed successfully
                                                          C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A1d041918bdfa750 => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineUA1d041918bdfa750 => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{2409A78 A-85F7-40FD-AD75-A78F381E4B62} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2409A78 A-85F7-40FD-AD75-A78F381E4B62} => key removed successfully
                                                          C:\Windows\System32\Tasks\Chameleon Monitor-Traveller => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chameleo n Monitor-Traveller => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{2D04D24 E-3525-4A26-A43D-33B1A0FF27BC} => key removed successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2D04D24 E-3525-4A26-A43D-33B1A0FF27BC} => key removed successfully
                                                          C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A1d0001d73c8b334 => moved successfully
                                                          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineUA1d0001d73c8b334 => key removed successfully
                                                          C:\Users\Traveller\AppData\Local\Temp\kernel32.dll => moved successfully
                                                          C:\Users\Traveller\AppData\Local\Temp\PidGenX.dll => moved successfully
                                                          C:\ProgramData\RegistryReviver.exe => moved successfully
                                                          C:\ProgramData\agent.1485894021.bdinstall.bin => moved successfully
                                                          C:\ProgramData\agent.1485894894.bdinstall.bin => moved successfully
                                                          C:\Users\Traveller\AppData\Local~wmrg => moved successfully
                                                          C:\Users\Traveller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
                                                          C:\Users\Traveller\AppData\Local.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56 => moved successfully
                                                          C:\Users\Traveller\AppData\Local.DG212F11-EC8C-210D-DE1E-D9584D18D740 => moved successfully
                                                          C:\Users\Traveller\AppData\Local\00000128 => moved successfully
                                                          “C:\Users\Traveller\AppData\Local~wmrg” => not found.
                                                          C:\Users\Traveller\AppData\Roaming\qBittorrent => moved successfully
                                                          “C:\Windows\System32\Tasks\GarminUpdaterTask” => not found.
                                                          “C:\Users\Traveller\AppData\Local\00000128” => not found.

                                                          “C:\ProgramData\WRData” folder move:

                                                          Could not move “C:\ProgramData\WRData” => Scheduled to move on reboot.

                                                          C:\Users\Traveller\AppData\Roaming\uTorrent => moved successfully
                                                          C:\Windows\system32\MRT => moved successfully
                                                          C:\Windows\system32\MRT.exe => moved successfully
                                                          “C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6986 c118e050.job” => not found.
                                                          C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-925185676-1098965860-4220522822-1001 => moved successfully
                                                          C:\ProgramData\TEMP => moved successfully
                                                          “C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0001d 73c8b334.job” => not found.
                                                          C:\Users\Traveller\AppData\Roaming\Adobe BMP Format CC Prefs => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\Adobe GIF Format CC Prefs => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\Adobe PNG Format CC Prefs => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\AdobeWLCMCache. dat => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\alsoft.ini => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\Ambience => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\CheckWinVer.log => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\droid4xinstalle r.log => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\FontInfo.bin => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\GlyphInfo.bin => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\PS14_panel.log => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\SAS7_000.DAT => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\winscp.rnd => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\Значения, разделенные запятыми.ADR => moved successfully
                                                          “C:\Users\Traveller\AppData\Local.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56” => not found.
                                                          “C:\Users\Traveller\AppData\Local.DG212F11-EC8C-210D-DE1E-D9584D18D740” => not found.
                                                          “C:\Users\Traveller\AppData\Local\00000128” => not found.
                                                          C:\Users\Traveller\AppData\Local\ACCCx2_2_1_260.zi p.aamdownload => moved successfully
                                                          C:\Users\Traveller\AppData\Local\ACCCx2_2_1_260.zi p.aamdownload.aamd => moved successfully
                                                          C:\Users\Traveller\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
                                                          “C:\Users\Traveller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini” => not found.
                                                          C:\Users\Traveller\AppData\Local\helpman.imc => moved successfully
                                                          C:\Users\Traveller\AppData\Local\housecall.guid.ca che => moved successfully
                                                          C:\Users\Traveller\AppData\Local\llftool.4.40.agre ement => moved successfully
                                                          C:\Users\Traveller\AppData\Local\PUTTY.RND => moved successfully
                                                          C:\Users\Traveller\AppData\Local\recently-used.xbel => moved successfully
                                                          C:\Users\Traveller\AppData\Local\Resmon.ResmonCfg => moved successfully
                                                          C:\Users\Traveller\AppData\Local\sponge.last.runti me.cache => moved successfully
                                                          “C:\Users\Traveller\AppData\Local~wmrg” => not found.
                                                          “C:\ProgramData\agent.1485894021.bdinstall.bin” => not found.
                                                          “C:\ProgramData\agent.1485894894.bdinstall.bin” => not found.
                                                          C:\Users\Traveller\AppData\LocalLow\wbkD99A.tmp => moved successfully
                                                          C:\Windows\RegBootClean64.exe => moved successfully
                                                          C:\ProgramData\Trend Micro => moved successfully
                                                          “C:\Users\Traveller\AppData\Local\housecall.guid.c ache” => not found.
                                                          C:\Users\Public\Desktop\Trend_Micro.exe => moved successfully
                                                          “C:\ProgramData\agent.1485894894.bdinstall.bin” => not found.
                                                          “C:\ProgramData\agent.1485894021.bdinstall.bin” => not found.
                                                          C:\Users\Traveller\AppData\Local\Trend Micro => moved successfully
                                                          HKLM\System\CurrentControlSet\Services\DfSdkS => key removed successfully
                                                          DfSdkS => service removed successfully
                                                          HKLM\System\CurrentControlSet\Services\nvvad_WaveE xtensible => key removed successfully
                                                          nvvad_WaveExtensible => service removed successfully
                                                          HKLM\System\CurrentControlSet\Services\SR => key removed successfully
                                                          SR => service removed successfully
                                                          HKLM\System\CurrentControlSet\Services\srservice => key removed successfully
                                                          srservice => service removed successfully
                                                          HKLM\System\CurrentControlSet\Services\vpnva => key removed successfully
                                                          vpnva => service removed successfully
                                                          HKLM\System\CurrentControlSet\Services\RTCore64 => key removed successfully
                                                          RTCore64 => service removed successfully
                                                          HKLM\System\CurrentControlSet\Services\NAVENG => key removed successfully
                                                          NAVENG => service removed successfully
                                                          HKLM\System\CurrentControlSet\Services\NAVEX15 => key removed successfully
                                                          NAVEX15 => service removed successfully
                                                          HKLM\System\CurrentControlSet\Services\DIRECTIO => key removed successfully
                                                          DIRECTIO => service removed successfully
                                                          HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \pkijdmeepjhpenmighhaodgfoogncnlk => key removed successfully
                                                          HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \iikflkcanblccfahdhdonehdalibjnif => key removed successfully
                                                          HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \ngkhgikojglcgnckopipfdajaifmmnnc => key removed successfully
                                                          HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanbl ccfahdhdonehdalibjnif => key removed successfully
                                                          C:\Users\Traveller\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\ninejjcohidippngpapiilnmkg llmakh => moved successfully
                                                          C:\Users\Traveller\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddk bbfkkk => moved successfully
                                                          C:\Users\Traveller\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda => moved successfully
                                                          C:\Users\Traveller\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\mkhnbhdofgaendegcgbmndipmi jhbili => moved successfully
                                                          C:\Users\Traveller\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo => moved successfully
                                                          C:\Users\Traveller\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\mozilla\plugins \npgoogletalk.dll => moved successfully
                                                          C:\Users\Traveller\AppData\Roaming\mozilla\plugins \npo1d.dll => moved successfully
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\MozillaPlugins@tools.google.com/Google Update;version=3 => key removed successfully
                                                          C:\Users\Traveller\AppData\Local\Google\Update\1.3 .32.7\npGoogleUpdate3.dll => moved successfully
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\MozillaPlugins@tools.google.com/Google Update;version=9 => key removed successfully
                                                          C:\Users\Traveller\AppData\Local\Google\Update\1.3 .32.7\npGoogleUpdate3.dll => not found.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\MozillaPlugins@unity3d.com/UnityPlayer,version=1.0 => key removed successfully
                                                          C:\Users\Traveller\AppData\LocalLow\Unity\WebPlaye r\loader\npUnity3D32.dll => moved successfully
                                                          HKLM\Software\Wow6432Node\MozillaPlugins@wacom.com/wtPlugin,version=2.1.0.7 => key removed successfully
                                                          C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll => moved successfully
                                                          HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect => key removed successfully
                                                          C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll => moved successfully
                                                          HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin => key removed successfully
                                                          C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll => not found.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\MozillaPlugins@Skype Limited.com/Facebook Video Calling Plugin => key not found.
                                                          C:\Users\Traveller\AppData\Local\Facebook\Video\Sk ype\npFacebookVideoCalling.dll => not found.
                                                          HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=3 => key removed successfully
                                                          C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
                                                          HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=9 => key removed successfully
                                                          C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
                                                          “C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll” => not found.
                                                          Firefox Proxy settings were reset.
                                                          (host == "iview.abc.net.au") => Error: No automatic fix found for this entry.
                                                          (host == "iviewmetered-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (url.indexOf("proxmate=au") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "livestream.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.livestream.com]('http://www.livestream.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "api.new.livestream.com") => Error: No automatic fix found for this entry.
                                                          (host == "player.ooyala.com") => Error: No automatic fix found for this entry.
                                                          (host == "xnewsvidhd-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "[www.animelab.com]('http://www.animelab.com')”) => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY au-node.proxmate.me:8008’ } else if ((url.indexOf("proxmate=ca") != -1) => No running process found
                                                          (host == "ici.tou.tv") => Error: No automatic fix found for this entry.
                                                          (host == "toutvuniver1-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "geoip.radio-canada.ca") => Error: No automatic fix found for this entry.
                                                          (host == "api.radio-canada.ca") => Error: No automatic fix found for this entry.
                                                          (host == "images.tou.tv") => Error: No automatic fix found for this entry.
                                                          (host == "player.siriusxm.ca") => Error: No automatic fix found for this entry.
                                                          (host == "primary.hls-streaming.production.streaming.siriusxm.ca") => Error: No automatic fix found for this entry.
                                                          (host == "now.sportsnet.ca") => Error: No automatic fix found for this entry.
                                                          (host == "watch.sportsnet.ca") => Error: No automatic fix found for this entry.
                                                          (host == "player.9c9media.com") => Error: No automatic fix found for this entry.
                                                          (host == "metrics.ctv.ca") => Error: No automatic fix found for this entry.
                                                          (host == "capi.9c9media.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.ctv.ca]('http://www.ctv.ca')“) => Error: No automatic fix found for this entry.
                                                          (host == "[www.willow.tv]('http://www.willow.tv')”) => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY ca-node.proxmate.me:8008’ } else if ((host == "arte.tv") => No running process found
                                                          (host == "[www.arte.tv]('http://www.arte.tv')“) => Error: No automatic fix found for this entry.
                                                          (host == "geoftv-a.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "hdfauthftv-a.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "replayftv-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "ftvingest-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "live.francetv.fr") => Error: No automatic fix found for this entry.
                                                          (host == "d8.tv") => Error: No automatic fix found for this entry.
                                                          (host == "[www.d8.tv]('http://www.d8.tv')”) => Error: No automatic fix found for this entry.
                                                          (host == "us-cplus-aka.canal-plus.com") => Error: No automatic fix found for this entry.
                                                          (host == "hds_live_d8_aka-lh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "d17.tv") => Error: No automatic fix found for this entry.
                                                          (host == "[www.d17.tv]('http://www.d17.tv')“) => Error: No automatic fix found for this entry.
                                                          (host == "hds_live_d17_aka-lh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (url.indexOf("proxmate=fr") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "[www.6play.fr]('http://www.6play.fr')”) => Error: No automatic fix found for this entry.
                                                          (host == "geo.6cloud.fr") => Error: No automatic fix found for this entry.
                                                          (host == "proxy-021.dc3.dailymotion.com") => Error: No automatic fix found for this entry.
                                                          (host == "proxy-67.dailymotion.com") => Error: No automatic fix found for this entry.
                                                          (host == "prof.estat.com") => Error: No automatic fix found for this entry.
                                                          (host == "metrics.dailymotion.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.dailymotion.com]('http://www.dailymotion.com')“) => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY fr-node.proxmate.me:8008’ } else if ((host == "vod-akamai-psd-hds.p7s1digital.de") => No running process found
                                                          (host == "vas.sim-technik.de") => Error: No automatic fix found for this entry.
                                                          (url.indexOf("proxmate=de") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "nightclub.de") => Error: No automatic fix found for this entry.
                                                          (host == "zdf.de") => Error: No automatic fix found for this entry.
                                                          (host == "[www.zdf.de]('http://www.zdf.de')”) => Error: No automatic fix found for this entry.
                                                          (host == "zdf_hds_de-f.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "api.nowtv.de") => Error: No automatic fix found for this entry.
                                                          (host == "delivestream-lh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "cdnapi.kaltura.com") => Error: No automatic fix found for this entry.
                                                          (host == "disneychannel.de") => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY de-node.proxmate.me:8008’ } else if ((host == "[www.tg4.ie]('http://www.tg4.ie')“) => No running process found
                                                          (url.indexOf("proxmate=ie") != -1)) { return ‘PROXY ie-node.proxmate.me:8008’ } else if ((host == "rai.tv") => Error: No automatic fix found for this entry.
                                                          (host == "[www.rai.tv]('http://www.rai.tv')”) => Error: No automatic fix found for this entry.
                                                          (host == "mediapolis.rai.it") => Error: No automatic fix found for this entry.
                                                          (host == "[www.rai.it]('http://www.rai.it')“) => Error: No automatic fix found for this entry.
                                                          (host == "stream5.rai.it") => Error: No automatic fix found for this entry.
                                                          (host == "stream6.rai.it") => Error: No automatic fix found for this entry.
                                                          (host == "stream7.rai.it") => Error: No automatic fix found for this entry.
                                                          (host == "sspushrai1-s.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "sspushrai2-s.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "sspushraisport2-s.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "sspushrai3-s.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "secondary.adaptiveedge.rai.it") => Error: No automatic fix found for this entry.
                                                          (host == "rai-italia01.wt-eu02.net") => Error: No automatic fix found for this entry.
                                                          (host == "download.rai.tv") => Error: No automatic fix found for this entry.
                                                          (host == "mediapolisvod.rai.it") => Error: No automatic fix found for this entry.
                                                          (host == "ww.rai.tv") => Error: No automatic fix found for this entry.
                                                          (host == ".xuniplay.fdnames.com") => Error: No automatic fix found for this entry.
                                                          (url.indexOf("xuniplay.fdnames.com") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "se-to1-8.se.live3.msf.ticdn.it") => Error: No automatic fix found for this entry.
                                                          (host == "live.shinystat.com") => Error: No automatic fix found for this entry.
                                                          (host == "lic.mediaset.net") => Error: No automatic fix found for this entry.
                                                          (host == "cssr.video.mediaset.it") => Error: No automatic fix found for this entry.
                                                          (url.indexOf("proxmate=it") != -1) => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY it-node.proxmate.me:8008’ } else if ((host == "telecinco.es") => No running process found
                                                          (host == "telecinco1-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "[www.telecinco.es]('http://www.telecinco.es')”) => Error: No automatic fix found for this entry.
                                                          (url.indexOf("proxmate=es") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "antena3.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.antena3.com]('http://www.antena3.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "geodesprogresiva.antena3.com") => Error: No automatic fix found for this entry.
                                                          (host == "rtve.es") => Error: No automatic fix found for this entry.
                                                          (host == "[www.rtve.es]('http://www.rtve.es')”) => Error: No automatic fix found for this entry.
                                                          (host == "ztnr.rtve.es") => Error: No automatic fix found for this entry.
                                                          (host == "mvodt.lvlt.rtve.es") => Error: No automatic fix found for this entry.
                                                          (host == "swf.rtve.es") => Error: No automatic fix found for this entry.
                                                          (host == "cuatro.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.cuatro.com]('http://www.cuatro.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "cuatro1-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "peliculas-online.atresplayer.com") => Error: No automatic fix found for this entry.
                                                          (host == "servicios.atresplayer.com") => Error: No automatic fix found for this entry.
                                                          (host == "atresplayer.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.atresplayer.com]('http://www.atresplayer.com')”) => Error: No automatic fix found for this entry.
                                                          (host == "k.uecdn.es") => Error: No automatic fix found for this entry.
                                                          (host == "v.uecdn.es") => Error: No automatic fix found for this entry.
                                                          (host == "as.com") => Error: No automatic fix found for this entry.
                                                          (host == "ep00.epimg.net") => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY es-node.proxmate.me:8008’ } else if ((host == "prosieben.ch") => No running process found
                                                          (host == "[www.prosieben.ch]('http://www.prosieben.ch')“) => Error: No automatic fix found for this entry.
                                                          (host == "s1tv.ch") => Error: No automatic fix found for this entry.
                                                          (host == "[www.s1tv.ch]('http://www.s1tv.ch')”) => Error: No automatic fix found for this entry.
                                                          (host == "zba2-0-hds-live.zahs.tv") => Error: No automatic fix found for this entry.
                                                          (host == "embed-zattoo.com") => Error: No automatic fix found for this entry.
                                                          (host == "chtv.ch") => Error: No automatic fix found for this entry.
                                                          (host == "[www.chtv.ch]('http://www.chtv.ch')“) => Error: No automatic fix found for this entry.
                                                          (host == "zba2-1-hds-live.zahs.tv") => Error: No automatic fix found for this entry.
                                                          (host == "sat1.ch") => Error: No automatic fix found for this entry.
                                                          (host == "[www.sat1.ch]('http://www.sat1.ch')”) => Error: No automatic fix found for this entry.
                                                          (host == "rsi.ch") => Error: No automatic fix found for this entry.
                                                          (host == "[www.rsi.ch]('http://www.rsi.ch')“) => Error: No automatic fix found for this entry.
                                                          (host == "codch-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "il.srgssr.ch") => Error: No automatic fix found for this entry.
                                                          (host == "ch.viva.tv") => Error: No automatic fix found for this entry.
                                                          (host == "intl.esperanto.mtvi.com") => Error: No automatic fix found for this entry.
                                                          (url.indexOf("proxmate=ch") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "zattoo.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.srf.ch]('http://www.srf.ch')”) => Error: No automatic fix found for this entry.
                                                          (host == "srgssruni1ch-lh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "srgssruni2ch-lh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "srgssruni3ch-lh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "[www.teleboy.ch]('http://www.teleboy.ch')“) => Error: No automatic fix found for this entry.
                                                          (host == "aka-cdn-ns.adtech.de") => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY ch-node.proxmate.me:8008’ } else if ((host == "c.brightcove.com") => No running process found
                                                          (host == "secure.brightcove.com") => Error: No automatic fix found for this entry.
                                                          (host == "metrics.brightcove.com") => Error: No automatic fix found for this entry.
                                                          (host == "stv-ak.cds1.yospace.com") => Error: No automatic fix found for this entry.
                                                          (host == "core.stvfiles.com") => Error: No automatic fix found for this entry.
                                                          (host == "player.stv.tv") => Error: No automatic fix found for this entry.
                                                          (host == "stv.brightcove.com.edgesuite.net") => Error: No automatic fix found for this entry.
                                                          (host == "uk-dev-stv.cdn.videoplaza.tv") => Error: No automatic fix found for this entry.
                                                          (host == "mercury.itv.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.itv.com]('http://www.itv.com')”) => Error: No automatic fix found for this entry.
                                                          (host == "itv.com") => Error: No automatic fix found for this entry.
                                                          (host == "llnw.live.btv.simplestream.com") => Error: No automatic fix found for this entry.
                                                          (host == "players.simplestream.com") => Error: No automatic fix found for this entry.
                                                          (host == "uapi.simplestream.com") => Error: No automatic fix found for this entry.
                                                          (host == "channel5.com") => Error: No automatic fix found for this entry.
                                                          (host == "wwwcdn.channel5.com") => Error: No automatic fix found for this entry.
                                                          (host == "cassie.channel5.com") => Error: No automatic fix found for this entry.
                                                          (host == "player.channel5.com") => Error: No automatic fix found for this entry.
                                                          (host == "deliver-hls.channel5.com") => Error: No automatic fix found for this entry.
                                                          (host == "akahls.channel5.com") => Error: No automatic fix found for this entry.
                                                          (host == "llnwhls.channel5.com") => Error: No automatic fix found for this entry.
                                                          (host == "milkshake.tv") => Error: No automatic fix found for this entry.
                                                          (host == "[www.milkshake.tv]('http://www.milkshake.tv')“) => Error: No automatic fix found for this entry.
                                                          (host == "trk-euwest.tidaltv.com") => Error: No automatic fix found for this entry.
                                                          (host == "mp.adverts.itv.com") => Error: No automatic fix found for this entry.
                                                          (host == "req.tidaltv.com") => Error: No automatic fix found for this entry.
                                                          (host == "s1.2mdn.net") => Error: No automatic fix found for this entry.
                                                          (host == "pes.itv.com") => Error: No automatic fix found for this entry.
                                                          (host == "ned.itv.com") => Error: No automatic fix found for this entry.
                                                          (host == "itvdotcom.2cnt.net") => Error: No automatic fix found for this entry.
                                                          (host == "tom.itv.com") => Error: No automatic fix found for this entry.
                                                          (host == "dave.uktv.co.uk") => Error: No automatic fix found for this entry.
                                                          (host == "uktvplay.uktv.co.uk") => Error: No automatic fix found for this entry.
                                                          (host == "uktvhdse.brightcove.com.edgesuite.net") => Error: No automatic fix found for this entry.
                                                          (host == "admin.brightcove.com") => Error: No automatic fix found for this entry.
                                                          (host == "really.uktv.co.uk") => Error: No automatic fix found for this entry.
                                                          (host == "yesterday.uktv.co.uk") => Error: No automatic fix found for this entry.
                                                          (host == "drama.uktv.co.uk") => Error: No automatic fix found for this entry.
                                                          (host == "live.tvplayer.com") => Error: No automatic fix found for this entry.
                                                          (host == "tvplayer.com") => Error: No automatic fix found for this entry.
                                                          (host == "sapi.tvplayer.com") => Error: No automatic fix found for this entry.
                                                          (host == "api.tvplayer.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.gamefront.com]('http://www.gamefront.com')”) => Error: No automatic fix found for this entry.
                                                          (url.indexOf("proxmate=uk") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "channel4.com") => Error: No automatic fix found for this entry.
                                                          (host == "ais.channel4.com") => Error: No automatic fix found for this entry.
                                                          (host == "pandr.my.channel4.com") => Error: No automatic fix found for this entry.
                                                          (host == "all4nav.channel4.com") => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY uk-node.proxmate.me:8008’ } else if ((host == "link.theplatform.com") => No running process found
                                                          (host == "discidevflash-f.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "api.geoip.dp.discovery.com") => Error: No automatic fix found for this entry.
                                                          (host == "vidtech.cbsinteractive.com") => Error: No automatic fix found for this entry.
                                                          (host == "vidtech.cbsima.com") => Error: No automatic fix found for this entry.
                                                          (host == "om.cbsi.com") => Error: No automatic fix found for this entry.
                                                          (host == "media.mtvnservices.com") => Error: No automatic fix found for this entry.
                                                          (host == "api-manga.crunchyroll.com") => Error: No automatic fix found for this entry.
                                                          (host == "crunchyroll.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.crunchyroll.com]('http://www.crunchyroll.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "cdn.wwtv.warnerbros.com") => Error: No automatic fix found for this entry.
                                                          (host == "hlsioscwtv.warnerbros.com") => Error: No automatic fix found for this entry.
                                                          (host == "media.cwtv.com") => Error: No automatic fix found for this entry.
                                                          (host == "servicesaetn-a.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "live.mlssoccer.com") => Error: No automatic fix found for this entry.
                                                          (host == "tvewnbc-i.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "tvenbceast-i.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "nbcmpx-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "[www.pandora.com]('http://www.pandora.com')”) => Error: No automatic fix found for this entry.
                                                          (host == "video.pbs.org") => Error: No automatic fix found for this entry.
                                                          (host == "ga.video.cdn.pbs.org") => Error: No automatic fix found for this entry.
                                                          (host == "urs.pbs.org") => Error: No automatic fix found for this entry.
                                                          (host == "play.spotify.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.spotify.com]('http://www.spotify.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "play.spotify.edgekey.net") => Error: No automatic fix found for this entry.
                                                          (host == "[www.iheart.com]('http://www.iheart.com')”) => Error: No automatic fix found for this entry.
                                                          (host == "api2.iheart.com") => Error: No automatic fix found for this entry.
                                                          (host == "api.iheart.com") => Error: No automatic fix found for this entry.
                                                          (host == "iheart.com") => Error: No automatic fix found for this entry.
                                                          (host == "nick.mtvnimages.com") => Error: No automatic fix found for this entry.
                                                          (host == "sni-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (url.indexOf("proxmate=us") != -1) => Error: No automatic fix found for this entry.
                                                          (url.indexOf(".googlevideo.com") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "api.segment.io") => Error: No automatic fix found for this entry.
                                                          (host == "[www.vevo.com]('http://www.vevo.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "vevo.com") => Error: No automatic fix found for this entry.
                                                          (host == "apiv2.vevo.com") => Error: No automatic fix found for this entry.
                                                          (host == "songza.com") => Error: No automatic fix found for this entry.
                                                          (host == "new.songza.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.daisuki.net]('http://www.daisuki.net')”) => Error: No automatic fix found for this entry.
                                                          (host == "bngn-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "bngnwww.b-ch.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.hbogo.com]('http://www.hbogo.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "catalog.lv3.hbogo.com") => Error: No automatic fix found for this entry.
                                                          (host == "profile.lv3.hbogo.com") => Error: No automatic fix found for this entry.
                                                          (host == "profile.hbogo.com") => Error: No automatic fix found for this entry.
                                                          (url.indexOf(".lv3.hbogo.com") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "register.hbogo.com") => Error: No automatic fix found for this entry.
                                                          (host == "play.hbogo.com") => Error: No automatic fix found for this entry.
                                                          (host == "smetrics.hbogo.com") => Error: No automatic fix found for this entry.
                                                          (url.indexOf(".lv3.cdn.hbo.com") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "comet.api.hbo.com") => Error: No automatic fix found for this entry.
                                                          (host == "play.google.com") => Error: No automatic fix found for this entry.
                                                          (host == "checkout.google.com") => Error: No automatic fix found for this entry.
                                                          (host == "store.google.com") => Error: No automatic fix found for this entry.
                                                          (host == "apis.google.com") => Error: No automatic fix found for this entry.
                                                          (host == "amc350888def-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "a564avoddashnsus-a.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "atv-ps.amazon.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.amazon.com]('http://www.amazon.com')”) => Error: No automatic fix found for this entry.
                                                          (host == "amazon.com") => Error: No automatic fix found for this entry.
                                                          (host == "fls-na.amazon.com") => Error: No automatic fix found for this entry.
                                                          (host == "phds-vod.cdn.turner.com") => Error: No automatic fix found for this entry.
                                                          (host == "token.vgtf.net") => Error: No automatic fix found for this entry.
                                                          (host == "[www.ondemandkorea.com]('http://www.ondemandkorea.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "[www.fxnetworks.com]('http://www.fxnetworks.com')”) => Error: No automatic fix found for this entry.
                                                          (host == "fxvcms-f.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "tvetelemundo-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "feed.theplatform.com") => Error: No automatic fix found for this entry.
                                                          (host == "fsvideohds-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "watchable.com") => Error: No automatic fix found for this entry.
                                                          (host == "cilhlsvod-f.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "oxygenvod-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "tvesyfy-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "[www.smithsonianchannel.com]('http://www.smithsonianchannel.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "c.brightcove.com") => Error: No automatic fix found for this entry.
                                                          (host == "brightcove01.brightcove.com") => Error: No automatic fix found for this entry.
                                                          (host == "edge.api.brightcove.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.eonline.com]('http://www.eonline.com')”) => Error: No automatic fix found for this entry.
                                                          (host == "link.theplatform.com") => Error: No automatic fix found for this entry.
                                                          (host == "api.listenlive.co") => Error: No automatic fix found for this entry.
                                                          (host == "playerservices.streamtheworld.com") => Error: No automatic fix found for this entry.
                                                          (host == "player.listenlive.co") => Error: No automatic fix found for this entry.
                                                          (url.indexOf("live.streamtheworld.com") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "[www.cartoonnetwork.com]('http://www.cartoonnetwork.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "[www.viki.com]('http://www.viki.com')”) => Error: No automatic fix found for this entry.
                                                          (host == "\"[www.viki.com]('http://www.viki.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "[www.origin.com]('http://www.origin.com')”) => Error: No automatic fix found for this entry.
                                                          (host == "ht.cdn.turner.com") => Error: No automatic fix found for this entry.
                                                          (host == "aolvideoshd-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "syn.5min.com") => Error: No automatic fix found for this entry.
                                                          (host == "stvideos.5min.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.showtime.com]('http://www.showtime.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "secure.showtime.com") => Error: No automatic fix found for this entry.
                                                          (url.indexOf(".vgtf.net") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "phds-live.cdn.turner.com") => Error: No automatic fix found for this entry.
                                                          (host == "api.amplitude.com") => Error: No automatic fix found for this entry.
                                                          (host == "order.rhapsody.com") => Error: No automatic fix found for this entry.
                                                          (host == "payment.rhapsody.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.pivot.tv]('http://www.pivot.tv')”) => Error: No automatic fix found for this entry.
                                                          (host == "js.maxmind.com") => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY us-node.proxmate.me:8008’ } else if ((host == "livestreams.omroep.nl") => No running process found
                                                          (host == ".npostreaming.nl") => Error: No automatic fix found for this entry.
                                                          (host == "ida.omroep.nl") => Error: No automatic fix found for this entry.
                                                          (host == "npoplayer.omroep.nl") => Error: No automatic fix found for this entry.
                                                          (host == "[www.zapp.nl]('http://www.zapp.nl')“) => Error: No automatic fix found for this entry.
                                                          (host == "tellerapi.omroep.nl") => Error: No automatic fix found for this entry.
                                                          (host == "e.omroep.nl") => Error: No automatic fix found for this entry.
                                                          (url.indexOf("proxmate=nl") != -1)) { return ‘PROXY nl-node.proxmate.me:8008’ } else if ((host == "tvthek.orf.at") => Error: No automatic fix found for this entry.
                                                          (host == "apasfiisl.apa.at") => Error: No automatic fix found for this entry.
                                                          (host == "orf.oewabox.at") => Error: No automatic fix found for this entry.
                                                          (host == "194.232.200.58") => Error: No automatic fix found for this entry.
                                                          (host == "185.85.28.1") => Error: No automatic fix found for this entry.
                                                          (host == "atvplus.oewabox.at") => Error: No automatic fix found for this entry.
                                                          (host == "cdn.atv.at") => Error: No automatic fix found for this entry.
                                                          (url.indexOf("proxmate=at") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "hdsvodsportsman-vh.akamaihd.net") => Error: No automatic fix found for this entry.
                                                          (host == "streamaccess.unas.tv") => Error: No automatic fix found for this entry.
                                                          (host == "[www.laola1.tv]('http://www.laola1.tv')”) => Error: No automatic fix found for this entry.
                                                          (host == "[www.livestation.com]('http://www.livestation.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "livestation.com") => Error: No automatic fix found for this entry.
                                                          (url.indexOf(".emigrantas.tv") != -1)) { return ‘PROXY at-node.proxmate.me:8008’ } else if ((host == "netflix.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.netflix.com]('http://www.netflix.com')”) => Error: No automatic fix found for this entry.
                                                          (host == "cbp-us.nccp.netflix.com") => Error: No automatic fix found for this entry.
                                                          (host == "secure.netflix.com") => Error: No automatic fix found for this entry.
                                                          (host == "api-global.netflix.com") => Error: No automatic fix found for this entry.
                                                          (host == "ichnaea.netflix.com") => Error: No automatic fix found for this entry.
                                                          (host == "customerevents.netflix.com") => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY usnet-node.proxmate.me:8008’ } else if ((host == "s.hulu.com") => No running process found
                                                          (host == "[www.funimation.com]('http://www.funimation.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "wpc.8c48.edgecastcdn.net") => Error: No automatic fix found for this entry.
                                                          (host == "southpark.cc.com") => Error: No automatic fix found for this entry.
                                                          (host == "api.utils.watchabc.go.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.dramafever.com]('http://www.dramafever.com')”) => Error: No automatic fix found for this entry.
                                                          (host == "[www.logotv.com]('http://www.logotv.com')“) => Error: No automatic fix found for this entry.
                                                          (host == "api.watchabc.go.com") => Error: No automatic fix found for this entry.
                                                          (host == "theanimenetwork.com") => Error: No automatic fix found for this entry.
                                                          (host == "huluim.com") => Error: No automatic fix found for this entry.
                                                          (host == "[www.hulu.com]('http://www.hulu.com')”) => Error: No automatic fix found for this entry.
                                                          (host == "t2.hulu.com") => Error: No automatic fix found for this entry.
                                                          (host == "urlcheck.hulu.com") => Error: No automatic fix found for this entry.
                                                          (host == "t.hulu.com") => Error: No automatic fix found for this entry.
                                                          (host == "s.hulu.com") => Error: No automatic fix found for this entry.
                                                          (host == "play.hulu.com") => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY ush-node.proxmate.me:8008’ } else if ((host == "player.ooyala.com") => No running process found
                                                          { return ‘PROXY auv-node.proxmate.me:8008’ } else if ((host == "web-api-us.crackle.com") => No running process found
                                                          { return ‘PROXY us2-node.proxmate.me:8008’ } else if ((host == "counter.yadro.ru") => No running process found
                                                          (host == "turbik.tv") => Error: No automatic fix found for this entry.
                                                          (host == "player.rutv.ru") => Error: No automatic fix found for this entry.
                                                          (host == "api.rutv.ru") => Error: No automatic fix found for this entry.
                                                          (host == "cdnng.v.rtr-vesti.ru") => Error: No automatic fix found for this entry.
                                                          (host == "player.vgtrk.com") => Error: No automatic fix found for this entry.
                                                          (url.indexOf("proxmate=ru") != -1) => Error: No automatic fix found for this entry.
                                                          (host == "stream.1tv.ru") => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY ru-node.proxmate.me:8008’ } else if ((host == "security.video.globo.com") => No running process found
                                                          (host == "api.globovideos.com") => Error: No automatic fix found for this entry.
                                                          (host == "s.videos.globo.com") => Error: No automatic fix found for this entry.
                                                          (host == "gshow.globo.com") => Error: No automatic fix found for this entry.
                                                          (host == "voddownload02.video.globo.com") => Error: No automatic fix found for this entry.
                                                          (host == "secure.nuuvem.com") => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY br-node.proxmate.me:8008’ } else if ((host == "[www.bbc.co.uk]('http://www.bbc.co.uk')“) => No running process found
                                                          (host == "open.live.bbc.co.uk") => Error: No automatic fix found for this entry.
                                                          (host == "fig.bbc.co.uk") => Error: No automatic fix found for this entry.
                                                          (host == "vod-hds-uk-live.edgesuite.net") => Error: No automatic fix found for this entry.
                                                          (host == "vod-hds-uk-live.bbcfmt.vo.llnwd.net") => Error: No automatic fix found for this entry.
                                                          (host == "vs-hds-uk-live.bbcfmt.vo.llnwd.net") => Error: No automatic fix found for this entry.
                                                          (host == "vs-hds-uk-live.edgesuite.net") => Error: No automatic fix found for this entry.
                                                          { return ‘PROXY ukb-node.proxmate.me:8008’ } else { return ‘DIRECT’; }}” => No running process found
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          Firefox Proxy settings were reset.
                                                          HKCR\PROTOCOLS\Handler\tmtbim => key not found.
                                                          HKCR\CLSID{0B37915C-8B98-4B9E-80D4-464D2C830D10} => key not found.
                                                          HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{97ab88ef-346b-4179-a0b1-7445896547a5} => value removed successfully
                                                          HKCR\CLSID{97ab88ef-346b-4179-a0b1-7445896547a5} => key not found.
                                                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} => value removed successfully
                                                          HKCR\Wow6432Node\CLSID{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} => key not found.
                                                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{97ab88ef-346b-4179-a0b1-7445896547a5} => value removed successfully
                                                          HKCR\Wow6432Node\CLSID{97ab88ef-346b-4179-a0b1-7445896547a5} => key not found.
                                                          HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => key removed successfully
                                                          HKCR\Wow6432Node\CLSID{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => key not found.
                                                          HKLM\SOFTWARE\Policies\Microsoft\Internet Traveller: Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Policies\Microsoft\Internet Traveller: Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
                                                          HKLM\Software\Microsoft\Internet Traveller\Main,Start Page = about:blank => Error: No automatic fix found for this entry.
                                                          HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Start Page = about:blank => Error: No automatic fix found for this entry.
                                                          HKLM\Software\Microsoft\Internet Traveller\Main,Search Page = => Error: No automatic fix found for this entry.
                                                          HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Search Page = => Error: No automatic fix found for this entry.
                                                          HKLM\Software\Microsoft\Internet Traveller\Main,Default_Page_URL = => Error: No automatic fix found for this entry.
                                                          HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Default_Page_URL = => Error: No automatic fix found for this entry.
                                                          HKLM\Software\Microsoft\Internet Traveller\Main,Default_Search_URL = => Error: No automatic fix found for this entry.
                                                          HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Default_Search_URL = => Error: No automatic fix found for this entry.
                                                          HKLM\Software\Microsoft\Internet Traveller\Main,Local Page = => Error: No automatic fix found for this entry.
                                                          HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Local Page = => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Internet Traveller\Main,Start Page = about:blank => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value removed successfully
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{56B90406-7F40-474C-AC73-88B4F2C484EF} => key removed successfully
                                                          HKCR\CLSID{56B90406-7F40-474C-AC73-88B4F2C484EF} => key not found.
                                                          HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{54997AEA-6BE5-4B1D-AA3A-01377EAF9D27}\DhcpNameServer => value removed successfully
                                                          HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{7B4C56F8-54B9-49AE-AC24-2E617300C9FC}\DhcpNameServer => value removed successfully
                                                          HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{98FE26F2-9E79-4C35-8D23-4F5B94D8526A}\DhcpNameServer => value removed successfully
                                                          HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local\ActivePolicy => value removed successfully
                                                          C:\Windows\system32\GroupPolicy\Machine => moved successfully
                                                          C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
                                                          C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
                                                          C:\Windows\system32\GroupPolicy\User => moved successfully
                                                          “C:\Windows\system32\GroupPolicy\Machine” => not found.
                                                          HKLM\SOFTWARE\Policies\Google => key removed successfully
                                                          C:\Program Files (x86)\Common Files\wruninstall.exe => not found.
                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk => moved successfully
                                                          C:\Program Files (x86)\Common Files\wruninstall.exe => not found.
                                                          HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers"Drop boxExt1" => key removed successfully
                                                          HKCR\Wow6432Node\CLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers"Drop boxExt2" => key removed successfully
                                                          HKCR\Wow6432Node\CLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers"Drop boxExt3" => key removed successfully
                                                          HKCR\Wow6432Node\CLSID{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers"Drop boxExt4" => key removed successfully
                                                          HKCR\Wow6432Node\CLSID{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers"Drop boxExt5" => key removed successfully
                                                          HKCR\Wow6432Node\CLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers"Drop boxExt6" => key removed successfully
                                                          HKCR\Wow6432Node\CLSID{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers"Drop boxExt7" => key removed successfully
                                                          HKCR\Wow6432Node\CLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers"Drop boxExt8" => key removed successfully
                                                          HKCR\Wow6432Node\CLSID{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\1aCopyShExtError => key removed successfully
                                                          HKCR\CLSID{83BEA36E-7680-4598-A4DF-994426F6E78D} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\2aCopyShExtSynce d => key removed successfully
                                                          HKCR\CLSID{845B7388-6F85-4F32-9FD5-F02DC7882B89} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\3aCopyShExtSynci ng => key removed successfully
                                                          HKCR\CLSID{F6378A7A-F753-449B-AE1B-997A96132E61} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\4aCopyShExtSynci ngProg1 => key removed successfully
                                                          HKCR\CLSID{3A511828-777D-46F8-82F4-5B530C1B3D9E} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\5aCopyShExtSynci ngProg2 => key removed successfully
                                                          HKCR\CLSID{C8C88204-5B14-40EC-BA72-8AEBC762047E} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\6aCopyShExtSynci ngProg3 => key removed successfully
                                                          HKCR\CLSID{ACFF45C3-3EEB-4351-86C2-6696BA264239} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\7aCopyShExtSynci ngProg4 => key removed successfully
                                                          HKCR\CLSID{29AF997F-488B-46F0-AE78-7146F1B89CC3} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\8aCopyShExtSynci ngProg5 => key removed successfully
                                                          HKCR\CLSID{03F9AD29-1C78-4B66-8890-B177B5430C53} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers"DropboxExt1" => key removed successfully
                                                          HKCR\CLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers"DropboxExt2" => key removed successfully
                                                          HKCR\CLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers"DropboxExt3" => key removed successfully
                                                          HKCR\CLSID{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers"DropboxExt4" => key removed successfully
                                                          HKCR\CLSID{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers"DropboxExt5" => key removed successfully
                                                          HKCR\CLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers"DropboxExt6" => key removed successfully
                                                          HKCR\CLSID{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers"DropboxExt7" => key removed successfully
                                                          HKCR\CLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers"DropboxExt8" => key removed successfully
                                                          HKCR\CLSID{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
                                                          HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\C opy => value removed successfully
                                                          HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\o oVoo.exe => value removed successfully
                                                          HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\G arminExpressTrayApp => value removed successfully
                                                          HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\DisableCMD => value removed successfully
                                                          HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\NoDispAppearancePage => value removed successfully
                                                          HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\NoDispBackgroundPage => value removed successfully
                                                          HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\NoDispSettingsPage => value removed successfully
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoViewOnDrive] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [DisableLocalMachineRun] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [DisableLocalMachineRunOnce] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [DisableCurrentUserRun] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [DisableCurrentUserRunOnce] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoViewContextMenu] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoShellSearchButton] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoFind] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoFile] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [HideClock] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoTrayContextMenu] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoTrayItemsDisplay] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoSetFolders] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoDevMgrUpdate] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoSetTaskbar] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoDeletePrinter] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoDFSTab] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoChangeStartMenu] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoLogoff] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoWindowsUpdate] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoEncryptOnMove] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoRunasInstallPrompt] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoResolveSearch] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoSaveSettings] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoHardwareTab] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-18...\Policies\Traveller: [NoStartMenuSubFolders] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Windows\CurrentVersion\Pol icies\system\DisableCMD => value removed successfully
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Windows\CurrentVersion\Pol icies\system\NoDispAppearancePage => value removed successfully
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Windows\CurrentVersion\Pol icies\system\NoDispSettingsPage => value removed successfully
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [DisableLocalMachineRun] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [DisableLocalMachineRunOnce] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [DisableCurrentUserRun] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [DisableCurrentUserRunOnce] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoViewContextMenu] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoShellSearchButton] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [HideClock] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoTrayItemsDisplay] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoDevMgrUpdate] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoDeletePrinter] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoDFSTab] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoWindowsUpdate] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoEncryptOnMove] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoRunasInstallPrompt] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoResolveSearch] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoSaveSettings] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoHardwareTab] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001...\Policies\Traveller: [NoStartMenuSubFolders] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2{8185036d-bf50-11e5-82f9-14feb5c3027f} => key removed successfully
                                                          HKCR\CLSID{8185036d-bf50-11e5-82f9-14feb5c3027f} => key not found.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2{b491a930-679a-11e3-825e-00dbdf2de1f9} => key removed successfully
                                                          HKCR\CLSID{b491a930-679a-11e3-825e-00dbdf2de1f9} => key not found.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2{e5212153-5f05-11e3-8251-806e6f6e6963} => key removed successfully
                                                          HKCR\CLSID{e5212153-5f05-11e3-8251-806e6f6e6963} => key not found.
                                                          HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Windows\CurrentVersion\Run \Google Update => value removed successfully
                                                          HKLM...\Policies\Traveller: [DisableLocalMachineRun] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [DisableLocalMachineRunOnce] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [DisableCurrentUserRun] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [DisableCurrentUserRunOnce] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [NoViewContextMenu] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [NoShellSearchButton] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [HideClock] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [NoTrayItemsDisplay] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [NoDevMgrUpdate] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [NoDeletePrinter] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [NoDFSTab] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [NoWindowsUpdate] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [NoEncryptOnMove] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [NoRunasInstallPrompt] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [NoResolveSearch] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [NoSaveSettings] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [NoHardwareTab] 0 => Error: No automatic fix found for this entry.
                                                          HKLM...\Policies\Traveller: [NoStartMenuSubFolders] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\DisableCMD => value removed successfully
                                                          HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\NoDispAppearancePage => value removed successfully
                                                          HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\NoDispBackgroundPage => value removed successfully
                                                          HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\NoDispSettingsPage => value removed successfully
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoViewOnDrive] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [DisableLocalMachineRun] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [DisableLocalMachineRunOnce] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [DisableCurrentUserRun] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [DisableCurrentUserRunOnce] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoViewContextMenu] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoShellSearchButton] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoFind] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoFile] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [HideClock] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoTrayContextMenu] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoTrayItemsDisplay] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoSetFolders] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoDevMgrUpdate] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoSetTaskbar] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoDeletePrinter] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoDFSTab] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoChangeStartMenu] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoLogoff] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoWindowsUpdate] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoEncryptOnMove] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoRunasInstallPrompt] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoResolveSearch] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoSaveSettings] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoHardwareTab] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-19...\Policies\Traveller: [NoStartMenuSubFolders] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\DisableCMD => value removed successfully
                                                          HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\NoDispAppearancePage => value removed successfully
                                                          HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\NoDispBackgroundPage => value removed successfully
                                                          HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Polic ies\system\NoDispSettingsPage => value removed successfully
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoViewOnDrive] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [DisableLocalMachineRun] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [DisableLocalMachineRunOnce] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [DisableCurrentUserRun] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [DisableCurrentUserRunOnce] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoViewContextMenu] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoShellSearchButton] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoFind] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoFile] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [HideClock] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoTrayContextMenu] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoTrayItemsDisplay] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoSetFolders] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoDevMgrUpdate] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoSetTaskbar] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoDeletePrinter] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoDFSTab] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoChangeStartMenu] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoLogoff] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoWindowsUpdate] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoEncryptOnMove] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoRunasInstallPrompt] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoResolveSearch] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoSaveSettings] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoHardwareTab] 0 => Error: No automatic fix found for this entry.
                                                          HKU\S-1-5-20...\Policies\Traveller: [NoStartMenuSubFolders] 0 => Error: No automatic fix found for this entry.
                                                          HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .txt.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .avi.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%**.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp3.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%*.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xlsx.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .bmp.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp3.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wma.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xlsx.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .docx.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpg.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wmv.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%**.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%**.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rar.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rar.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .txt.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .doc.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .avi.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp4.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpg.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pub.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp3.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wma.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%*.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pptx.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pub.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pdf.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp3.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xls.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .png.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pptx.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .ppt.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .png.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .docx.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .doc.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: C:\Users*.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xlsx.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .gif.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pdf.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%*.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wmv.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .doc.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%*.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rtf.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wav.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .png.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wma.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp3.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .7z.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pdf.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%**.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .docx.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pub.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%*.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%*.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .gif.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpg.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xls.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpeg.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%*.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pub.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rtf.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .ppt.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp4.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%*.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpg.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .docx.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .avi.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rtf.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wma.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpeg.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wma.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .zip.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .avi.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: C:\Users*.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .avi.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .bmp.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .ppt.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp3.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xls.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .txt.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pdf.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programfiles(x86)%*\svchost.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rtf.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%**.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rar.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .zip.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp4.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpeg.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: C:\Users*.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pub.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpeg.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pub.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rtf.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wmv.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .avi.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .png.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wav.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .gif.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpg.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: C:\Users*.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpeg.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .zip.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%*.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pptx.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: C:\Users*.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpeg.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%*.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .divx.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .divx.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rar.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: ** <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wma.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .bmp.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .doc.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%*.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pdf.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wav.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%*.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%*.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pdf.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .txt.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rtf.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wmv.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rtf.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xls.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .docx.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .txt.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wav.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .divx.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rar.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xlsx.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wma.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp4.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .doc.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .7z.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%*.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%*.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wav.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpeg.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .7z.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .png.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .bmp.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xlsx.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pub.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .png.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wmv.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .txt.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%**.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%*.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .gif.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pptx.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .gif.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xls.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rar.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wav.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xlsx.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .bmp.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rar.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xls.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .ppt.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IE Update*.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%*\svchost.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pub.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pptx.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wmv.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .doc.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .txt.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .zip.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: *:$Recycle.Bin <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pptx.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .docx.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wmv.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: C:\Users*.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .avi.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .zip.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%*.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %systemdrive%*\svchost.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .txt.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .gif.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%**.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%*.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp4.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .7z.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp4.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wmv.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xlsx.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .png.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pptx.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: C:\Users*.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .divx.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wma.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .divx.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .avi.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wav.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .bmp.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%**.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .ppt.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%*.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%*.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .wav.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .zip.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpeg.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%*.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .docx.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp4.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .7z.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xlsx.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pptx.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .zip.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .zip.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpg.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .7z.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pdf.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xls.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp4.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%*.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .docx.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup*.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rtf.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .rar.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .7z.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .xls.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .doc.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .gif.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow*.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpg.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .divx.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp3.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .ppt.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %programfiles%*\svchost.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .ppt.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %allusersprofile%*.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming**.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming*.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .divx.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .bmp.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%*.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .mp3.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup*.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.scr <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .bmp.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .ppt.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .gif.pif <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %appdata%*.cmd <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\Local*.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData*.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.jse <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .jpg.bat <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .divx.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .pdf.js <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .doc.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow**.com <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .7z.exe <====== ATTENTION => restored successfully
                                                          HKLM Group Policy restriction on software: .png.exe <====== ATTENTION => restored successfully
                                                          HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\SunJavaUpdateSched => value not found.

                                                          ========= RD /S /Q %WinDir%\System32\GroupPolicyUsers =========

                                                          ========= End of CMD: =========

                                                          ========= RD /S /Q %WinDir%\System32\GroupPolicy =========

                                                          ========= End of CMD: =========

                                                          ========= RD /S /Q %WinDir%\SysWOW64\GroupPolicyUsers =========

                                                          ========= End of CMD: =========

                                                          ========= RD /S /Q %WinDir%\SysWOW64\GroupPolicy =========

                                                          ========= End of CMD: =========

                                                          ========= RD /S /Q %WinDir%\SysNative\GroupPolicyUsers =========

                                                          The system cannot find the path specified.

                                                          ========= End of CMD: =========

                                                          ========= RD /S /Q %WinDir%\SysNative\GroupPolicy =========

                                                          The system cannot find the path specified.

                                                          ========= End of CMD: =========

                                                          ========= gpupdate /force =========

                                                          Updating policy…

                                                          Computer Policy update has completed successfully.

                                                          User Policy update has completed successfully.

                                                          ========= End of CMD: =========

                                                          ========= bitsadmin /reset /allusers =========

                                                          BITSADMIN version 3.0 [ 7.7.9600 ]
                                                          BITS administration utility.
                                                          (C) Copyright 2000-2006 Microsoft Corp.

                                                          BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
                                                          Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

                                                          Unable to cancel {46BD48A5-CD80-45E0-B4AD-B14688AD27BE}.
                                                          0 out of 1 jobs canceled.

                                                          ========= End of CMD: =========

                                                          ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f =========

                                                          The operation completed successfully.

                                                          ========= End of Reg: =========

                                                          ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f =========

                                                          The operation completed successfully.

                                                          ========= End of Reg: =========

                                                          ========= netsh advfirewall reset =========

                                                          Ok.

                                                          ========= End of CMD: =========

                                                          ========= netsh advfirewall set allprofiles state ON =========

                                                          Ok.

                                                          ========= End of CMD: =========

                                                          ========= ipconfig /flushdns =========

                                                          Windows IP Configuration

                                                          Successfully flushed the DNS Resolver Cache.

                                                          ========= End of CMD: =========

                                                          =========== EmptyTemp: ==========

                                                          BITS transfer queue => 16777216 B
                                                          DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6564754 B
                                                          Java, Flash, Steam htmlcache => 914 B
                                                          Windows/system/drivers => 209458152 B
                                                          Edge => 0 B
                                                          Chrome => 543675531 B
                                                          Firefox => 212319627 B
                                                          Opera => 131743379 B

                                                          Temp, IE cache, history, cookies, recent:
                                                          Default => 0 B
                                                          Users => 0 B
                                                          ProgramData => 0 B
                                                          Public => 0 B
                                                          systemprofile => 330231 B
                                                          systemprofile32 => 216009 B
                                                          LocalService => 4808 B
                                                          NetworkService => 63926146 B
                                                          Traveller => 1381725440 B
                                                          UpdatusUser => 0 B
                                                          UpdatusUser => 0 B
                                                          named => 0 B

                                                          RecycleBin => 0 B
                                                          EmptyTemp: => 2.4 GB temporary data Removed.

                                                          ================================

                                                          Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-02-2017 21:34:37)

                                                          C:\Windows\system32\Drivers\etc\hosts => Is moved successfully
                                                          Hosts restored successfully.
                                                          C:\Windows\System32\Drivers\etc\hosts => moved successfully
                                                          Hosts restored successfully.
                                                          “C:\ProgramData\WRData” => Could not move

                                                          ==== End of Fixlog 21:34:41 ====

                                                            Comment

                                                            Previous 1 2 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree